Digital
India’s DPDP Bill – a win-win for consumer tech platforms
Mumbai: India’s Digital Personal Data Protection (DPDP) Bill, is expected to be implemented over the next six to eight months in a phased manner; hefty penalties have been imposed for breach of data. This Bill will have a positive impact on companies/platforms that use first party data, whereas players using or sharing third party data (Google cookies, publisher platforms) could see a negative impact; this could potentially mean that sourcing data may become an expensive proposition for programmatic companies like Affle, as they may need to invest in enhancing their own database (first party). This Bill mirrors UK’s GDPR (General Data Protection Regulation) in terms of the major norms mentioned therein. Internet platforms like Zomato, Nykaa, Paytm etc may have relatively lesser monthly active users (MAU’s) as compared to social/search giants like YouTube, Meta, however the former has a detailed understanding of their limited customer base, with more intelligence around their purchasing/consumption patterns; e-commerce giants like Amazon, Flipkart too will have a big edge due to data protection, as they can earn ad. revenue with the help of their first party data, which will help provide better monetisation and profitability over the medium term.
Long haul for implementation of the DPDP Bill (six to eight months)
The DPDP (Digital Personal Data Protection) act, which has been highly anticipated, has been in the works for the past four to five years. Numerous drafts have been exchanged and extensive input has been gathered from the industry stakeholders. Although the Bill is set to take effect on 11 August 2023, its actual implementation has not yet occurred. Currently, the sections have not been enforced, but there are plans to assign specific dates for the phased implementation of these sections.
The scope of its applicability extends to all forms of digitised or digital personal data. Notably, the act also holds extraterritorial jurisdiction. This means that all entities, including those located outside of India, that process data to offer data services within the country, will be obligated to adhere to the provisions of the act. The Bill is anticipated to bring about a positive impact. India is undergoing rapid digital transformation, and with such swift digitization, there’s a substantial amount at risk. Considering the challenges posed by data leaks, the implementation of this law is crucial. It will establish a regulatory framework that offers a cleaner environment for the transmission and processing of personal data.
Substantial penalties for non compliance/data privacy breach
The entirety of the act’s liability is placed upon the data fiduciary. The responsibility for implementing safeguards to ensure data protection also falls solely on the data fiduciary. Implementing the requirements should not pose a significant challenge for data fiduciaries, provided they approach it with seriousness and a willingness to comply. The Bill makes it obligatory to report breaches of the principles, regardless of whether the breach is categorized as a high-security breach or not. Entities will undoubtedly feel apprehensive about the substantial penalties, given their magnitude. Data fiduciaries have a responsibility to uphold reasonable security measures for personal data when processing such information. Failure to inform both the board and the principle in case of a data breach can lead to significant fines being imposed. Rather than waiting for the possibility of never being reported and taking on the associated risks, companies could proactively reach out to a wider customer base about the data leak. This approach would involve enhancing compliance efforts and demonstrating a commitment to addressing the issue.
Contents of the DPDP Act have been drawn heavily from EU’s GDPR
The Indian legislation has drawn significant inspiration from the EU’s General Data Protection Regulation (GDPR) and is built upon its framework. The authorities have analysed the real-world challenges that arose with GDPR and incorporated those insights into the crafting of this Bill. The primary objective is to ensure the responsible processing of personal data and establish robust data privacy rights for individuals. Both regulations emphasize the handling of personal data through consent, although there are specific scenarios where consent might not be obligatory. The Government has skilfully navigated the task by avoiding excessive amendments and appropriately identifying areas of overlap with other laws.
Ad-tech players could face challenges in accessing third-party data
It is believed that targeted advertising technology companies operating in this domain and relying on third-party data for tailored advertisements will encounter additional challenges. Since they don’t directly gather the data, using third-party data will demand heightened attention. Employing third-party data should make you more cautious, vigilant, and well-informed about the methods of data collection. Ensuring the integrity of the data used for crafting targeted advertisements becomes imperative to prevent any form of contamination. Well-established players involved in collecting, distributing, or selling data would undoubtedly need to swiftly adapt to the provisions of this new act. These programmatic ads. tech players could resort to either 1) Investing into their own database or 2) Recover the higher the costs from clients via higher pricing.
Broad based implementation – across small and large enterprises
Small businesses, lacking substantial resources to engage established players, are focusing on diligently ensuring proper compliance. They recognize that firsthand data collection is significantly preferable to relying on third-party data access. Bigger technology companies might be required to establish compliance requirements slightly ahead of smaller players and startups. The law takes a somewhat more lenient stance toward startups. It’s anticipated that there will be a window of around six to ten months before full implementation is expected.
Safety of consumers/children an added benefit apart from privacy
Companies operating multiple businesses might find common ground internally, where data exchange occurs among their various segments or units by following proper compliance. This aspect should be regarded as a protective measure for sharing information securely. In the case of large tech giants, they will have to adhere to the supplementary data requirements. These companies heavily rely on technology, so many of the obligations are likely already integrated into their operations. The introduction of this regulation could bring about a positive impact, leading to an enhanced safety net. Regarding children’s data, obtaining verifiable parental consent is a requisite. The act has established a mechanism for addressing grievances within its provisions. The composition of the board is explicitly outlined in the act.
The credit of this article goes to Elara Capital senior vice president- research analyst Karan Taurani.
Digital
The creative cull: how AI is coming for the marketers, ad men and researchers
Robots aren’t taking over yet, but the writing may already be on the wall for some of the US’ most glamorous white-collar jobs.
CALIFORNIA: The robots are not, it turns out, storming the factory floor. They are sitting quietly at a MacBook in a Soho agency, rewriting your copy, summarising your focus groups and generating your mood boards, and nobody has been sacked. Yet.
A new report from Anthropic, the AI company behind the Claude chatbot, offers the most rigorous look to date at what artificial intelligence is actually doing to jobs, as opposed to what doomsayers and boosters claim it might. The verdict from economists Maxim Massenkoff and Peter McCrory is nuanced but pointed: there is no mass unemployment so far, but some sectors have good reason to be nervous. Marketing, market research and the arts are squarely in the crosshairs.
The researchers introduce a new measure called “observed exposure.” It goes beyond theoretical speculation about what AI could do and instead tracks what it is already doing, drawing on real Claude usage data. The approach is clever. They weight automated uses, where the machine performs the job entirely, more heavily than augmentative ones, where it merely assists. They then map this onto roughly 800 occupations, weighted by how much time workers actually spend on each task. For now the target user base has been the US market, but the findings offer a glimpse of what may be happening in other countries as well.
The results are sobering for the creative and analytical classes. Market research analysts and marketing specialists clock in at 64.8 per cent observed exposure, meaning nearly two-thirds of their daily tasks are already being performed, at least in part, by AI in professional settings. The leading automated task is preparing reports, illustrating data graphically and translating complex findings into written text. In other words, this is the kind of work junior analysts spend most of their days doing.
Arts and media fare little better. The sector shows meaningful theoretical exposure, as large language models can in principle handle the lion’s share of tasks, though observed usage still lags behind capability. The gap is narrowing, however, and the direction of travel is unambiguous.
Here is the sting in the tail. The workers most exposed to AI disruption are not, as popular mythology suggests, low-paid drudges. They are older, better educated, more likely to be women and considerably better paid, earning 47 per cent more per hour on average than their least-exposed counterparts. Graduate degree holders are nearly four times as prevalent in the high-exposure group. The creative professional, the senior analyst and the market researcher with an MBA are precisely the people who should be paying attention.
“We’re not talking about the checkout operator,” the paper implies. “We’re talking about the account planner.”
The most alarming signal in the data concerns not those already in jobs, but those trying to enter them. Among workers aged 22 to 25, hiring into highly exposed occupations has slowed measurably since the release of ChatGPT in late 2022. There has been a 14 per cent drop in the job-finding rate, a figure the authors describe as “just barely statistically significant.” Young people are, in effect, finding the door to exposed professions quietly closing. Whether they are staying in education, taking different jobs or simply giving up is not yet clear.
For a bright graduate eyeing a career in market research or media production, this is not merely an academic data point. It is a flashing amber light.
The paper is careful about what it does not find. Unemployment among highly exposed workers has not risen in any statistically meaningful way since the ChatGPT era began. The apocalypse has not arrived. Even in the Computer and Math category, the most theoretically exposed of all, Claude currently covers just 33 per cent of tasks in practice. The gap between what AI can do and what it actually does at scale in professional workflows remains vast.
Think of it less like a tsunami, the authors suggest, and more like a slowly rising tide. The internet did not destroy journalism overnight. It took 20 years and the collapse of a generation of classified advertising revenue. The China trade shock also took decades to fully register in unemployment statistics, and economists are still debating the numbers.
What does this mean for the luvvies, the admen and the pollsters? The honest answer is: not much yet, but watch this space. AI is already doing the grunt work, including data summaries, draft press releases and boilerplate creative briefs. The question is whether it stops there or continues climbing the value chain.
The authors are building a framework to track exactly that and promise to update it as new data arrives. If the tide does come in, they want to see it coming before the sandcastles are already gone.
For now, the creative industries can breathe, but perhaps not too deeply. The machine is not at the door. It is already at the desk.
