Written By Dhruv Laalam. The Author is a third year law student pursuing BA.LLB at NALSAR University of Law.
Introduction
Ever noticed a sudden increase in posts advertising shoes on social media and other websites after a quick browse for shoes on the internet? This is the concept of personalized ads, which rely on companies tracking and analyzing users’ digital footprint such as browsing history, cookies and other information in order to deliver relevant content and offers to the users. Most users accept the terms and conditions and cookies of websites hastily before entering a website without truly understanding how the website or the search engine would actually use the data left by the users. While this data cannot be collected without concept, the method of obtaining consent rarely reflects true consent. Most of the data collected remains stored with the companies for better personalization, however this is at the risk of data breaches which would release millions of gigabytes of information to hackers leading to potential misuse.
In the present-day world, AI chatbots and similar software rely heavily on digital footprint and big data and have starting growing in number and usage slowly integrating themselves into people’s life be it for answering queries or for academic research. The AI chatbots, most famously OpenAI’s ChatGPT and Google Bard have quickly become an alternative to google search. Chatbots are more appealing than a regular search engine owing to them being designed to simulate conversations, making them more engaging and friendly. AI chatbots, by being a cost-effective and efficient tool to interact with users, have found their way into various industries, especially in the customer service industry. In addition to its commercial use, chatbots have entered the realm of daily usage from asking chatbots to provide with quick recipes to having philosophical conversations to pass time, the AI bots today can do it all.
Digital Footprint and the risks
However, this magnitude of usage brings with it certain concerns. An average consumer leaves loads of trail of information behind after use. This information can be of any sort from search history to IP address. Privacy watchdogs have been raising concerns regarding the use of such data for quite some time. While the leading host of tech industries, the U.S.A takes little to no notice of this, Europe acted upon this seriously and made laws that minimize the data left behind after using social media or browsing online in the form of General Data Protection Regulation (hereinafter “GDPR”). The EU adopted GDPR in 2016 by replacing the 1995 Data Protection Directive. The GDPR is regarded as the gold standard data protection legislation that focuses on holding technology corporations to a higher standard of accountability regarding the data collected. In addition to minimizing the data collected and stored, the individuals can also request the companies the delete the data that they hold, making them more secure and ensuring that the users’ data is protected.
Google Bard: The New Chatbot
Google Bard is one such AI software recently developed by Google, as its flagship everyday use chatbot. What sets Google Bard apart from its famous competitor ChatGPT is the fact that it is able to access internet real time as opposed to ChatGPT which is based on data from 2021. While this means more relevant and accurate data, it also means that Google Bard is consuming regularly consuming infinite amounts of data on the internet. What makes this fact concerning is the fact that Google bard cannot be used without connecting user’s google account with it. Google being the most preferred and used search engine has access to all sorts of user data causing a potential scare of Google Bard accessing to almost every available data about a user on the internet, and sometimes without true consent making Google Bard highly invasive. Moreover, the information with Google Bard after a conversation with the user is not deleted upon deleting the conversation and is stored separately with Google Bard and this naturally raises concerns to any privacy watchdog.
The EU Case of Google Bard
With such risks are involved, the laws protecting the data would play a pivot role in ensuring safety of the users. Recently, Google was forced to postpone the launch of Google Bard in the European Union after it was flagged by privacy watchdogs regarding its data usage which raised privacy concerns. The European union follows the GDPR and Google, to launch its services in the region would have to submit data protection impact assessment with necessary briefing and documentation which google failed to do. However, it is interesting to note that Google, along with multiple other chatbots are set to launch their services in other regions. This is owing to the stricter data protection regulation in Europe. In fact, the provider of Google Bard in the European Economic Area and Switzerland is Google Ireland Limited whereas Google LLC provides this service in every other part of the world. It is interesting to note this difference in service provider too, which indicates in difference in data usage by Google Bard in Europe and rest of the world.
How should India react to this?
The introduction of the GDPR in 2018 in EU had let to increase in awareness around the world with its added focus on protection of personal data . These regulations, although introduced 5 years ago are still the most progressive regulations in terms of protecting user data and privacy which explains why most tech companies operate differently and with different providers within Europe as compared to outside Europe. There are about 120 nations across the world with data protection laws, albeit not as strong as GDPR still take a progressive step towards data protection. It is surprising that only a handful of states from the United States of America, the birth place of most Big Date tech companies, have progressive data protection laws that are truly concerned about their users’ privacy and data. India’s Personal Data Protection Bill has been on hold for some time and is only a matter of time before it is turned into a law.
The Digital Personal Data Protection Bill from India has taken inspiration from the GDPR within Indian context and emphasize strongly on protection of individual data and ensuring the prior permission is taken before companies use this data. The Digital Personal Data Protection bill will replace the Technology Rules. Following the GDPR’s tenets, the new Data Protection bill has a principle of minimizing data usage and also has regulations regarding the storage of data. Timely application of this bill into law and mandating all tech companies to abide by it would mean that India’s tech laws would be comparable with the EU laws, requiring Google and other Big Data driven companies to rethink their privacy models and ensuring that the companies are more accountable for the data that they use. This is a step in the right direction for the nation with one of the most active users of internet and is much needed since millions of gigabytes of Indian users’ data is stored with the companies.
Conclusion
The GDPR has had far-reaching effects on data protection and privacy around in not just the EU but around the world. The GDPR has set a new standard for data protection and privacy, and it has increased awareness around the world about the importance of protecting user data. It's encouraging to see other countries, including India, following suit to protect their citizens' privacy and data by updating their existing data protection laws in order to tackle big corporations like Google that has almost unlimited access to users data. With the new Data Protection bill once enacted will ensure that the digital footprint left on the internet which Google Bard has access to can be controlled and be kept in check. With stronger data protection laws, Google Bard and other AI Chatbots and Big Data software could be utilized to its fullest potential without harming the privacy of its users. It's important for all countries to continue to prioritize data protection and privacy to ensure that users' data is protected and used ethically.
Comments