Is AI regulation built into DPDPB 2022?

Jurisprudence is an interpretation of law by experts. One narrow view of “Jurisprudence” is that it is restricted to the views of a Court like the Supreme Court which is considered binding for the lower Courts. But this is a narrow view and needs to be modified.

A larger view of Jurisprudence is that is a scientific study of law and involves not only the history and philosophy of law but also the views and opinions of the Judiciary as well as the subject matter experts.

Interpretation of statutory texts is also “Jurisprudence”.

It may take time for the Indian legal community to come out of its shell and adopt this open view that Jurisprudence can originate from outside the Courts.

The last 22 years of indicates that a large part of Cyber Jurisprudential principles in India originated here and Courts took their own time in accepting these views.

One classic example which should go into the study of Law in India is that the interpretation of Section 65B of Indian Evidence Act was first made from the school of Naavi and also used and adopted in the Suhas Katti case in 2004. In 2005 Supreme Court had a differential view and only in 2012, Supreme Court adopted the Naavi’s thought process on the mandatory nature of Section 65B. The logic for the intervention of a human witness to convert the digital evidence into an admissible evidence in a Court has been explained by Naavi in many professional circles and despite some disagreements here and there arising out of the difficulty for unlearning the age old concepts of “Primary” and “Secondary Evidence” and inability to switch to interpretations based on “Digital Documents” are gradually adopting the views of Naavi.  This is an example of how “Jurisprudence” can develop outside the Judiciary and may get assimilated in the system. and Naavi has been propounding several new  thoughts such as the Theory of Data , The ” Privacy Protection Law” as an extension of ITA 2000 etc and in due course they are likely to be tested in a Court of Law and hopefully adopted by the Judiciary.

One such Jurisprudential thought that arises out of the Digital Personal Data Protection Bill 2022 (DPDPB 2022) which is in the form of a draft before the Parliament is link between this draft and the discussion on Artificial Intelligence and Neuro Rights regulation.

In our earlier article  we had discussed how  ITA 2000 can be extended for AI regulation through a proper interpretation of Section 11 of ITA 2000.

Now let us see how we can consider DPDPB 2022 as extending to AI regulation.

The definition of Automated Processing under DPDPB 2022 states

(1) “automated” means any digital process capable of operating automatically in response to instructions given or otherwise for the purpose of processing data; 

This definition can be extended to all forms of AI including ANI, AGI. Coupled with Section 11 of ITA 2000, accountability of AI will rest with the “Person who caused the automated system to behave in a given manner either with specific instructions or otherwise through a self learning machine learning process”.

What can now be added to the body of law is the “Ethics” in the form of rules and notifications. The notification under DPDPB 2022 can include the Code of Ethics that are required by AI industry to follow and make it part of the current regulation under ITA 2000 and DPDPB 2022 (which could become DPDPA2023 when passed)

With this interpretation, AI will be subject to all the regulations that include

a) Informed Consent

b) Purpose oriented consent

c) Minimal collection and retention

d)Rights of information, accuracy, withdrawal and grievance redressal etc

Further, the regulator of DPDPB 2022 namely the Data Protection Board becomes the regulator for AI related ethical violations. Penalties under DPDPB 2022 will also apply for AI related violations.  The exemptions and deemed consent provisions will apply as stated in the DPDPB 2022.

Further, the provisions of “Significant Data Fiduciaries”, DPIA, DPO appointment, Data Auditor appointment etc will also apply to AI companies.

It is time for us to also look at PDPSI once again and see if any minor modifications are required to be indicated in the DTS calculation.

Overall we are ready to get into the AI regulatory world with DPDPB 2022.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.