Supreme Court’s affirmation on Right to Privacy
- On the 24th of August, a nine-judge bench of the Supreme Court delivered its verdict in Justice K.S. Puttaswamy vs Union of India.
- Supreme Court unanimously affirmed that the right to privacy is a fundamental right under the Indian Constitution.
- In this context, it becomes essential to analyze the The Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016 and its provisions.
Three Different Types of Private Information as per the Aadhar Act:
The Biometric Information:-
- They are biometric information, identity information and personal information.
- The first two types of information namely biometric and identity information find a place amongst the definition of terms in the Aadhar Act.
- The Biometric information essentially refers to photograph, fingerprints and iris scan.
- But the state can extend the Biometric information to other biological attributes of an individual specified by the UIDAI.(Unique Identification Authority of India)
- Even UIDAI can modify the core biometric information at its own discretion.
- The strongest safeguards in the Act relate to core biometric information.
The Identity Information:-
- The identity information includes a person’s aadhar number.
Not only does that include Aadhar number alone but also the demographic characteristics that are collected at the time of Aadhaar enrolment.
- That part of the CIDR (Central Identity Data Repository), where identity information is stored, is supposed to be inaccessible except for the purpose of biometric authentication.
The Personal Information:-
- This must be understood in a broader sense.
- Personal information not only identity information but also other information about a person.
- The Personal Information is the biggest threat to privacy.
Concerns in the current shape of Aadhar Act:-
- There is a view that in practice the Biometric database can be hacked in future which the UIDAI is mandated to prevent.
- Even though the Aadhar Act protects your identity information there are far greater concerns.
- Because, the Aadhaar Act puts in place a framework to share identity information with requesting entities.
The Changing Shape of Section 8 of the Aadhar Act:-
- The core of this identity sharing framework lies in Section 8 of the Act, which deals with authentication.
- Section 8 includes safeguards against possible misuse of identity information.
A requesting entity is supposed to use identity information only with your consent, and only for the purpose mentioned in the consent statement.
- But the Terms and Conditions which are relegated to the footer, is ignored by the user and instant consent is given through a simple tick/click.
- The authentication under Section 8 began with a simplistic Yes/No response to a query initially.
- But in the final version of the act authentication also involves a possible sharing of identity information with the requesting entity.
Data harvesting as a business opportunity:-
- Section 8 has something to do with a growing realization of the business opportunities associated with Aadhaar-enabled data harvesting.
- When you go through Aadhaar-based biometric authentication to buy any service, the company typically gains access to your demographic characteristics from the CIDR.
- Reliance Jio is in possession of identity information for more than 100 million Indians, harvested from the CIDR when they authenticate themselves to buy a Jio SIM card.
Exception on the ground of National Security:-
- Another shortcoming observed in the Aadhar act is that it includes a blanket exemption from the safeguards applicable to bio- metric and identity information on “national security” grounds.
- The term national security has wider connotations.
- This makes identitity information accessible to the government without major restrictions.
- The proliferation and possible misuse of identity information is only one of the privacy concerns of Aadhar.
Potential Invasions of Privacy:-
- But Aadhaar is a tool of unprecedented power for mining and collating personal information.
- This potential invasion of Privacy has no or few safeguards in the act.
- For instance, if the government makes it mandatory to link Aadhar with your sim card, then it can not only access your call records but also link it with other records to extract information about anyone.
- Thus Aadhar is a tool which can hasten the mining of personal information.
Many state governments, under the State Resident Data Hub Project, have been ushering in Aadhar.
- This project aims to integrate all the departmental databases and links them with Aadhaar number.
- This will make easier for surveillance as well as data mining when the information is shared with private entitites.
- Aadhaar’s fundamental power as a tool for mining personal information is bound to be hard to restrain.
- Combined with exceptions such as Section 8 on the basis of National Security as well as the project of State Residential Data Hub, Aadhar seems to an antithesis for Privacy.
- Hence there is an urgent need to reconsider the fundamentals of the Aadhar act in the light of the Supreme Court judgement on the Right to privacy.
Source: “THE HINDU – Editorial(09/09/2017)”