Rahul Matthan: Don't let data privacy safeguards work against us

The first country to seriously address the issue of protecting digital personal data was the United States of America. In a report titled Records, Computers and the Rights of Citizens issued in 1973, it set out a list of data protection principles called the Fair Information Practice Principles (FIPPs).
FIPPs required organizations to provide notice before collecting personal data and seek consent before processing it. Only as much personal data as was necessary to achieve the specified purpose could be collected, and it could only be used for the purpose specified. Organizations had to keep personal data accurate, complete and up to date, and give individuals the ability to access and amend it as required.
If all this sounds familiar, it is because it is. These principles have been incorporated into all modern data protection laws—from Europe's General Data Protection Regulation to India's Digital Personal Data Protection Act. It is where concepts like notice and consent, purpose specification, use limitation, data minimization and retention restriction come from, and it is remarkable how 50 years after they were first conceptualized, they continue to be used to protect personal privacy.
Or do they?
Also Read: Use verifiable credentials to grant us agency over our digital data
In the 1970s, our ability to process data was limited, constrained by computational power and storage capacity. As a result, very few organizations could afford to process personal information at a scale that would affect our privacy. Since companies had to be selective about what data they collected and used, it made sense to require them to constrain the uses to which they put the data and for how long they retained it.
Today, these constraints are no longer relevant. All organizations, regardless of their size or sphere of activity, use data in all aspects of their operations. Global data creation grew from about two zettabytes in 2010 to over 160 zettabytes projected in 2024. As a result, concepts like notice and consent are becoming increasingly meaningless, as it is no longer feasible to provide notice of all the different types of data processed or the many uses to which it will be put.
Advances in artificial intelligence (AI) have further complicated the issue.
If we want to benefit from all that AI has to offer, we need to give these systems access to our personal data so that they can draw inferences from it. With the ability to analyse the cumulative record of all the data that our personal fitness trackers have recorded about us, for example, AI systems may be able to use that information to infer our likelihood of contracting a disease. Those who are currently unable to access credit because they lack the traditional indicators of creditworthiness may be able to provide other indicators of their ability to repay a loan if AI systems are allowed to analyse their personal information.
Also Read: Biases aren't useless: Let's cut AI some slack on these
If we use AI systems for these purposes today, we are likely to run afoul of one or more of the data protection principles. Take, for instance, purpose specification. Since most AI use cases may not even have been conceivable when the data in question would have been collected, it is unlikely that our consent would have been obtained for it to be used in that manner. Deploying AI for these use cases would most likely require seeking fresh consent from data principals.
The other concern is around retention. Since data is only permitted to be retained for as long as necessary to serve the purpose for which it was collected, organizations that comply with the mandates of global data protection regulations have set up systems to delete personal data once their purpose has been served. In the case of healthcare data, this is unfortunate because medical AI applications rely on access to health data records over as long a period of time as possible in order to establish trends for current parameters to be evaluated against baselines. If hospitals have to delete this data as soon as the immediate purpose is served, these opportunities will not be realized.
Finally, there is the principle of data minimization, which requires us to only collect as much data as is strictly required to fulfil the specified purpose. Since AI systems perform better if they have more data on which they can be trained, the minimization obligation makes less data available for training and, as a result, limits the benefits that AI can bring.
Also Read: India must forge its own AI path amid a foundational tug of war
The approach taken by the US FIPPs to minimize the risk of privacy-harm limited the amount of personal data in the hands of the organizations that processed it. At the time, this was a reasonable approach as there was no additional benefit to be gained by allowing corporations to store our data.
This is no longer the case. The more data that AI systems have, the better the outcomes they produce. As a result, any approach that simply limits the data these systems can use trades the benefits that could accrue from data analysis for the mitigation of privacy-related risks.
I have, in previous columns, written about how new technological approaches—data anonymization and privacy-enhancing technologies—as well as institutional measures like data trusts can offer us a new approach. If we can deploy federated learnings and confidential compute systems, we should be able to use personal data without violating personal privacy.
Our current approach to data protection is now more than half a century old. It is no longer fit for purpose. We need to learn to use personal data for our benefit without causing privacy harms.
The author is a partner at Trilegal and the author of 'The Third Way: India's Revolutionary Approach to Data Governance'. His X handle is @matthan.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Hans India

21 hours ago

• Hans India

WhatsApp Begins Global Rollout of Ads, but EU Opts Out Until 2026

Meta has taken a significant step in monetising WhatsApp by rolling out advertisements across the app globally, except in the European Union. This change, announced on June 16, marks a pivotal shift for the world's most-used messaging platform, which long positioned itself as ad-free. The ads will now be visible in the Updates tab, specifically within Status—WhatsApp's version of Instagram Stories. However, for millions of users in the EU, the wait for ads will extend at least until 2026 due to regulatory delays. According to Meta, the new ads will not interfere with personal messaging. 'We believe the Updates tab is the right place for these new features,' WhatsApp clarified in a blog post. The ads will appear alongside updates from friends and family but will not intrude into personal chats, calls, or group conversations. This subtle placement is designed to balance user experience with Meta's revenue goals. As part of this broader monetisation strategy, Meta is also introducing channel subscriptions and promoted channels. Channel subscriptions will allow creators to offer exclusive content behind a paywall, while promoted channels will be highlighted in the app's Explore section, expanding reach for brands and content creators alike. Interestingly, users in the European Union won't see these ads just yet. Ireland's Data Protection Commission (DPC), which oversees Meta's EU operations, has confirmed that WhatsApp's ad model will not go live in the region before 2026. 'That new product won't be launching in the EU market until 2026. We have been informed by WhatsApp,' said Des Hogan, the Irish Data Protection Commissioner. The delay stems from concerns over compliance with the General Data Protection Regulation (GDPR), one of the world's strictest privacy laws. For users outside the EU—including India—the ads will be personalised with limited data. Meta will use location (city and country), language, and user interaction with channels to tailor content. If users have connected WhatsApp to the Meta Accounts Center, their ad preferences from Facebook and Instagram may also influence what they see. However, Meta insists that it's safeguarding user privacy. The company reiterated that it will not use private messages, calls, or group activity for ad targeting. These remain fully encrypted, and phone numbers won't be shared with advertisers. The timing of this rollout is bold, especially as Meta faces an ongoing antitrust lawsuit in the U.S. The integration of ad systems across its platforms—WhatsApp, Instagram, and Facebook—is under scrutiny, with critics arguing it reflects Meta's unchecked market power. Nonetheless, the shift signals a new chapter for WhatsApp. With 1.5 billion daily users, Meta sees enormous revenue potential. Having earned over $160 billion in ad revenue last year, the addition of WhatsApp to its ad portfolio could significantly boost earnings. Yet, it also raises questions about the future of private, clutter-free communication on the app.

India Today

a day ago

• India Today

Meta is bringing ads to WhatsApp almost everywhere, but EU is an exception: Full story in 5 points

After years of promising to keep WhatsApp ad-free, Meta has officially started rolling out advertisements inside the world's most popular messaging app. This was announced by Meta on June 16. However, in a rare exception, users in the European Union will not be seeing these changes just yet. With the new monetisation model going live almost everywhere else, the EU has pushed back, citing privacy concerns and regulatory scrutiny. Here is a breakdown of what is happening, and what this means for users ads go live almost everywhereEarlier this week, Meta confirmed that ads are now officially live inside WhatsApp's Updates tab, marking the platform's first major step towards monetisation through advertising – after denying for years that it would ever push ads on the messenger. Ads will appear in the Status section of the app, which works similarly to Instagram Stories – it shows photos, text, or videos that disappear after 24 hours. This means, ads will now appear alongside updates from friends and contacts. Importantly, Meta has clarified that ads will not appear in personal chats, messages, or groups. 'We believe the Updates tab is the right place for these new features,' WhatsApp said in a blog post. Alongside ads, Meta is also rolling out two other features to the messenger. One is channel subscriptions, which lets users pay for exclusive content from select creators, and the second is promoted channels, which will get visibility in the app's Explore users will not see ads until at least 2026 advertisementEU users are going to be an exception to the ad rollout on WhatsApp – at least for sometime. Despite a global rollout, WhatsApp users in the European Union will not see ads anytime soon. Ireland's Data Protection Commission (DPC), which oversees Meta's compliance in the region, confirmed that the new ad model has been delayed in the EU until at least 2026, according to a report by Politico. 'That new product won't be launching in the EU market until 2026. We have been informed by WhatsApp,' said Des Hogan, Ireland's Data Protection Commissioner. The DPC will now meet with WhatsApp and other European data protection authorities to review the plan before allowing its delay is widely seen as a result of Europe's stringent privacy laws, including he General Data Protection Regulation (GDPR), which sets a high bar for how companies can collect and use personal ads, but with limitsComing back to the advertisements that everyone else will be seeing, including users in India, Meta says that the WhatsApp ads will be personalised using limited information. This would include details of your city, country, language, and how you interact with channels and sponsored posts. If you have linked WhatsApp with your Meta Accounts Center, ad preferences from Facebook and Instagram may also influence what ads you the company insists that it is keeping users' core data private. Personal messages, calls, and group activity will not be used for ads targeting, and Meta says these remain fully end-to-end encrypted. It has also promised that phone numbers will not be shared or sold to advertisers. A risky bet amid a big antitrust battleThe timing of WhatsApp's ad rollout is notable – and bold. Meta is currently facing a major antitrust lawsuit in the US, which could potentially force the company to unwind its acquisitions of Instagram and WhatsApp. And now the launch of ads, especially ones that tie together data from WhatsApp, Instagram, and Facebook, may raise further questions about the company's market dominance and use of user data across has long argued that its integrated ad business supports small businesses. However, during the trial, the same integration is seen as evidence of anti-competitive behaviour. WhatsApp's big shift towards monetisationThe move to introduce ads reflects a major shift in WhatsApp's strategy. Originally designed as a private, ad-free messaging app, WhatsApp now joins Meta's other platforms – Facebook and Instagram – in generating revenue from Meta has for years been denying rumours that WhatsApp will get ads, it was also not entirely unexpected now when it rolled out because WhatsApp head Will Cathcart confirmed in 2023 that ads are in development. And if you look at it from the business side of things: with WhatsApp now boasting 1.5 billion daily users, the opportunity for revenue is enormous. Last year, Meta reportedly earned over $160 billion in advertising revenue, and now the roll out of ads to WhatsApp could help push that figure even higher. However, this also means that the platform that many users have relied on for private, interruption-free experience is becoming increasingly commercialised.

Time of India

3 days ago

• Time of India

Why India's AI future hinges on smarter data centres

Imagine building a skyscraper on sand. That's what India's AI ambitions could look like without rethinking data centres. As generative AI, 5G, and IoT explode, our digital economy's bedrock—data centres—is at a tipping of AI Data Centres in IndiaIndia's data centre market is sprinting at ~25% CAGR, fueled by AI's relentless demand for compute power. But here's the catch: while we generate 20% of global data, we hold just 3% of data centre capacity. The government's push for data localisation under the Digital Personal Data Protection Act (DPDPA) has further accelerated the establishment of local data centres, drawing significant investments from global giants like AWS, Microsoft, and Google, as well as domestic players such as Reliance Jio and Yotta Infrastructure. Recently, during the Union Budget presentation, Finance Minister Nirmala Sitharaman allocated INR 20 billion ($230 million) for the IndiaAI mission, which will be used to build AI and data centre infrastructure, including GPUs, data centres, and connectivity solutions. AI isn't just code—it's hardware. Next-generation data centres need GPU clusters, liquid cooling, optical fibre cables, connectivity solutions, and renewable energy to handle workloads that are ten times denser than traditional setups. Projects like Yotta NM1 in Navi Mumbai and CtrlS Hyderabad exemplify the shift toward AI-optimised facilities, equipped with GPU clusters, advanced cooling, and renewable energy integration. The Infrastructure Gap: A Strategic Imperative Despite this momentum, India's AI data centre infrastructure faces significant challenges: Real estate and Connectivity challenges India's major metro markets like Mumbai, Chennai, Bengaluru, and Hyderabad dominate data centre capacity but face high land costs and limited availability of suitable sites. While metros benefit from robust fibre networks, many regions beyond metropolitan areas still suffer from limited fibre availability and high latency, impeding AI workloads that require ultra-low latency and high bandwidth. Network Latency and Location Strategy AI applications require ultra-low latency to function effectively, which means data centres must be located close to end users in major metropolitan areas. However, high population density and limited land availability complicate site selection. Addressing network latency requires not only proximity but also optimised connectivity infrastructure, including carrier-neutral facilities and high-speed interconnections within and between data centres. Infrastructure Modernisation and AI-Readiness Many existing data centres in APAC were designed before the AI era and are not equipped to handle the unique demands of AI workloads. This creates a gap that new developments and upgrades must fill by incorporating AI-ready features such as higher floor loading capacity, advanced cooling systems, and enhanced network capabilities. Made in India solutions - India's data centre revolution demands locally engineered solutions to overcome unique challenges like connectivity gaps in tier 2 and 3 cities, unreliable power infrastructure, complex land acquisition hurdles, and the need for energy-efficient architectures tailored to extreme climatic conditions. This requires data centre solutions like driving demand for home-grown solutions that cater to hyper-scalable fibre backhaul, edge computing integration, etc. Charting the path forward The fundamental changes AI is bringing to data centres are truly remarkable. India's vision to become a global AI powerhouse hinges on bridging the digital infrastructure gap, requiring advanced connectivity solutions to build this infrastructure. As AI continues to take centre stage, data centres built on agile and future-proof optical fibre foundations will evolve to provide immense compute power. This transformation will enable them to meet the industry's demands, including: Agile, high-bandwidth connectivity for AI - AI workloads demand massive, low-latency data transfer within the data centre and between data centres (DCI). Legacy copper struggles with scale and distance. The industry requires high-speed, low-latency optical solutions. Pre-terminated systems ensure rapid, error-free deployment, which is crucial for scaling AI scalability and future-proofing - India's data explosion requires infrastructure that can scale exponentially. Density is key to managing space and cost. High-fibre-count optical solutions offer unparalleled fibre density for scalable inter-facility links. Pre-terminated Systems are inherently designed for easy upgrades and massive bandwidth headroom, protecting latency and high reliability - AI and real-time analytics demand near-instantaneous data movement. Innovative optical solutions compliant with international standards such as ANSI/TIA-942, TIA-568, ISO 11801 guarantee engineered reliability and signal integrity, minimising latency jitter and failure risk. India's AI future depends on a holistic approach to digital infrastructure—one that integrates advanced optical connectivity, power-efficient cooling, and scalable physical digital infrastructure. India's AI race isn't just about algorithms; it's about reinventing infrastructure that's future-proof, sustainable, and inclusive. The question isn't if we'll bridge the gap—it's how fast.