×
Consulting Litigation Representation Sectors About us Showcase Resource Careers Contact
×
Taxation Corporate & Commercial Pre Litigation Strategic Business & Transaction Investment and Debt International Trade & Alliances IT & Cyber Laws Policy & Regulations Intellectual Property Rights Trade Law Business Formation & Management Defamation & Reputation Management Public Sector, Govt and Non-Govt Organizations India Entry
×
Dispute Resolution Recoveries Tax Disputes Consumer Disputes Product Liability Litigation Real Estate Disputes Economics Offences Intellectual Property Disputes
×
Who we are What we do Our Approach Our Team
×
Events Gallery News Accolades
×
Blog Newsletter Article

Privacy aspects of Aadhaar

Overview

The intent of Aadhar initially with which it was brought, was to eliminate corruption and fraud, tackle black marketing and remove middle-men from the system and bring the financial assistance and social welfare schemes close to the people. The Unique Identification number has been linked to public welfare schemes like the Annapurna Scheme, Antayodaya Scheme, MGNREGA was initially a part of Direct Benefit Transfer (DBT) schemes. The subsidies and wages were to be transferred directly to the beneficiary’s bank account which would be Aadhar-linked.

There will be a confirmation from the UID authority regarding the Aadhaar number of citizens, if such a request has been made then a requesting entity (an agency or person who wants to validate information of a person) has to be attained with consent of every individual before gathering such information. The agency can utilize the related information only for reasons for which a citizen has given consent for. The authority is supposed to counter an authentication query with a positive, negative or other appropriate response.  However, it is not allowed to share person’s finger print, iris scan and other biological attributes.

The authority shall keep the information regarding the entity requesting authentication of a person’s identity, the time of request and report received by the entity.  The purpose for which an individual’s identity needs to be verified will not be maintained. It is being felt that Aadhaar in its current form is a major threat to the fundamental right to privacy. Under Article 21 the right to privacy is protected as an essential part of the right to life and personal liberty and it is a part of the freedoms guaranteed under Part III of the Constitution. Privacy also connotes the right to be left alone, without surveillance and interference. It safeguards an individual’s autonomy and entails one’s desire and ability of the individual to control essential facets of his/her life.

Aadhaar was brought as being optional for citizen at first and it was suppose to be linked with a few government subsidies, which would be connected with subsidised supplies like ration, food, LPG etc. It was predominantly focused for those who desired to take support i.e. the villagers who did not have any official form of credentials, and they therefore were not able to even open their bank accounts nor did they have access to welfare programs.

At present, Aadhaar has spread its wings and has gathered the space beyond its original purpose and its application is now a data-driven development to a number of government and private-sector services. Aadhaar is now being associated with a large number of activities. This has led to it becoming a inevitable part of every citizen, without which survival is impossible.

It is encompassing almost all interfaces the citizen have with the government, like, filing taxes, opening bank accounts, receiving lunch in schools, purchasing railway tickets online, universal health-care coverage, getting benefitted from a number of welfare schemes etc. This increased ambit of usage of Aadhaar has also raised many privacy concerns.

Available Information

The Aadhaar Act 2016 puts in place a framework for sharing most of the Central Identities Data Repository (CIDR) informatiozn. The information which is involved in this is as follows-

  • Biometric information Section 2 (g) “biometric information” means photograph, finger print, Iris scan, or such other biological attributes of an individual as may be specified by regulations;
  • Identity informationSection 2 (n) “identity information” in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information. It has a wider scope such as name, address, date of birth, phone number, and so on.
  • Personal information has not been mentioned in the Act. It is not only the identity information but also other information about a person, for instance where one travels, whom one talks to on the phone, how much one earns, what one buys, everything can be accessed. Such information is the risk associated with Aadhaar.

Personal Details being Shared

The Aadhaar Act, 2016 puts forward a structure as per which the information can be shared with the requesting entities. The heart of this framework lies in Section 8 of the Act, which specifically deals with authentication.  In the initial design, the authentication contemplated involved mere Yes/No response to a query so as to check if a person’s Aadhaar number matches his/her fingerprints or other biometric or demographic attributes. However, in the final version. authentication also involves a possible sharing of identity information with the requesting entity. When biometric information is used to access a service via Aadhaar, such as purchasing a new cell phone, the service provider receives that person’s demographic data and the government receives the metadata—specifically, the place and time of every transaction, the outline of identification used, and the company or person with whom the transaction was carried out. Such information can lead to coverage of a rough but intimate image of a person’s life, and raises concerns in relation to possible government surveillance and private-sector abuse.

There are some safeguards against possible misuse of identity information which is mentioned in Section 8 itself. An authority is supposed to use identity and information only with one’s consent, and the purpose is to be mentioned in the consent statement itself. But, as is usual with such terms and conditions, it is difficult for a person to read the fine print of such terms before giving such consent.

Threat to Personal Information

Already there are a number of cases in which public agencies have published full names, addresses, along with the Aadhaar numbers of welfare beneficiaries. There are approximately 120 million users of Aadhaar who have information which appears to be leaked from the renowned telecommunications companies. The Aadhaar information and Bank account details have been found to be disclosed through certain public portals of government; e-hospital facility a government database hacked for getting access to classified information of Aadhaar.  The collection and abuse of identity information is a major privacy concern which is related with Aadhaar, and perhaps not the only concern. There lies a bigger threat, as Aadhaar can be used as an instrument of unmatched power for mining and pooling sensitive personal information.

Suppose, if Aadhaar is made mandatory for SIM cards, the government will have access to your lifetime call records, and it will also be able to link your call records with your travel records. The chain, of course, can be extended to other Aadhaar-enabled databases accessible to the government — school records, income-tax records, pension records, and so on. Aadhaar enables the government to collect and collate all this personal information with virtually no restrictions.

Way forward for the government

Government should provide citizens with the technology and systems which could protect their personal data. It should also put in place checks and balances to thwart unauthorized or illegitimate exposure or access of such sensitive data. The government should further recognize all possible dimensions associated with the right to privacy and tackle all sorts of apprehensions about data safety and protection from any sort of unauthorised interception, surveillance, hacking, misuse of such data and bodily privacy. The authorities having access to such data should be made accountable for the unauthorized usage of such data. There has to be certain way to tackle these challenges. This would be possible by using administrative and data management protocols and technology in a positive manner.