close
close

Regulatory fog around new technologies

Posted on by L. Dreeye
Regulatory fog around new technologies

Srinath Sridharan

Why is an unsolicited money manager from a company I don’t know calling me with investment advice after a large credit transaction has hit my bank account? It’s not my bank’s relationship manager or its wealth department that makes me wonder if my financial data is being leaked. After repeated incidents, the answer is clear: data privacy is an ugly truth that we don’t want to discuss.

Although banking regulations promise strong data protection, these incidents undermine consumer confidence. The insurance sector is no better: shortly before policy renewals, unknown brokers and call centers flood us with details about our policies, raising serious concerns about data security.

A few years ago, marketing companies would collect personal details from passenger lists posted in train compartments and couriers would ask for copies of PAN cards. Today, database searchers have moved towards connecting to digital channels and social media.

In some sectors, regulations require organizations to have a chief information security officer (CISO). Beyond this formal obligation, no one—neither industry participants nor regulators—seems to care that in many cases the CISO is simply a hired director on a paper contract for pennies. The person responsible for protection may be tempted to disclose data for a fee. In many cases, CISOs are contractors, much like licensed pharmacists who provide their names for pharmacy licenses. Recently, allegations surfaced regarding an insurance company data breach involving the CISO. However, worryingly, we have not heard publicly from the regulator for almost two weeks.

Despite this ostrich-like thinking, data continues to leak like viral videos while institutions bask in self-congratulations for supposedly robust data protection efforts. Ask any hacker and they will tell you that most organizations’ data is accessible either through hacking or at a reasonable cost.

For every public data breach, there are likely many more that go undetected or unreported. It’s as if we live by the principle “what you don’t know won’t hurt you.” Take, for example, the “do not disturb” system in the telecommunications industry. Despite years of ineffectiveness and almost no regulation, the system remains ineffective. This is despite India being a leader in digital public infrastructure. And when disruptions occur, the typical response is that everything is “updated”—a euphemism for “no bad news, not on my watch.”

The real concern is how regulators across industries are adapting to the digital and data challenges created by new technologies such as artificial intelligence. Disruptive technologies have the potential to bring about positive social change, but they also carry large unknown risks. However, many policymakers and regulators seem to be caught up in feel-good presentations and conferences without understanding the complexity of these technologies.

Where is technical expertise located in our regulatory systems and how effectively is it applied in developing new regulations or building technical oversight capacity? In the past, politicians dealt with relatively predictable achievements and hierarchical public acceptance of their power. Not anymore. Today, a tech-savvy 16-year-old can create a devastating systemic error that leaves even the most experienced regulators baffled. The solution is not to stifle new ideas, but to increase flexibility and put technology-driven approaches at the heart of regulation.

This shift requires a new leadership style in our institutions that values ​​technological knowledge and talent above traditional hierarchies. Do our institutions have leaders who are flexible, passionate about the unknown, and capable of creating such an environment?

Some have a resilient talent pool willing to learn and adapt to changes in society, consumer behavior and technology. But these are exceptions. Most regulators are slow to evolve, content with incremental adjustments that remain relevant and meaningful even as the gap between them and the technology world widens.

Regulators now need to understand not only their sector, but also the technologies that are transforming it. They must break old habits, attract young talent, and lead from knowledge rather than outdated notions of seniority. Is this even possible with our current thinking? What incentive is there for political leaders in short-term positions to think long-term?

One of the key challenges is the knowledge gap. Disruptive technologies are very complex, and most policymakers, businesses and consumers lack a deep understanding of how they work, their potential applications and implications. This information asymmetry makes it difficult to develop sound policy. Moreover, there are asymmetries between investors, companies, consumers and regulators. Unlike traditional products and services, new technologies develop through an iterative process, often resulting in applications and impacts that were not anticipated at the outset (think of platforms such as social media or the Internet).

Under the guise of expertise, private actors can offer lucrative solutions but carry Trojan-like risks, building personal gain and network advantage into the core of government systems. The subtlety of their influence is often easily overlooked.

These challenges highlight the need for a more informed, flexible and forward-thinking approach to regulation that can keep pace with rapid advances in technology. Traditional command and control tools and incentive-based policies are ill-suited to this, largely due to a lack of information and the networked, decentralized nature of technological innovation.

This imbalance is highlighted by the political need to signal leadership in technology adoption ahead of other countries, even though current policies, laws and regulations are inadequately prepared to support them. The current regulatory framework, designed with traditional institutions in mind and based on requirements specific to particular activities, organizations or scales, is outdated and inadequate.

Technology and regulation are often seen as opposing forces: technology drives markets, trade and growth, while regulation embodies governance, restraint and boundaries. Without a more cohesive approach, we risk creating a system in which stakeholders remain frustrated, confused by the gap between policy, policy and regulation.

The author is a policy researcher and corporate consultant.

Disclaimer: The opinions expressed are personal and do not reflect the official position or policy of FinancialExpress.com. Reproduction of this content without permission is prohibited.