Meta, the parent company of Facebook and Instagram, has voiced concerns about India’s Digital Personal Data Protection Act (DPDPA). The concerns focus on profiling and behavioral tracking of minors, cross-border data transfers, and verifiable parental consent. In an ET interview, Rob Sherman, Vice President of Policy and Deputy Chief Privacy Officer of Meta, discussed these issues. He stressed the need for collaboration with the Indian government to balance regulatory compliance and personalized user experiences.
Meta’s Concerns on Profiling Minors
One significant provision in the DPDP Act is the prohibition of profiling. It also restricts behavioral tracking of individuals under 18. While Sherman acknowledges the importance of such a restriction, he also emphasizes the necessity of personalizing experiences for younger users.
“There’s a provision that prohibits profiling and behavioral tracking of people under 18. There are some good reasons for that kind of a prohibition to exist, but there are other situations where it’s important to be able to personalize experiences for people under 18,” said Rob Sherman, Meta’s vice president of policy and deputy chief privacy officer, in an interview with ET.
He further elaborated, highlighting how personalized experiences play a central role in services like Facebook and Instagram. “You don’t see the same Facebook news feed that I see. We each get a personalized experience that’s based on what we’re interested in. And I think that’s an important part of using a service like Facebook or Instagram,” he added.
Sherman hopes collaboration with the Indian government will lead to a balanced solution. This will ensure safety and personalized services for young users.
Cross-Border Data Transfers and Business Continuity
Another recurring concern raised by Meta is the potential restriction on cross-border data transfers, under the DPDP Act. A key issue in the global data protection conversation. Sherman pointed out that transferring and sharing information across borders is vital for businesses. It is also crucial for the global economy.
“A core part of just being a part of global society is transferring, communicating, and doing business across borders, which requires information sharing,” Sherman explained. “In contrast to where we might have been a decade ago, at least the signals that we’re getting from the government are reasonable and that we’re not expecting to see the kinds of cross-border data transfer provisions that would really put in peril the ability of Indian businesses and people to communicate in that way.”
The DPDP Act includes a provision allowing the Indian government to prohibit personal data from flowing outside of India. Sherman recognizes the necessity for data protection. However, he raised concerns about the potential impact on Meta and other businesses. “Adopting prohibitions on data transfer that are widescale, that affect people’s ability to communicate and do business would be problematic. It’s just not aligned with the way that people do business today and the way that people communicate in today’s economy.”
Sherman is optimistic that the Indian government will use this power in limited and targeted cases. He hopes it won’t interfere with global operations of businesses like Meta.
Verifiable Parental Consent: A Complex Requirement
The DPDP Act also includes provisions related to verifiable parental consent, particularly when dealing with minors. Sherman expressed his thoughts on the challenges this might create for businesses that provide online services for young people.
“The law gives the government a broad discretion to interpret what it looks like to verify the age of a teenager, and then also to get their consent or their parents’ consent where that’s appropriate,” Sherman said.
He suggested that a practical solution might involve asking users to self-declare their age, with mechanisms in place to challenge any potential misrepresentations. “As a default matter, asking people to declare their age is a generally accepted way of doing it, and that’s what I would expect and hope that the Indian government would expect us to do,” Sherman stated.
Furthermore, Sherman acknowledged the need for graded age groups and consent mechanisms, recognizing the differences between younger and older teenagers. “It makes a lot of sense to recognize that what’s appropriate for a 13-year-old and what’s appropriate for a 17-year-old are not the same thing,” he said, advocating for a spectrum of protections that reflect the developmental stages of teens.
AI and Data Training for the Future
In discussing India’s approach to artificial intelligence (AI) regulation, Sherman praised the Indian government for adopting a pragmatic approach, which leverages existing legal frameworks rather than creating entirely new regulations for AI. He pointed out that the report published by the government avoided overregulation and instead focused on filling in gaps in existing laws.
Sherman also emphasized the importance of data training in the development of AI, especially when it comes to supporting diverse languages and cultural contexts. “If you can’t do that, then you simply can’t provide those services,” he said, stressing that AI development must be inclusive to be truly effective and impactful across different global regions.
Source: The Economic Times
