AI for the People: Balancing Innovation and Privacy in India – A Software Engineer’s Perspective

April 03, 2025

India is riding the AI wave, using technology to transform everything from healthcare to urban planning. AI is making our cities smarter, our hospitals more efficient, and our government services more accessible. The possibilities are endless—but so are the risks. With AI handling enormous amounts of personal data, we have to ask: how do we build AI that serves people without compromising their privacy?

That’s where the Digital Personal Data Protection (DPDP) Act, 2023 comes in. Think of it as India’s digital rulebook for data privacy—it sets the ground rules for collecting, storing, and sharing personal information. The goal? To give individuals more control over their data while ensuring companies stay accountable. But for those of us actually building AI systems, the challenge is real. How do we create AI that’s both cutting-edge and privacy-conscious?

Let’s be honest—until now, AI development often worked on the principle of the more data, the better. But with the DPDP Act in place, that approach won’t cut it anymore. Now, companies need explicit user consent before collecting personal data. Sensitive data must be stored in India. Transferring data abroad requires strict safeguards. And on top of all that, organisations are responsible for ensuring data security and preventing breaches. In short, the era of freewheeling AI data collection is over.

Of course, AI is already doing amazing things for public infrastructure. In cities, it’s predicting traffic jams before they happen. In hospitals, it’s helping diagnose diseases early. And in e-governance, AI chatbots and automation are making government services faster and smoother. But here’s the catch—AI thrives on data, and the more data it collects, the higher the risk of misuse

Take Aadhaar, for example—one of the world’s largest biometric ID systems. There’s no denying that it has transformed service delivery, but it has also raised concerns about data security, surveillance, and privacy breaches. If we’re not careful, AI-driven public infrastructure could become a privacy nightmare instead of a force for good.

So, what’s the solution? The key is building AI with privacy in mind from day one. Instead of treating privacy as an afterthought, we need to embed it into every stage of development.

For starters, “privacy by design” should be our mantra. Techniques like de-identification (removing personal identifiers from datasets) allow AI to learn without exposing individual identities. Consent management systems should be transparent, giving users the ability to grant and withdraw permission for their data to be used.

Security is just as crucial. Encryption should protect data at every stage—whether it’s sitting in storage or moving between systems. Access controls should ensure that only authorised personnel can handle sensitive AI training data.

And then there’s the question of how we train AI models. Traditional AI training methods require massive datasets, but there are smarter, privacy-friendly alternatives. Federated learning lets AI models train on users’ devices instead of pooling all data into a central server. Differential privacy adds controlled noise to datasets, ensuring that AI can still learn without exposing personal details. And, of course, we need to follow the golden rule of data minimisation—only collecting what’s absolutely necessary, rather than hoarding personal information just because we can.

But let’s not forget—privacy compliance isn’t just about tech. It’s also about trust. People need to know what’s happening with their data. AI systems should allow users to delete their data if they want to. They should also make it easy for users to transfer their data to other platforms if needed.

Of course, none of this is easy. As AI adoption scales, compliance becomes harder. Large public projects need to ensure AI models are unbiased and trained on diverse datasets. AI systems also need to be cybersecurity-proof—because the more sensitive the data, the bigger the target for hackers. These aren’t just technical challenges; they require strong policies, oversight, and governance.

The DPDP Act is a step in the right direction, but India’s AI regulations still have room to grow. We need sector-specific AI guidelines, like the EU AI Act, to regulate AI in areas like healthcare, finance, and law enforcement. An independent AI oversight body could ensure high-risk AI models are audited for fairness and accountability. And public awareness is key—people should know how AI uses their data and what rights they have.

AI is one of the most powerful tools of our time—but with great power comes great responsibility. As engineers, policymakers, and AI practitioners, it’s on us to ensure AI serves people, not exploits them. By embracing privacy-first design, staying compliant with regulations, and pushing for better AI policies, we can create a future where innovation and privacy go hand in hand.

The question now is: are we ready to build AI that respects people’s rights? The future is in our hands. Let’s make it happen.

Neha Kulkarni

Senior Software Engineer , SAS (Member Organisation of CoRE-AI)