LAW AND EMERGING TECHNOLOGY

Organised by VSLLS,
VIVEKANANDA INSTITUTE OF PROFESSIONAL STUDIES

Report on the National Conference on Artificial Intelligence and

Legal Implications

Date of the Event : 7th and 8th October, 2023

Submitted by - Submitted to -
Name : Jasmine Suri Ms. Ravneet Sandhu
Semester and Section : 7L Assistant Professor, VSLLS
Enrollment number : 06417703520
Date of the Event : 8th October, 2023
Venue : Online Zoom Meeting
Theme of the Event : National Conference on Artificial Intelligence and the Legal
Implications
Esteemed Guest : Archana Gadekar, The Maharaja Sayajirao University of Baroda

The National Conference on Artificial Intelligence and the Legal Implications seeks
to provide a platform for elucidation of the roadmap that would lead to efficient and
effective development of Artificial Intelligence. It was one of the events wherein the
enlighten young minds were provided an opportunity to delve deeper into the
intricacies of Artificial Intelligence and study in detail the role it plays in shaping the
future of the mankind.

The session earmarked the in-depth examination of one of the most significant bills
that act as a regulator to form a basis of check and balance system in the application
of Artificial Intelligence in the contemporary era.

Digital Personal Data Protection Bill, 2023 is introduced as the novel legal
framework regulate privacy concerns and provide effective resolutions in case of
breach of privacy. The golden threads that bind privacy are protected in the
legislation.

CONSENT

The foundational aspect of data processing, namely consent, is expounded upon in

Sections 5, 6 and 9 of the legislation.

Section 5 places the responsibility on fiduciaries to acquire explicit consent from

Data Subjects prior to processing any of their data. This stipulates that the consent
must be free, specific, informed, unconditional, unambiguous, requiring a clear
affirmative actions, and indicating agreement for a specified purpose.
Section 6 emphasises that the obtained consent must be free, specific, informed,
unconditional, unambiguous, necessitating clear affirmative action and signifying
agreement for the specified purpose, limited to the personal data necessary for that
purpose.

Section 7 however introduces a caveat, allowing processing for purposes not

explicitly consented to, potentially enabling convert consent acquisition.
This framework for consent encounters challenges stemming from human impatience
and the widespread reluctance to thoroughly review terms and conditions.
Furthermore, the requirement assumes a mature understanding of privacy and
consent, a challenge exacerbated by varying literacy levels in India. These
complexities highlight the intricate nature of balancing data processing consent
within legal framework.

FAIRNESS AND NON-DISCRIMINATION

The concept of non-discrimination in data processing involves the proactive

mitigation of biases in technology, especially when the data is employed for decisions
that have a direct impact on individuals. The bill mandates that data must be not only
be complete, consistent, and accurate but also aligned with the principles set forth by
the EU’s General Data Protection Regulation. This EU regulation explicitly
emphasises the need for safeguards against discrimination in the utilisation of data.
This nuanced approach underscores the legislation’s commitment to fostering fairness
and equity in the realm of data processing.

Equilibrium in data processing fairness necessitates a careful alignment between user

expectations and the utilisation of precise and pertinent data. This foundational
principle is intricately linked to transparency and purpose limitation, as expounded in
Section 4 of the bill.

In accordance with the legislation processing must adhere to the purposes explicitly
consented to by the data subject, thereby ensuring lawful and ethically sound usage.
Section 7 further elaborates on the specific legitimate purposes for which consent is
either required or not, thereby contributing significantly to the overarching fairness
mandate.

DATA MINIMISATION

The pivotal concept of data minimisation, aimed at constraining data collection to the
necessary scope of processing, finds is expression in Section 6(1) and 8(7) of the
legislation.
Section 6(1) places limitations on the consent granted by Data Subjects to only
include essential for the intended purpose.

Section 8(7) states the responsibility of Data Fiduciaries to expunge personal data
upon withdrawal of consent or the fulfilment of the intended purpose.

The effective implementation of data minimisation necessitates a careful delineation

of the nature and volume of the required data, presenting challenges, particularly in
the context of artificial intelligence (AI). Businesses operating in the AI realm may
need robust governance systems to define information requirements and manage
retention schedules. However, profit-driven enterprises might seek ways to bypass
these legal requirements.

Explicit legal mandates for governance systems, beyond the general obligations are
provided in the legislation. Section 5 explicitly provides rules and regulations to
regulate governance systems ensuring robust adherence to the provisions articulated
in the legislation. The enhanced legal emphasis on governance systems play a crucial
role in facilitating the effective implementation of data minimisation principles.

TRANSPARENCY

Transparency stands as a fundamental aspect of the right to information, manifested

through the disclosure of details regarding the purpose, procedures and outcomes of
data processing.

Section 5 and 11 of the legislation specifically delve into the realm of transparency.
Section 5 mandates that fiduciaries furnish a comprehensive notice to subjects prior
to processing, while Section 11 empowers subjects to request information regarding
the utilisation of their data.
Transparency in the context of Artificial Intelligence (AI) introduces distinct
challenges, especially in formulating notices that cater to individuals who may not be
well-versed in technical jargon. Striking a balance between brevity and completeness
in these notices becomes crucial, particularly when AI models draw conclusions that
may not be immediately understandable to non-developers.

The absence of explicit provisions in the legislation to safeguard the intellectual

property rights of AI developers contrasts with the European Union’s General Data
Protection Regulation, which explicitly addresses transparency.

This creates a noticeable gap in the legal framework, prompting the need for
additional considerations in the development of comprehensive data protection
legislation and addressing this gap becomes imperative for ensuring a more robust
and holistic approach to safeguarding both data subjects’ rights and the intellectual
property rights of AI developers. The session concluded with presentation of various
papers on crucial issues which related to Artificial Intelligence and provided efficient
and effective solutions to the challenges posed by its application.