ISLAMABAD: Asia Internet Coalition (AIC), a group of global digital media giants, has raised several concerns regarding the ‘Pakistan Draft National Artificial Intelligence Policy (AI)’, observing its dependencies and conflicts with other laws, particularly the Draft Personal Data Protection Bill (PDPB).
“The situation is further complicated by the need for the National AI Policy to harmoniously coexist with the Pakistan Cloud First Policy (PCFP) and the Digital Pakistan Policy initiatives. Unlike the PDPB, the PCFP allows cross-border flows of data in certain situations,” said Jeff Paine Managing Director AIC in a letter addressed to Amin ul Haque, Federal Minister for Information Technology and Telecommunication.
The Coalition stated that AI Policy is a pivotal milestone for transforming Pakistan into a knowledge-based economy, as it spells out a national strategy to establish an ecosystem necessary for AI adoption by harnessing an agile framework for addressing different aspects of unique user journeys encompassing different market horizontals and industry verticals by ensuring responsible use of AI. “While we welcome the National AI Policy, support its goals, and appreciate its balanced approach to innovation and ethics, we are nevertheless concerned by its dependencies and conflicts with other laws, particularly the Draft Personal Data Protection Bill (PDPB),” it added.
Paine stated that according to the Draft Policy, it “coherently interlaces” with both the Cloud First Policy (CFP) and the Personal Data Protection Bill (PDPB). The PDPB may conflict with the CFP since it is still in the draft stage and because of the limitations it lays on specific categories of personal data. Section 29(4) of the current PDPB draft of the PDPB imposes additional constraints on automated decision-making without human involvement.
The ideas to implement and promote AI are incompatible with this restriction according to the Policy. The PDPB contains data localization mandates including local storage requirements for “critical personal data” (CPD) and external transfer restrictions for personal data and potentially sensitive personal data. If the National AI Policy is to “coherently interlace” with the PDPB, as claimed on page 5 of the draft policy, the data localization mandates in the PDPB will apply to data used by Pakistani developers to build AI technologies. Such restrictions would splinter the global pool of data available to AI developers, and, if other countries adopted similar policies, Pakistani businesses would find it difficult to build AI technologies because their potential training data would be restricted to data stored in-country.
It would also prevent foreign businesses from training their AI models on data from Pakistan, which would result in AI tools that don’t speak to Pakistan’s cultural context. This situation is further complicated by the need for the National AI Policy to harmoniously coexist with the Pakistan Cloud First Policy (PCFP) and the Digital Pakistan Policy initiatives. Unlike the PDPB, the PCFP allows cross-border flows of data in certain situations. If the National AI Policy is subject to the PDPB’s data localization mandates, Pakistani AI developers might find their ability to access data in a foreign cloud similarly impeded by corresponding measures in the cloud host jurisdiction.
The situation is more complex in the case of CPD because it is undefined. Since sectoral regulators have prospective powers to notify certain kinds of data as CPD on an ongoing basis, the PDPB’s local storage requirements may be triggered at any time. Such an unpredictable and fluid policy situation dis-incentivises businesses from innovation and would make it difficult for Pakistani businesses to build AI tools.
AIC recommended against tying the Policy to the proposed PDPB. The National/ Provincial IT Boards will act “as controllers and processors of public data while assisting the concerned department(s) in secure and effective service provisioning,” according to the policy, which mandates that copies of “public data must be hosted on the National Telecom Corporation (NTC) cloud infrastructure nationwide.” The need that a copy of any publicly accessible data hosted in the cloud be kept locally with NTC would appear to be mandated if the inference that the same regulation should apply under this Policy is true. But in another place in the Policy, it says that “CoE-AI shall provide the necessary infrastructure and partnerships with international AI platforms for secure and monitored public data processing by providing ARD with critical insights.” This would imply that public data may be processed via global platforms so long as the Artificial Intelligence Directorate is “provided with essential insights”.
Moreover, AI relies on and is closely connected to automated decision making without human intervention. While the National AI Policy seeks to encourage AI, the PDPB does exactly the opposite by placing restrictions on the ability of businesses to deploy automated decision making technologies. These tensions are best resolved by amending the PDPB to (i) completely remove data localization mandates, (ii) remove all restrictions on automated decision making that would impact AI development, and (iii) make it interact harmoniously with the National AI Policy.
“We request clarification on the Policy’s requirements for local hosting and use of “international AI platforms. We also recommend, particularly given the limitations of local computational resources noted in the Policy itself, that the policy not require the use of local cloud infrastructure. Cloud infrastructure is at its strongest, most secure, and most economical when it is not subjected to forced localisation.
Copyright Business Recorder, 2023
Comments
Comments are closed.