Amidst the swiftly changing digital landscape, the emergence of artificial intelligence (AI) platforms such as ChatGPT and Google Bard has ignited increased concerns regarding data privacy. While these platforms have come under the purview of the Digital Personal Data Protection (DPDP) Act, experts are underscoring the challenges associated with tracking data breaches connected to AI systems.
A significant challenge lies in the area of data traceability, encompassing the task of understanding how generative AI platforms acquire personal data for model training and the subsequent sharing of information in response to user queries. Unlike traditional data handlers, who can easily be held accountable for data breaches, AI platforms present a unique and complex problem.
Rakesh Maheshwari, a former senior director at the Ministry of Electronics and Information Technology (MeitY), revealed a possible issue. He said, “A generative AI platform might collect data but claim it’s not for Indian users and not covered by the Act.”
These AI platforms follow rules about sharing personal data, but the problem is tracking the data they use for training. Even if they use personal info without permission, it is hard to show which data made certain results.
Besides worries about keeping data safe, generative AI has other problems like copyright, false information and biased algorithms. Vinay Phadnis, who is the CEO of Atomic Loops, said that such generative AI platforms can only control data until they use it to teach their models and they can’t thereafter control how the information is used when responding to prompts.
To solve the tracing problem, Phadnis proposed adding AI signatures at the end of AI-generated answers. These signatures would confirm if the data is real and show which data sets were used, including if they follow security rules.
