IAMAI seeks exemption for AI firms from certain data privacy rules in using publicly available personal data

The Internet and Mobile Association of India (IAMAI) has asked the central government to ease legal restrictions on using publicly available personal data for training and fine-tuning artificial intelligence models.

In a statement on Thursday, the association said current data protection requirements make it impractical for AI companies to verify whether all publicly accessible personal data was voluntarily shared by users. Under the Digital Personal Data Protection Act, 2023 (DPDP Act), companies must determine if such data was provided willingly.

IAMAI pointed out that public data can often be re-shared without the original user’s consent, for example, when the information was posted to fulfil a legal obligation and later republished by others. This makes it challenging for AI developers to confirm user consent for every data point.

“Union Government might, as an interim measure, consider exempting data fiduciaries from the DPDP Act’s provisions if they are processing personal data solely for training or fine-tuning of AI models,” the release said.

The association also told the Ministry of Electronics and Information Technology (MeitY) that ambiguities in the DPDP Act could create practical hurdles for AI companies, especially those working with large datasets. It warned that restricting access to publicly available personal data could impose significant compliance costs, slow innovation, and disproportionately affect startups and smaller firms building AI models.

The DPDP Act is India’s comprehensive data privacy law, designed to balance individuals’ rights to protect their personal data with the need for lawful data processing. It holds data fiduciaries accountable for breaches and requires them to adopt appropriate technical and organisational safeguards.