AI and Data Privacy Law: are we truly Protected by our data Shield?
1. Deepika, CLC, University of Delhi 2. Ajit Kumar, Faculty of Law, BHU 3.Pranjal Sahay, Bharti vidyapeeth university AI at a point can make human pointless as due to its usage people have stopped physical and neurological usage of their body. The physical activities of human will decrease which will impact the health of humans. Also , due to easy access of solution to problems at a certain period of time it might be possible that human will completely depend on AI and will stop using personal intelligence which will harm their neurological system. People will reduce their human interaction as AI will provide them with their emotional intelligence. It will not only harm in physical and emotional sense but also in financial sense. AI is way more efficient and efficient than human. Software like amto.ai has been developed to draft the file of a particular case in very less time against human who takes times for the procedure of drafting and there are more software present and are yet to come. Company will rely on AI for its fast working capacity which will eventually reduce the job opportunities for humans. AI has the power to create artificial environment. It can create a virtual ecosystem but this may hamper the actual natural environment. There are chances that due to AI at a certain point artificial natural resources will introduced for the survival but it will definitely impact the natural ecosystem which can be threat to living beings. Another aspect which should made forward is the infringement of privacy by AI. AI is present everywhere in the cyber world today. Be it any website or application AI collects individuals personal information which can affect the privacy. This sensitive information can be used against an individual and may create threat in personal as well as in professional life. Students use resumes generated through AI for which they have to agree certain terms and conditions which are usually overlooked. Also, while making transaction through online banking terms and conditions appears but is not taken into account. This definitely can lead to threaten to privacy of individuals. There might be possibility that these personal information can get into wrong hands which can create cyber problems like online threatening, obscenity, frauds, etc . In order to resolve the problems certain legislations has been to take control on AI. Data Privacy Law At Global Level:- Due to advancement in technology such as the advent of the AI, internet, mobile, devices and social media platforms, misuse of personal data is increasing day by day. So, the question is: how can we solve it ? To solve the problem, countries at the global level have taken some important steps, such as The European Union (EU) has passed the General Data Protection Regulation in 2018 and the USA has adopted a sectoral approach to privacy regulation and other countries such as Canada and Nigeria, have also taken steps.All these step will be discuss in following manner:- Steps taken by European Union (EU):- EU has passed the General Data Protection Regulation (GDPR) in 2018. The European Union (EU) stands at the forefront of global privacy protection with the enactment of the General Data Protection Regulation (GDPR) in 2018 (Cortez, 2020). The GDPR introduces a set of fundamental principles to govern the processing of personal data (Tamburri, 2020). It is enacted to regulate personal data and unify the data protection law across the europe. It is not bound by the territory, the GDPR applies to all the organizations. Crucially, the regulation establishes a robust framework for cross-border data transfers, promoting a unified approach to international data flows (Jiang, 2022. Okunade et al., 2023). This act contained some principles such as:- a) Fairness b) purpose limitation © Data minimization (d) Accuracy (e)Integrity and confidentiality etc. Further this act also provide some rights to the individual such as:- Right to Access Right to be forgotten Right ot be rectification Right to object Right to data portability Right to restriction of processing. In this act there is also provision regarding appointment of the Data Protection officer. The officer is required to be appointed by some organization. The main duty of the officer is to oversee the misuse of the data protection activity. In this act there is also provision of the penalties for non- compliance. Organizations can face penalties up to €20 million or 4% of their global annual turnover, whichever is higher. Steps Taken by the USA:- Unlike the EU, the United States follows a sectoral approach to privacy regulation, with laws addressing specific industries and types of data (Hartzog and Richards, 2020). Means there is no single data protection law like GDPR. The USA has adopted a sectoral approach to regulate privacy data in its country. In the usa there are lots of privacy laws such as: California consumer privacy act, provides rights to the residents of the california regarding the collection and use of their personal data.Consumer has right to know what data is being collected and for which purpose it will be used. The Health Insurance Portability and Accountability Act (HIPAA)- it deals with healthcare data. It applies for healthcare data and healthcare plans that deal with protected health information. The Children’s Online Privacy Protection Act (COPPA):-it applies to operators of websites and service providers who knowingly collect the data from children under the age of 13 years old. Before collecting the data from the children under the age of 13 years old you have to take permission from its parents. The Gramm-Leach-Bliley Act (GLBA):- it applies in financial institutions and financial institutions require establishing the privacy policy regarding the financial information of the individuals. Steps Taken by the Canada:- in Canada, data privacy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA).it is a federal law which sets some rules for how private organizations can collect, use and disclose personal information in the course of commercial activity. Further it also
