• Data monetisation should be made legitimate on the basis of sharing the proceeds with the source of the data.

Law, rather than regulation should be the backbone to protect every individual’s data and there is an immediate need to develop data monetisation policy, a senior official of India’s Central Bank said.

A massive increase in computing power along with humongous availability of data has resulted in the evolution of artificial intelligence enabling machines to make decisions.

Separately, technology firms leveraging users’ data to earn profits have not created a mechanism to pass on the benefits to those to who the data belongs.

“We are already able to see that computers are taking rule-based decisions. Today it is mostly limited to customer service. As the capacities increase, we need to develop a proper framework to ensure legality. transparency and efficiency of data sourcing,” says T Rabi Sankar, Executive Director Reserve Bank of India.

Clear legal protection

According to him, there should be a clear legal protection to the data creator when that data is used, and especially when the data creator is an individual. “These are issues that needs a much wider debate, The primacy of individual rights under the constitution has to be protected,” he adds.

Stating that clear legal provisions are important he said. “Today, most data that is used is based on contracts. You cannot base the legality of data on small print no one can read or on contracts that very few us can understand.”

He also emphasised the need for integrity of data that is collected stating that it should be explicitly legally collectable. “Law must lay down the basic principles for the data that is collected,” he says noting that all data collected must be verifiable.

“Anyone who is processing that data should be able to establish the process through which that data was collected and it should be sanitised of privacy implicating features. If any aspect of that data can affect the privacy of that person, then this data must be sanitized of these details,” he says, adding that there are laws that are being worked on to address this specific problem and India is coming up with its own version.

Accountable data access

Sankar who was speaking during the recent global AI summit RAISE (Responsible AI for social Empowerment) says it is important to protect the features of privacy from private contracts and there needs to be a legal framework to ensure the same.

“If I have to use an app, it should not be that I have to sign the terms and conditions of the app and that is the basic contract. We cannot protect the privacy of an individual through such bilateral contracts. There has to be a clear law,” he argues.

Commenting on principles for responsible and accountable data access by companies or governments he says, all data accessed and sourced must maintain 100 per cent audit trail and that businesses or organisations using external data should maintain a very clear trail of how the data is sourced, what steps or modifications the data has gone through and processes the data has been put to.

“There is a huge amount of data, which is good for business. But given the risks to privacy of the individual, that data and the process followed to use that data must be clearly recorded and auditable,” he says.

Elaborating on organised data monetisation, he says all monetisation should be made legitimate on the basis of sharing the proceeds with the source. “Value can only be received if the value is paid. You have to be a holder in due course,” he adds.