Aadhaar Card Issues

[op-ed snap] Aadhaar needs a privacy law

Image source


Mains Paper 2: Governance | Citizens charters, transparency & accountability & institutional & other measures

From UPSC perspective, the following things are important:

Prelims level: Right to privacy, Unique Identification Authority of India (UIDAI), Digital ID research initiative,

Mains level: Right to privacy Vs Aadhar


Supreme Court’s judgment upholding right to privacy Vs Aadhar

  1. The Supreme Court’s (SC’s) landmark judgment upholding our right to privacy has intensified the debate on whether and how Aadhaar infringes on this right
  2. The Unique Identification Authority of India (UIDAI) has unequivocally asserted that Aadhaar meets the privacy test
  3. People from within the government’s fold and outside it, have said that Aadhaar can become an instrument to profile individuals, surveil them, and suppress dissent

Who is correct?

  1. The boring but important truth is that both sides are right—to some degree
  2. Aadhaar, if unregulated, can be a tool to abrogate our privacy
  3. But other tools of the government—such as CCTV cameras, permanent account number (PAN) cards, Digital India, among others—are also capable of invading privacy

Solution for this issue

  1. The solution is not to annul Aadhaar on the grounds of data privacy
  2. Like we do with any tool in the public domain, we need to avail of its benefits and manage the risks
  3. We need to evaluate whether the benefits are worth the risks

Two parallel initiatives required

  1. Rigorous, and independent research such as the Indian School of Business’ digital ID research initiative
  • This is vital to ascertain the benefits and risks across Aadhaar’s uses
  • This can help decide which uses should be furthered, adjusted, or even dropped

2. We need an independent regulator to protect data privacy and regulate data initiatives

  • This regulator must be backed by a robust law, and be competent to understand the nuances of data privacy and keep pace with new developments
  • We are many strides into a digital economy and are already suffering the consequences of this void

What features make Aadhaar particularly potent for database linking?

Four features make Aadhaar particularly potent for database linking

  1. It covers almost all Indian adults
  2. The database has practically no duplicates (according to UIDAI), enabling a higher quality of linking
  3. It uses a 12-digit unique identifier, making linking easy
  4. Over 120 government agencies require Aadhaar to provide services, paving the way for the first step of data linking—seeding each individual database with Aadhaar numbers

How can Aadhar linking be misused?

  1. One potential harmful abuse of Aadhaar is using the unique number to link data sets that previously existed in silos
  2. Depending on the breadth of data sets seeded with Aadhaar, they can be merged to uncover a person’s “food habits, language, health, hobbies, sexual preferences, friendships, ways of dress, and political affiliation”
  3. SC also worried about this in its judgment on right to privacy
  4. Not only is this objectionable in and of itself, such profiling can be used to discriminate against individuals and stifle dissent
  5. Unauthorized database-linking violates almost all the National Privacy Principles, including “Purpose Limitation”
  6. Purpose limitation means “a data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals.”
  7. “Data controllers” (say, criminal investigation agencies or credit card companies) with access to data-sets seeded with unique identifiers, such as Aadhaar, can link databases without due notice or consent and use it nefariously

Way forward

  1. Attacking only Aadhaar for the larger privacy risk of database linking is not based on a practical understanding of how linking works
  2. If Aadhaar ceased to exist, the threat of database linking using unique identifiers will endure, albeit with higher difficulty
  3. There is need for a strong data privacy law and regulator to curb and manage database-linking practices
Notify of
Inline Feedbacks
View all comments