India’s rapid expansion of AI-powered surveillance, including facial recognition at railway stations and plans for 50 AI satellites, boosts law enforcement but raises critical privacy and constitutional concerns
India’s Current Position
- India has begun deploying AI-powered facial recognition technology and CCTV surveillance in public spaces without substantial legislative debate, risk assessment, or the establishment of clear guidelines.
- Technologies like those implemented in Delhi and Hyderabad are being integrated into policing systems without publicly available rules regarding data collection, processing, or storage.
- This lack of regulation leaves room for potential misuse of data and raises concerns about national security.
- As of now, AI remains largely unregulated in India. In 2022, the government announced plans to regulate AI technologies under the forthcoming Digital India Act, but draft legislation has not yet materialized.
- This lack of regulation exposes citizens to risks such as infringement of privacy, discrimination, data breaches, potential misuse of sensitive information etc.
- India’s approach to AI adoption needs a structured regulatory framework to safeguard privacy, promote accountability, and mitigate the risks of misuse in AI-powered systems.
Enroll now for UPSC Online Course
Note: In 2019, the Indian government announced plans to create the world’s largest facial recognition system for policing. |
Legal and Constitutional Concerns Associated with AI Surveillance
- Lack of Proportional Safeguards: Data-driven governance enhances governance and crime prevention but must safeguard privacy under Article 21 of the Constitution.
- The K.S. Puttaswamy case (2017) affirmed privacy as a fundamental right, yet inadequate safeguards and incidents like the Telangana Police data breach highlight ongoing concerns.
Case Study: The Telangana Police Data Breach
- Reports revealed unauthorized access to databases from social welfare schemes like “Samagra Vedika.”
- The breach raised serious questions about the scope of data collection and the lack of transparency in its use
|
- Expansion of Principles: The right to privacy and the principle of proportionality demand that any intrusion into personal data be backed by law, pursue legitimate aims, and remain proportionate to the goal pursued.
- However, the current surveillance framework, bolstered by AI technologies, appears to stretch these principles to their limits.
- Dragnet Surveillance: It refers to the indiscriminate collection of data on a large scale, far beyond the scope of targeting specific suspects or criminals.
- This approach involves gathering information from the general population, raising concerns about privacy violations and the potential misuse of collected data.
- Concerns from Data Breaches: Incidents like the Telangana Police data breach highlight the lack of transparency in the data collection practices of law enforcement agencies and the risks posed to citizens’ privacy.
- Risks of AI Misuse Despite Laws: Even well-intentioned surveillance laws can lead to overreach and infringe on citizens’ rights, as demonstrated by Section 702 of the Foreign Intelligence Surveillance Act (FISA) in the United States.
Check Out UPSC NCERT Textbooks From PW Store
Concerns with the Digital Personal Data Protection Act (DPDPA)
- Broad Government Exemptions:
- The DPDPA, enacted in 2023, aims to regulate consent and data privacy. However, it has been criticized for providing the government with sweeping exemptions:
- Section 7(g): Waives consent requirements for processing personal data during epidemics for medical treatment.
- Section 7(i): Exempts the government from consent requirements for processing employment-related data, raising concerns about potential misuse in AI-powered surveillance.
- Section 15(c): Mandates that citizens must not suppress material information when submitting personal data, potentially leading to punitive measures for errors or outdated data, exacerbating privacy issues.
- Limited Scope of the DPDPA:
- While the Act focuses on consent mechanisms, it overlooks broader challenges posed by AI technologies:
- Fails to regulate high-risk AI activities such as facial recognition and biometric surveillance.
|
Western Countries Approach in Tackling AI Situations
India is not alone in addressing the challenges posed by AI and its impact on civil liberties. The European Union (EU) has implemented regulations that can serve as a useful guide for India.
- Risk-Based Framework: The EU’s Artificial Intelligence Act adopts a risk-based approach to AI activities, categorizing them into unacceptable, high, transparency, and minimal risk levels.
- Prohibitions and Exceptions: Activities like real-time remote biometric identification for law enforcement are prohibited under EU law due to their unacceptable risk.
- Exceptions are allowed only in specific cases, such as locating victims of serious crimes or addressing imminent threats.
- Transparency and Minimal Risk: Provisions are in place to ensure transparency for certain activities, while minimal-risk AI technologies face fewer restrictions.
Way Forward
To address the risks associated with AI-powered surveillance and ensure the protection of civil liberties, India must adopt the following measures:
- Embed Privacy Measures: Integrate robust privacy safeguards into AI and surveillance infrastructure before deployment. Surveillance protocols should include clear limits on data collection, storage, and access.
- Consent Mechanisms and Transparency:
- Implement systems for obtaining explicit consent from individuals before collecting personal data.
- Publish transparency reports detailing the purpose of data collection, time period of storage, and intended use of the data.
- Judicial Oversight:
- Ensure that exemptions for processing personal data are narrowly defined and subject to independent and effective judicial oversight.
- Establish mechanisms for regular audits to prevent misuse and maintain accountability.
Enroll now for UPSC Online Classes
Conclusion
The issue is not the use of AI in governance, but rather its unchecked application without adequate safeguards. To protect citizens’ rights and ensure responsible use of technology, a comprehensive regulatory framework is urgently required.