‘GDPR is putting own­er­ship of data back into the hands of in­di­vid­u­als’

Mint ST - - LONG STORY - Les­lie D’monte les­[email protected] MUM­BAI mint

VFS Global, which pro­cesses about five mil­lion visa ap­pli­ca­tions from In­dian cit­i­zens an­nu­ally, has its work cut out with the coun­try in­sist­ing that its res­i­dents’ per­sonal data should be pro­cessed and stored on lo­cal servers. In a re­cent in­ter­view, Barry

Cook, pri­vacy and group data pro­tec­tion of­fi­cer at VFS Global, ex­plained how the or­ga­ni­za­tion is ap­proach­ing the is­sue, and also shared his views on lev­er­ag­ing ar­ti­fi­cial in­tel­li­gence (AI) to make visa pro­cess­ing more ef­fi­cient. Edited ex­cerpts:

How has the Euro­pean Union’s Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) im­pacted how you han­dle per­sonal data?

It starts very early on, from the time when a per­son comes to our web­site look­ing for in­for­ma­tion about visa and travel any­where. We have to make sure that the web­site is com­pli­ant— tak­ing care of sim­ple things like cook­ies, or the small files placed on the com­puter from the browser ses­sion. In cer­tain coun­tries, we have to seek per­mis­sion to put those files . Also if we are us­ing any an­a­lyt­ics, like Google An­a­lyt­ics, we have to make the in­di­vid­ual aware that we are do­ing so, and al­low the to not ac­cept it.

So we have to have a pri­vacy no­tice which de­clares what we are do­ing with the data, which in­cludes who is re­spon­si­ble for pro­cess­ing it—how long that data is re­tained, to whom it may be passed on, which coun­tries are in­volved and how to make a com­plaint. The rights of the in­di­vid­ual are also out­lined. We take the high­est stan­dard as our base line. Cur­rently that stan­dard is GDPR. We do this be­cause it is ob­vi­ously fair for the ap­pli­cants but also from my as­pect of manag- ing data pro­tec­tion across 130odd coun­tries with over 2,500 visa ap­pli­ca­tion cen­tres. What’s the im­pact of data lo­cal­iza­tion?

Data lo­cal­iza­tion can hit us hard—it means you have to con­sider re­lo­cat­ing servers from var­i­ous coun­tries into In­dia. Or it may ac­tu­ally be a less im­pact­ful ap­proach, de­pend­ing its def­i­ni­tion, which is that the serv­ing copy must be held in In­dia. That’s ac­tu­ally a very loose ex­pres­sion. Does that mean the pri­mary copy of data or is it the sec­ondary copy of data? It’s ob­vi­ously some­thing we are track­ing very closely and we are work­ing on con­tin­gency plans, based on the dif­fer­ent sce­nar­ios that could evolve. How is your AI bot Viva help­ing you in visa pro­cess­ing? Viva is one of our first for­ays into AI. And it pro­vides a very fast re­sponse for visa ap­pli­cants (can cur­rently han­dle 10,000 en­quiries per sec­ond 24x7, or 864 mil­lion in a day) as op­posed to phon­ing a call cen­tre and wait­ing a few min­utes to get an an­swer. As of now, it’s just a text chat bot. Voice is the next step but it’s a com­plex one.

What steps are you are tak­ing to re­duce the bias in AI?

We adopt the con­cept of pri­vacy by de­sign and de­fault. What that means is wher­ever there is a de­ci­sion to be made by the al­go­rithm, we look at the out­comes of that de­ci­sion and choose the de­fault one—the one that pre­serves the pri­vacy of the in­di­vid­ual. As a group data pro­tec­tion of­fi­cer, what data trends are you see­ing? Over the last year, there have been ap­prox­i­mately 100 new laws. GDPR ac­counted for roughly 25 of the 100 laws, so the fig­ure is a bit skewed. But even if we say 75 laws have been passed in the last year, it is still a huge num­ber. GDPR has pushed data pri­vacy onto the agenda for a lot of coun­tries. So, gov­ern­ments are now re­act­ing to this and pass­ing data pro­tec­tion laws. It is putting the own­er­ship of data back in the hands of the in­di­vid­ual, which is where it should be any­way.


Barry Cook of VFS Global.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.