With the government’s push for the digitalisation and reformation, various new issues came into light. One such was regarding privacy and data protection with respect to Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016 which aims to provide legal back-up to the Aadhaar unique identification number. It was passed by mislabeling as money bill to avoid public consultation about the privacy safeguards necessary for such database. This pervasive database links directly to the multiple other databases containing our personal information creating a suspicion and a topic of debate among the people of India.
Earlier, government tried to make the Aadhaar mandatory under Section 7 of the Act, making it necessary for “receipt of certain subsidies, benefits and services”. A writ petition was filed by Justice K.S. Puttaswamy (retd.) in the Supreme Court of India stating that the aadhaar project was not backed by any legislation and it was also infringing the ‘right to privacy’ of the citizens of India. Thus should not be made mandatory. The Supreme Court stated that the aadhaar could not be made mandatory due to obvious reasons of privacy and data protection over the collection of personal information on this scale.
Though, there are few provisions in this Bill that seem to address the concern, including one that prohibits any official from revealing information in the data repository to anyone. But, the exceptions are the once which are causing discomfort.
- Section 29(4), by which no Aadhaar number or bio-metric information will be made public “except for the purposes as may be specified by regulations”. Aadhaar will give the ability to link different databases bio-metrically. To protect privacy, each such database will be needed additional security and safeguards for the people. Linking databases should need consent from multiple key-holders and subjected to the legislative oversight and judicial redress.
- The next question is that should the determination of this be left entirely to the bureaucrats and executives of our government? Section (33), under which the inbuilt confidentiality clause is talked about will not stand when it concerns national security. The term “national security” in itself is much wider concept than public emergency or public safety, the traditional grounds on which the state got tapping authority. But, the most important point is that there is no effective independent, credible mechanism for holding accountable to those who will be making determinations on this given exception of the Aadhaar Act. Further, certain clauses in the Act could harm personal freedom as it gives “sweeping powers” to the government on the grounds of national security. Still, it is unclear as to how much power the Aadhaar authorities will have when it comes to data collection.
Also, the tender for the Aadhaar card was won by HCL Info system ltd. which is a private company, which within the meaning of Art. 12 is not a ‘state’. Thus, there is no guarantee given by the government that our personal data is safe in the hands of the private parties recruited for this purposes and that it will not be misused.
The former UN High Commissioner for Human Rights Navi Pillay published her detailed report on ‘The Right to Privacy in the Digital Age’ in July 2014. Ms. Pillay’s report clearly stated that internal procedural safeguards without independent external monitoring are inadequate for the protection of rights of the people. This means that the system by which a Joint Secretary issues orders that are reviewed by three Secretaries is not acceptable. Ms. Pillay’s report said that effective protection of the law can only be achieved if all the branches of government as well as an independent civilian oversight agency are built into the procedural safeguards. The new Aadhaar legislation removed the independent oversight committee that was meant to monitor the operation of Aadhaar. Both its systems for access to Aadhaar data involve only one branch of government each making it open for the misuse of the data collection.
The problems with enforcement of remedies is another area of concern i.e. only the UIDAI can make complaints for the offences contained under the Aadhaar Act. It takes away the Aadhaar user’s right to a criminal remedy. The penal provisions under the IT Act and the IPC can be invoked by individuals. But, such an assertion must consider the absence of any notification mechanism in the Act. The Aadhaar user will never be informed when a crime relating to their data occurs or will never have the particulars necessary to lodge a criminal complaint.
It is necessary to take every possible precaution and safeguard to commence with such an immense database. It is also necessary to ensure that whoever creates a hazard by leaking the information takes full responsibility for the ill-effects of it. The government should also provide internal procedural safeguards with the independent external monitoring for the protection of rights as per Pillay’s report. Also, known and accessible remedies need to be made clear and available to those whose privacy has been violated. The remedies are supposed to consist thorough and impartial investigation and the option of criminal prosecution for gross violation of the right.
The Aadhaar Act excludes courts from taking any cognisance of offences under the legislation. This part of the Act undermines all the safeguards that do exist within it, since citizens cannot access these safeguards without any co-operation from the authority, which can be prejudicial to its (authority) own interest. Hence, it is necessary to revisit this provision and provide the necessary changes.
A digitally improved infrastructure is a much needed element for sustained growth and development, especially in a country like India which is developing at a steady rate. But, surely this cannot come at the cost of individual’s right to privacy. It must be understood by the Modi government which is pushing so hard for digital reforms in the country, ignoring the various concerns arising out of it.
Author: Sakshi Rastogi, Researcher (The Analysis)
(Sakshi is pursuing law from University of Petroleum and Energy Studies, Dehradun.)