Comments
For start-ups that build data-driven solutions using AI, and operate in spaces such as healthcare where consumer data is key, there are more questions than answers as GDPR goes live in Europe on Friday.
While some of these companies have dropped their expansion plans in the continent, others are working with data protection consultants to figure a way out.
The General Data Protection Regulation (GDPR) is a law on data protection and privacy for all individuals within the European Union and the European Economic Area.
Prashant Warier, Co-founder and CEO, Qure.AI agrees that there are lot of grey areas when it comes to healthcare. The start-up uses AI to improve the diagnosis of tuberculosis in chest X-rays, and scans for haemorrhages in CT scans of the head. Currently, the company has partnered with over 10 hospitals and research labs for imaging data that will be interpreted by AI.
According to a source, who works in the healthcare space, going forward GDPR will be challenging for companies, especially the ones that operate in the data processing space, as getting data will be challenging. The source explained that many data companies buy data to build sophisticated solutions. But the source stated that aggregated data and de-identified data could be a solution.
While aggregated data and de-identified data could be a solution as it allows privacy and anonymity, there are challenges there as well. While aggregated data is used for statistical analysis, de-identified data is used in applications such as cloud computing, biometrics and big data.
Also, de-identification data masks personal information, such as name or social security numbers. But the identifier is stored in a different layer in cases where it needs to be re-identified.
In such cases, it is unclear what constitutes a violation, says Warier. “It is a grey area as we are yet to get a clarification on that aspect,” he adds. The company, which is looking to expand to Europe, is getting a GDPR consultant to sort out the chinks.
Arpinder Singh, Partner & Head (India & Emerging Markets), Fraud Investigation & Dispute Services, EY, explains that in case of de-identified information it is critical that organisations understand various data processing requirements and the legal basis for carrying them out. Otherwise, they run the risk of potential legal battles, he adds.
Vijay Thirumalai, founder of hCue, a medical start-up that digitises medical records, and also performs predictive analytics using AI and machine learning, says that apart from access to data for building solutions, its direct link to welfare schemes and insurance may also hamper their operations. For instance, in many parts of Europe, the cost of healthcare is borne by the government. Giving consumers complete access over data will have an adverse impact on the cost calculation. “There are also chances that there could be some defaulters who would want their data to be deleted, to escape paying insurance,” he adds.
Until there is clarity, his company would stay away from Europe, says Thirumalai. “Cost of non-compliance is very high. At this point, when you are not making enough revenue and there is not enough clarity, it does not make sense for us to move there [to Europe],” he reasons.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.