Empowering Privacy in the AI Era: Reflections on Data Privacy Day 2025

Today, January 28th, is observed as Data Privacy Day. The day was first designated in 2006 by the Committee of Ministers of the Council of Europe as Data Protection Day. It is now celebrated globally under the names “International Data Protection Day” or “Privacy Day”.

Data protection and privacy assume greater significance more than ever today thanks to the rise of AI-driven innovations and the proliferation of sensitive data across industries; safeguarding privacy has become a cornerstone of trust in our hyper-connected world.

Industry leaders emphasize the need for proactive measures, robust governance, and a culture of transparency. From AI-powered ransomware and phishing threats to the importance of adopting Zero Trust frameworks, everyone calls for the need to stay ahead of the curve.

In India, the proposed Digital Personal Data Protection (DPDP) Act and growing investments in AI infrastructure signal a national commitment to creating a safer digital future. Organisations, too, need to integrate privacy into their core operations, ensuring both compliance and resilience.

This Data Privacy Day, as we navigate the complexities of the AI era, let us reaffirm our commitment to protecting sensitive data, fostering trust, and building a digital ecosystem where innovation thrives responsibly.

Data privacy concerns

Let’s analyse the most significant data privacy concerns facing individuals and organisations in today’s digital landscape.

Neehar Pathare, MD, CEO & CIO of 63SATS, highlights critical concerns such as unauthorized data collection, data breaches, and the misuse of personal information. On an individual level, social engineering and phishing attacks often target personal data, while organisations face significant reputational and financial risks.

“To address these, organisations can adopt stringent encryption, conduct regular audits, and ensure compliance with global and regional regulations. Individuals can practice good cyber hygiene, such as using strong passwords and enabling multi-factor authentication. For example, Apple’s App Tracking Transparency framework empowers users to control data sharing with apps.”

Varun Babbar, Managing Director - India & SAARC, Qlik, emphasizes the transformative potential of agentic AI in boosting productivity by independently managing complex tasks and adapting to feedback. However, he stresses the critical need for responsible AI use, with data privacy at its core to build trust. According to Babbar, the effectiveness of AI is intrinsically tied to the quality of its data, making robust governance and stringent data quality measures essential. Responsible data handling not only fosters trust but also enables AI to reach its full potential.

Babbar highlights that safeguarding privacy in today’s landscape requires businesses to be transparent, ethical, and proactive. As agentic AI continues to evolve, challenges such as skill shortages, fragmented governance, and real-time data demands underscore the necessity for clear processes and secure data pipelines. To thrive in this era, organizations must prioritize upskilling their workforce, implementing strong governance frameworks, and investing in impactful AI solutions.

“Establishing local cloud regions significantly enhances data security and compliance, protecting sensitive information. With Gartner projecting that by 2028, 40% of enterprise AI assets will be traded through marketplaces, the importance of privacy and authenticity is greater than ever. On Data Privacy Day, let’s reaffirm our commitment to safeguarding data, fostering trust, and embracing the Agentic Systems Era, where intelligent agents unlock new opportunities for growth,” Babbar concludes.

With the new DPDP rules now in place, businesses must adopt a more structured approach to data collection and storage, says Mehul Gupta, Co-Founder & CEO of SoCheers.

Gupta emphasizes that data collection practices must become more transparent and precise. This includes collecting only the data strictly necessary for campaigns and using clear, unambiguous language to obtain consent. “For instance,” he notes, “users often don’t even have the option to opt out of data collection.”

The next priority, he explains, will be data management. This involves addressing critical questions like how and where data will be stored, how long it will be retained, implementing necessary encryptions, and investing in the right technology to safeguard data. After tackling these foundational challenges, businesses must focus on other areas, such as training and raising awareness on data handling, strengthening technology and security practices, ensuring compliance across clients, partners, and vendors, and conducting regular audits to keep processes running smoothly.

According to Gupta, while some segments of customers have been calling for stricter data policies for some time, a larger section of the Indian audience remains unaware of how their personal data is used. However, he predicts that as awareness grows—especially in Tier 1 cities—customers will seek a more active role in deciding how their data is managed. Clear communication and avoiding ambiguity will be essential to maintaining transparency and building trust.

“Investing in technology and security will enable Indian businesses to adapt to these new policies,” Gupta concludes. “By staying informed about international standards, respecting customers’ data, and adhering to the rules, businesses can make this transition smoother.

DPDP rules and organisations

The recently introduced DPDP Rules mark a significant shift in how organisations handle data, underscoring the growing importance of privacy and accountability in today’s digital economy. These regulations aim to safeguard personal information by enforcing stricter guidelines on data collection, storage, and sharing, placing organisations under greater scrutiny.

At ReBid, we see the DPDP Rules as a transformative step towards a more structured and transparent data governance framework in India, says Rajiv Dhingra, Founder & CEO, ReBid.

“These rules align with our core philosophy of responsible and efficient data management, and we’ve already implemented systems that ensure seamless compliance,” he adds.

According to Dhingra, key strategies include:

• Enhanced Data Mapping: We’ve revisited our data collection, storage, and processing workflows to ensure complete alignment with the rules.

• Robust Consent Framework: We’ve updated our consent mechanisms to be more explicit and user-friendly, providing customers with granular control over their data.

• Privacy by Design: We’ve embedded privacy principles into every layer of our platform architecture to ensure data protection is a default, not an afterthought.

• AI-Driven Compliance: Leveraging AI-powered tools within ReBid, we proactively monitor data usage and flag potential compliance risks in real-time.

“By making compliance an ongoing, automated process, we aim to not only meet regulatory standards but also exceed customer expectations for privacy,” he adds.

Businesses and governments need to balance the need for data collection and analysis with the need to protect individuals’ personal information and maintain their trust.

Businesses and governments can implement transparent policies and only collect essential data with informed consent, opines Neehar Pathare.

“Data anonymization and aggregation ensure analysis without compromising privacy. Governments should enforce strict regulatory frameworks, like DPDP, GDPR, etc., which penalize violations. For instance, Google Analytics uses aggregated, anonymized data to provide insights without exposing individual users. Regular communication about data usage builds trust, and opt-in mechanisms empower users to control their data,” says Pathare.

Customer expectations

The implementation of the DPDP Rules is poised to significantly reshape customer expectations regarding data privacy. With stricter regulations in place, customers are likely to demand greater transparency, accountability, and control over how their personal information is handled. This shift represents an opportunity for businesses to build stronger relationships by demonstrating their commitment to protecting customer data.

Rajiv Dhingra observes that the DPDP Rules will elevate customer awareness and expectations around data privacy.

According to him, consumers will demand greater transparency, control, and accountability from businesses that collect and use their data. They’ll expect clarity on how their data is being used and reassurance that it is handled responsibly.

To maintain transparency and trust:

• Proactive Communication: Businesses must clearly articulate their data policies in simple, accessible language, moving away from legal jargon.

• Control to Customers: Providing easy-to-use dashboards for customers to access, manage, or withdraw consent will be key. For instance, ReBid ensures that data subjects can exercise these rights seamlessly within our platform.

• Third-Party Audits: Regular audits and certifications can serve as a strong trust signal for customers.

• Education and Empowerment: Organizations need to actively educate users on their rights under the DPDP Rules and how their data is protected.

Ultimately, he adds, trust will be built through consistent actions, not just words, and businesses need to demonstrate a commitment to privacy through every interaction.

Future-proofing operations

As data protection regulations continue to evolve globally, Indian businesses need to future-proof their operations to address emerging challenges and opportunities in data governance.

Rajiv Dhingra suggests that Indian businesses must adopt a forward-looking approach to data governance, considering global trends and emerging technologies.

The DPDP Rules serve as a crucial stepping stone, encouraging organisations to build strong foundations in compliance and privacy-first practices.

To future-proof operations:

• Global Alignment: Businesses should aim for interoperability with international standards like GDPR or CCPA, ensuring readiness for cross-border operations.

• Invest in Technology: Tools powered by AI and automation can help manage large-scale compliance requirements efficiently, flagging potential risks before they escalate.

• Adaptable Policies: As regulations evolve, businesses need flexible policies that can be updated rapidly to align with new standards.

• Employee Training: Regular training programs on data protection for all employees are essential to embed a culture of compliance.

“The DPDP Rules are pivotal in setting a benchmark for data governance in India, ensuring that businesses operate responsibly while harnessing the value of data. By treating these regulations not as a compliance burden but as an opportunity to build trust and competitive advantage, Indian organisations can position themselves as leaders in the global digital economy,” he concludes.

Neehar Pathare is of the opinion that cyber-security solutions and artificial intelligence (AI) play a key role in safeguarding sensitive data and ensuring compliance with evolving regulations.

“Cybersecurity tools like firewalls, encryption, and intrusion detection systems protect against unauthorized access, while AI enhances these defenses with advanced capabilities. AI’s potential lies in rapid threat detection and response, enabling organisations to identify anomalies in real-time and minimize vulnerabilities. Predictive analysis allows for proactive defense, stopping threats before they materialize. AI also automates routine security tasks, freeing up human resources for strategic challenges, and enhances user authentication through advanced biometrics and behavioural analysis,” Pathare says.

However, Pathare adds, AI comes with risks. Errors, biases, and misuse by cybercriminals exploiting AI for sophisticated attacks must be acknowledged. He feels that organisations should cautiously implement AI to augment human decision-making in data privacy and proceed to autonomous AI only with conscious planning. AI-driven innovation shows both promise and risk, underscoring the need for responsible integration.