Latest news with #DPDPA
Hans India
20 hours ago
- Business
- Hans India
AI to reshape Indian newsrooms, warns veteran journalist
Udupi: The growing influence of generative artificial intelligence in newsrooms could displace a large section of editorial and reporting staff in the coming decade, warned veteran journalist and columnist Rajaram Tallur. Delivering a keynote lecture on 'Media in the Next 10 Years: Convergence and Large Language Models (LLMs)' during Press Day celebrations organised by the Udupi Working Journalists' Union, Tallur said AI tools based on LLMs are already capable of handling translation, summarisation, headline generation, editing, and even transcription of video content. 'If these technologies gain deep entry into newsrooms, nearly 75 per cent of desk work and half of all reporting roles could be overtaken,' he cautioned. He pointed out that machines using LLMs are now capable of learning human skills and, paradoxically, using them to replace the very professionals who taught them through data. Tallur also discussed the implications of India's 2023 Digital Personal Data Protection Act (DPDPA), noting that its implementation could mark a turning point for media regulation in the digital era. He warned that traditional print media is facing an existential crisis due to changing reader habits and the rise of fast, cheap digital platforms. 'Today, hundreds of newspapers shut down every year globally. What is keeping print alive in India is a loyal, older readership,' he said. Traditional television news, too, is under pressure from low-cost, internet-based digital news channels, many of which operate without regulatory checks and feed on social media algorithms and clickbait, he added. Inaugurating the event, Additional Deputy Commissioner Abid Gadyal emphasised that a strong press is critical to democracy. 'When other pillars fail to function, the media has the right and duty to critique,' he said. The event also honoured senior journalist Kunjur Lakshminarayan Kundantaya with a Press Day felicitation. The programme was presided over by district union president Rajesh Shetty Alevur, with other dignitaries from Manipal institutions, Lions Club, and the Udupi Press Bhavan Committee in attendance.
Time of India
6 days ago
- Business
- Time of India
Google, Meta at loggerheads over age-verification methods for child users
Search engine giant Google and social media major Meta recently reiterated their difference of opinion over how to verify the age of child users on digital the European Digital Services Act , Google proposed a new credential manager application programming interface that will store government-issued IDs in a mobile wallet that it said can be used for age assurance in a completely encrypted and safe manner. Meta has proposed, including in India, to utilise the app stores like Google's Play Store and Apple's App Store to verify the age of a device's has warned that delegating age verification to app stores, as proposed by Meta, would risk overexposing sensitive data and lack consistency across devices. It may also exclude shared or family-used devices, the parent of YouTube said in a recent blog Digital Personal Data Protection Act (DPDPA) requires platforms to obtain verifiable parental consent before processing the personal data of children. This means companies must verify the age of those signing up for their services and, if they are found to be children, obtain consent from their parents or legal guardians. The government has yet to notify the final DPDP Rules that the companies will have to DPDPA and the draft rules released by the government do not prescribe a single, mandatory age verification method. Instead, they broadly require businesses to implement "appropriate technical and organisational measures" to obtain verifiable parental consent. The draft rules suggest a risk-based approach where the platforms catering to children or those dealing with high-risk data might need more stringent verification measures, while others might suffice with on how the age verification of children can be done before their personal data is processed has gathered steam again in India with Kate Charlet, Google's global director of privacy safety and security policy, expressing some views on the subject in a June 13 blog post titled 'An age assurance tool for Europe and beyond'.For both Google and Meta, India is the largest market, and they would seek to ensure that their age-verification methods comply with the local requirements. Google (including YouTube) and Meta (with its umbrella of apps like Facebook, WhatsApp, Instagram and Threads) each have more than a billion users in credential manager enables users to verify that they are above 18 years of age by using digital credentials issued by trusted third parties such as telecom operators or government ID method relies on zero-knowledge proofs, which enable the verification of age without revealing or storing any extraneous personal information."We urge age assurance providers, and app and web developers to build on this secure infrastructure for Android devices," Charlet wrote in her privacy-preserving approach using digital credentials and zero knowledge proofs offers a promising model for Indian platforms to adopt, said Saumya Brajmohan, partner at law firm Solomon & Co."From a legal standpoint, the framework aligns with global digital data protection principles, being founded on the principles of data minimisation, purpose limitation, lawful processing, and privacy by design and by default," Brajmohan said. It also resonates with the DPDPA, which imposes strict obligations on companies when processing a person's personal data, especially that of children, she immediate adoption of the framework could be potentially challenging considering that India currently lacks a federated credential ecosystem, she pointed the India Stack infrastructure, like DigiLocker, e-KYC and Aadhaar eSign, could theoretically serve as a credentialing foundation, concerns around data security, and overreach continue to limit their adoption for this specific use case, she rules under the DPDPA (which have not yet been notified) have not clarified what constitutes a 'verifiable consent' or who is eligible to act as an authorised digital credential provider, she added."This absence of clear rules around acceptable verification methods and trusted companies is what currently prevents Indian platforms from adopting models like Google's without ambiguity," Brajmohan Sahni, partner at law firm Ajay Sahni & Associates, told ET that the government would do well to consider interoperable, government-supported infrastructure such as DigiLocker or tokenised consent mechanisms (such as those used in Unique Identification Authority of India mechanisms) as a common backbone to ensure both compliance and ease of doing Razvi, managing partner of law firm Accord Juris, said Google's proposed age verification model using digital credentials via a mobile wallet offers operational efficiency but raises significant legal concerns, particularly under child data protection regimes."A system that relies on government issued IDs, which most children do not possess fails to meet this obligation in both form and substance," he argued."Moreover, delegating this core compliance function to a mobile wallet introduces outsourcing risks. Age gating is a legal duty of the companies, not the platform. Any failure could lead to regulatory scrutiny, civil claims, or enforcement actions," Razvi explained."It does little to address consent requirements or provide for parental involvement where necessary," he said."While Google's approach is scalable and user-friendly, true compliance demands child-centric, and independently auditable mechanisms," Razvi Charlet in her blog said Meta's age verification proposal would require mobile app stores to verify visitors' ages on behalf of mobile apps."Billed as 'simple' by its backers, including Meta, this proposal fails to cover desktop computers or other devices that are commonly shared within families. It also could be ineffective against pre-installed apps, as Meta's often are," she said."Even more worryingly, it would require the sharing of granular age band data with millions of developers who don't need it. We have strong concerns about the risks this 'solution' would pose to children," Charlet Dasgupta, executive director – tax at Aquilaw, said data verification should be done by platforms providing age-sensitive content rather than providers of operating systems or app stores."Meta's proposal aims for a centralised system because app stores are the primary gateways for users to access apps. Integrating age verification at this level would mean users only need to verify their age once to access a wide range of apps and services. Operational ease as individual applications will not have to separately verify age of users," he said.
Business Wire
24-06-2025
- Business
- Business Wire
Bringing Care and Compliance Together as Certinal's CFMS Unifies Consent Workflows Behind the Digital Front Door
WILMINGTON, Del.--(BUSINESS WIRE)--Hospitals have digitised admissions, labs, and records, but consent remains a fragmented and high-risk step in the patient's journey, often still managed with paper, email attachments, or disconnected scanning workflows. Despite EMRs and eSignatures, most consent processes rely on outdated tools or in many cases, no tools at all. This inefficiency delays care and exposes providers to legal risks and lost consent forms. Certinal, an enterprise-grade digital signature and workflow platform, introduces a new category: Consent Form Management System (CFMS) an easy-to-use HTML consent form builder with multi-language form creation, periodic legal topic updates, auto-drafting, versioning, and an audit-ready layer that unifies intake, consent, and compliance into a seamless, end-to-end workflow. 'Consent isn't a document. It's the heartbeat of trust in patient care,' said Aatish Dedhia, Founder & CEO, of Certinal Inc. 'We've rebuilt it as a tamper-proof, audit-ready and compliant workflow so hospitals can focus on care.' Certinal's CFMS doesn't just digitize form, it transforms how consent operates across departments and systems. Designed for paper-based and digitally mature hospitals, the solution integrates with existing clinical and operational environments, powered by Advanced In-person consent workflow at hospital facility floors, real-time identity verification, data privacy and security compliance. Certinal's CFMS includes Consent form creation and management, Patient Responses, Response Transaction Management, Multi-facility support, Consent Insights Management, Reporting, and APIs, making it a comprehensive digital consent form management platform for large hospitals. It supports DPDPA regulatory requirements, advanced workflows for Witness and Translator involvement, and physician instructions pre-filled into the consent form during in-person or remote consultations. Hospitals relying on manual or semi-digital consent workflows often face delays in diagnosis, transfers, and discharge, especially when forms are lost, scanned incorrectly, or stored in disconnected systems. Certinal's CFMS replaces the patchwork with a centralized, workflow-first system, transforming a vulnerable operational bottleneck into a strategic advantage. 'Digitization without workflow intelligence is just cosmetic,' added Dedhia. 'Hospitals don't need another dashboard. They need systems that just work across departments, devices, languages, and borders.' Certinal already powers secure consent and digital workflows at global institutions like Bumrungrad International Hospital (Thailand), which modernized its patient experience using Certinal's eSign capabilities. In their own words: 'Certinal eSign helped us simplify patient onboarding while meeting our strict data security and compliance requirements,' said James McLeary, Group CIO and CSO, Bumrungrad International Hospital. 'The platform gave us structure, audit trails, and ease of use, exactly what our teams needed to scale.' This foundational trust now extends to consent form management, enabling providers to unify consent journeys without additional systems or overhead. Hospitals can assess and transform one of the weakest links in their digital experience, the consent workflow with a single, intelligent platform. It's time to fix it. About Certinal Certinal delivers an enterprise-grade Unified Digital Transaction Management solution trusted in 80+ countries. Built for security, usability, and compliance, Certinal empowers large organizations with intelligent eSignature and webform workflows that meet global, regional, and industry-specific regulations. Recognized as a Leader in IDC MarketScape 2023 and a Strong Performer in Gartner's Voice of the Customer, Certinal is the only eSignature provider to earn Gartner's Customer First Badge and has achieved the fastest entry into Gartner's Market Guide for Electronic Signatures. Certinal has filed 11 patents, 2 of which have been granted, reflecting its commitment to cutting-edge innovation, and boasts an exceptional Net Promoter Score (NPS) of 81.29 — far exceeding the industry benchmark.
Time of India
18-06-2025
- Business
- Time of India
Why India's AI future hinges on smarter data centres
Imagine building a skyscraper on sand. That's what India's AI ambitions could look like without rethinking data centres. As generative AI, 5G, and IoT explode, our digital economy's bedrock—data centres—is at a tipping of AI Data Centres in IndiaIndia's data centre market is sprinting at ~25% CAGR, fueled by AI's relentless demand for compute power. But here's the catch: while we generate 20% of global data, we hold just 3% of data centre capacity. The government's push for data localisation under the Digital Personal Data Protection Act (DPDPA) has further accelerated the establishment of local data centres, drawing significant investments from global giants like AWS, Microsoft, and Google, as well as domestic players such as Reliance Jio and Yotta Infrastructure. Recently, during the Union Budget presentation, Finance Minister Nirmala Sitharaman allocated INR 20 billion ($230 million) for the IndiaAI mission, which will be used to build AI and data centre infrastructure, including GPUs, data centres, and connectivity solutions. AI isn't just code—it's hardware. Next-generation data centres need GPU clusters, liquid cooling, optical fibre cables, connectivity solutions, and renewable energy to handle workloads that are ten times denser than traditional setups. Projects like Yotta NM1 in Navi Mumbai and CtrlS Hyderabad exemplify the shift toward AI-optimised facilities, equipped with GPU clusters, advanced cooling, and renewable energy integration. The Infrastructure Gap: A Strategic Imperative Despite this momentum, India's AI data centre infrastructure faces significant challenges: Real estate and Connectivity challenges India's major metro markets like Mumbai, Chennai, Bengaluru, and Hyderabad dominate data centre capacity but face high land costs and limited availability of suitable sites. While metros benefit from robust fibre networks, many regions beyond metropolitan areas still suffer from limited fibre availability and high latency, impeding AI workloads that require ultra-low latency and high bandwidth. Network Latency and Location Strategy AI applications require ultra-low latency to function effectively, which means data centres must be located close to end users in major metropolitan areas. However, high population density and limited land availability complicate site selection. Addressing network latency requires not only proximity but also optimised connectivity infrastructure, including carrier-neutral facilities and high-speed interconnections within and between data centres. Infrastructure Modernisation and AI-Readiness Many existing data centres in APAC were designed before the AI era and are not equipped to handle the unique demands of AI workloads. This creates a gap that new developments and upgrades must fill by incorporating AI-ready features such as higher floor loading capacity, advanced cooling systems, and enhanced network capabilities. Made in India solutions - India's data centre revolution demands locally engineered solutions to overcome unique challenges like connectivity gaps in tier 2 and 3 cities, unreliable power infrastructure, complex land acquisition hurdles, and the need for energy-efficient architectures tailored to extreme climatic conditions. This requires data centre solutions like driving demand for home-grown solutions that cater to hyper-scalable fibre backhaul, edge computing integration, etc. Charting the path forward The fundamental changes AI is bringing to data centres are truly remarkable. India's vision to become a global AI powerhouse hinges on bridging the digital infrastructure gap, requiring advanced connectivity solutions to build this infrastructure. As AI continues to take centre stage, data centres built on agile and future-proof optical fibre foundations will evolve to provide immense compute power. This transformation will enable them to meet the industry's demands, including: Agile, high-bandwidth connectivity for AI - AI workloads demand massive, low-latency data transfer within the data centre and between data centres (DCI). Legacy copper struggles with scale and distance. The industry requires high-speed, low-latency optical solutions. Pre-terminated systems ensure rapid, error-free deployment, which is crucial for scaling AI scalability and future-proofing - India's data explosion requires infrastructure that can scale exponentially. Density is key to managing space and cost. High-fibre-count optical solutions offer unparalleled fibre density for scalable inter-facility links. Pre-terminated Systems are inherently designed for easy upgrades and massive bandwidth headroom, protecting latency and high reliability - AI and real-time analytics demand near-instantaneous data movement. Innovative optical solutions compliant with international standards such as ANSI/TIA-942, TIA-568, ISO 11801 guarantee engineered reliability and signal integrity, minimising latency jitter and failure risk. India's AI future depends on a holistic approach to digital infrastructure—one that integrates advanced optical connectivity, power-efficient cooling, and scalable physical digital infrastructure. India's AI race isn't just about algorithms; it's about reinventing infrastructure that's future-proof, sustainable, and inclusive. The question isn't if we'll bridge the gap—it's how fast.
Time of India
16-06-2025
- Business
- Time of India
DPDP and the criticality of data: A turning point for India's gigital future
India is on the brink of implementing one of its most consequential digital regulations – the Digital Personal Data Protection Act, 2023 (DPDPA), and its accompanying rules. As the country inches closer to operationalizing this framework, there is a growing sense of urgency across the tech ecosystem. The era of soft compliance is over. Data has emerged not only as a currency for innovation but also as a growing liability, and the new regime reflects the government's sharpened focus on accountability, transparency, and regulatory control. At its core, the DPDPA is a principles-based legislation. The draft rules currently under consultation provide a closer view of what real-world compliance will demand—particularly in areas such as consent, retention, data erasure, and breach notification. This is where the criticality of data governance truly comes into focus—not just as a question of digital infrastructure, but as a matter of strategic economic and legal consequence. Data compliance vs practicality The draft rules under should adopt a more risk-based and proportionate approach to age verification and parental consent. As it stands, the requirement for verifiable consent—regardless of a data principal's self-declared age—could impose disproportionate burdens on data fiduciaries, often compelling them to collect excessive data and implement rigid mechanisms that may violate principles of data minimisation. International standards like the EU-GDPR and COPPA offer a more balanced path by allowing entities to take 'reasonable efforts' to verify age and parental consent, depending on the nature of the service and risk involved. The DPDPR should follow suit by clarifying that stricter age assurance measures be applied only where high-risk processing of children's data is involved, while permitting flexibility for low-risk use cases. This not only prevents unnecessary operational hurdles for businesses but also aligns better with both child protection goals and practical feasibility. What's more, the DPDP Act also does not currently allow for 'legitimate interest' as a legal basis to process data—something that other jurisdictions like the EU recognize. This could make basic business activities like internal audits, AI training, and even due diligence for M&A transactions unnecessarily difficult. Breach reporting framework One of the more stringent aspects of the draft rules is the breach notification framework. Data fiduciaries are required to notify both the Data Protection Board and the affected data principals of every data breach, irrespective of the perceived level of risk or harm. While a more extended window of 72 hours (or longer, subject to the Board's discretion) has been proposed for submitting a detailed report to the Board, the timeline for notifying affected data principals is notably tighter—requiring disclosure 'without delay.' In addition, a preliminary breach report must also be submitted to the Board without delay, containing essential initial details. Given the varying levels of detail and specificity expected in these 'without delay' notifications to the Board and data principals, there may be differing interpretations of the timeline and its practical implications. This structure, though well-intentioned, raises concerns about the resulting desensitization of both users and regulators. In practice, most breaches require internal triage: identifying the breach, scoping its impact, initiating remediation. Reporting too early without adequate clarity could expose companies to unnecessary reputational and legal risks. Worse, it could distract from mitigating actual harm. A more pragmatic approach would involve the introduction of a severity threshold, distinguishing minor from major breaches, and re-calibrating reporting timelines, to ensure meaningful compliance rather than mechanical disclosure. MSMEs and the risk of overregulation Another critical concern is the asymmetry of impact. While large corporations may struggle with scale, it is smaller businesses that will feel the heat of non-compliance most acutely. The framework as it stands does not adequately differentiate obligations by the size, scale, or risk profile of the fiduciary. As seen in other sectors, overly burdensome compliance can stifle MSME growth. Risk-based regulation—where the extent of compliance is proportionate to the sensitivity and volume of data—needs to be institutionalised. Governance beyond compliance What the DPDP regime ultimately signals is the institutionalization of data governance in India. The legislation is not just about data protection. it is about shaping the way organizations think about trust, risk, and accountability. This is not merely a legal challenge—it is an organizational transformation. Policymakers must continue to listen—to industry, to civil society, and to consumers—so that implementation is guided by dialogue rather than dictate. India has a unique opportunity to set the gold standard in digital governance—not just by protecting personal data, but by enabling the responsible unlocking of its economic value. But to achieve this, the DPDP Rules must evolve: from ambiguity to clarity, and from theory to real-world feasibility. Five key areas to make the DPDP law more effective: Adopt a risk-based approach to age verification and parental consent —aligned with global best practices and avoid one-size-fits-all mandates that may lead to over-collection of data and create compliance burdens. Add 'legitimate interest' as a basis for data processing —especially for due diligence in M&A and Investment activities and internal operations. Introduce a severity-based breach reporting system and reconcile reporting timelines to avoid false alarms and regulatory fatigue. Clarify the language requirements for user notices—especially for backend or automated services. Differentiate compliance for MSMEs to ensure ease of doing business isn't compromised. Encourage industry-led self-regulation under the oversight of the Data Protection Board. Facebook Twitter Linkedin Email Disclaimer Views expressed above are the author's own.
