Issue

Context

• The Lok Sabha recently passed the Aadhaar and Other Laws (Amendment) Bill, 2019, allowing voluntary use of Aadhaar as an identity proof for opening bank accounts and procuring mobile phone connections.
• While Aadhaar has provided a single identity platform to reap all sorts of benefits, it has not escaped its fair share of criticism.

Background:

• The Aadhaar card discloses the holder's name, father’s name, date of birth, residential address. This implies that the Aadhaar platform does not reveal any information related to holder's medical records, caste, religion or community.
• Legally speaking, Aadhaar is voluntary and informed consent of the biometric identity holder had to be obtained before it is used.
• States has been using Aadhaar as an enabler for providing deserving section of the society their "right to food, right to livelihood, right to receive pension and other social assistance benefits".

The Unique Identification Authority of India (UIDAI)

• It is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act 2016”).
• UIDAI was created with the objective to issue Unique Identification numbers (UID), named as "Aadhaar", to all residents of India.

Under the Aadhaar Act 2016, UIDAI is responsible for :

• Aadhaar enrolment and authentication, including operation and management of all stages of Aadhaar life cycle.
• Developing the policy, procedure and system for issuing Aadhaar numbers to individuals
• Perform authentication
• To ensure the security of identity information and authentication records of individuals.
• UIDAI does not have information about bank accounts, shares, mutual funds, financial and property details, health records, family, caste, religion, education, etc.
• Aadhaar is only for residents of India. NRIs are not eligible to get Aadhaar.
• If any government official of a department denies the benefits or services for lack of Aadhaar or failure of verification for technical reasons contrary to the relevant notification, a complaint should be lodged against the higher authorities of those departments for such unlawful denials.

Analysis

With respect to Aadhaar analysis, there are multiple angles to cover.

SC's Aadhaarverdict  - Privacy vs. Identity

• In its 2018 judgment, the Supreme Court noted that Aadhaar does not create surveillance state.
• There needs to be balancing of two competing fundamental rights, right to privacy on the one hand and right to food, shelter and employment on the other hand. If one looks closely, both the rights are founded on human dignity.
• However, there are chances that use of Aadhaar numbers, under Section 57, will lead to commercial exploitation of the personal data of individuals without consent and could also lead to individual profiling.

What rationale did the Supreme Court weighed in while nullifying Privacy infringement claims?

• An individual while interacting with society reveals information, like name, age, date of birth and residential address, which is also sought under Aadhaar.
• Therefore, there can be "no reasonable expectation of privacy" in giving such data.

Aadhaar and Security concerns:

• Recently, the controversy around Aadhaar and security concerns, captured centre stage after a French security researcher pointed the flaws in the mAadhaar app that is available on the Google Play Store.
• In 2017, an IIT graduate was arrested for illegally accessing the Aadhaar database without authorization.
• He created an app called ‘AadhaareKYC’ by hacking into the servers related to an ‘e-Hospital system’ that was created under the Digital India initiative. The eKYC app would then route all the requests through those servers.
• Centre for Internet and Society (CIS) pointed out that about 130 million Aadhar numbers along with other sensitive data were available on the internet.
• The reason for the data leak was narrowed down to four government-run schemes ranging from National Social Assistance Programme by the Ministry of Rural Development, the National Rural Employment Guarantee Act (NREGA), also by the Ministry of Rural Development, Daily Online Payment Reports under NREGA by the government of Andhra Pradesh and the Chandranna Bima Scheme, also by the government of Andhra Pradesh.

Misuse of Aadhaar

• A report from a year ago demonstrated that several parties illegally tried to store the biometric data and conduct multiple transactions using the same fingerprint. UIDAI detected the problem when it found multiple transactions done using the same fingerprint.
• UIDAI suspended the eKYC license of Bharti Airtel and Airtel Payments Bank after they violated the Aadhaar Act which barred the company from opening bank accounts of their customers without undertaking any informed consent from them.

Aadhaar ID provides dignity to marginalized

• Aadhaar has benefited a common person in innumerable ways. Foremost is with a credible identity.
• They are using Aadhaar to prove their identity to get jobs, open bank accounts, for rail travel, and to get various entitlements & government benefits directly into their bank accounts without middlemen.

Aadhar and private entities

• In September 2018, the five-judge Constitution Bench of the Supreme Court stated that private entities, like telecom companies, banks and payment service providers cannot demand Aadhaar data from their customer. These entities cannot store Aadhaar related data of their customers.

Data Localization and the Aadhaar platform:

• Data localization laws refer to regulations that dictate how data on a nation’s citizens is collected, processed and stored inside the country.
• Currently, the only mandatory rule on data localization in India is by the Reserve Bank of India for payment systems.
• Other than this, there are only reports or drafts of bills that are yet to be signed into law.

Analysis of the current Aadhaar bill passed in the Lok Sabha

Pros:

• The bill would enable the UIDAI to have a more robust mechanism to serve public interest and act as a deterrent against the misuse of Aadhaar.
• No individual shall be compelled to provide proof of possession of Aadhaar number for the purpose of establishing his identity, unless it was so provided by a law made by the Parliament.
• The bill allows the use of the 12-digit Aadhaar number and its alternative virtual identity to conceal the actual Aadhaar number of an individual.
• The Bill also provides the option to the children, who are Aadhaar number holders, to cancel it on attaining adult age.

Cons:

• The bill provides legal backing for voluntary seeding of biometric Aadhaar ID with mobile numbers and bank accounts. Concerns over breach of privacy have not been properly addressed.

Data collection and Sri Krishna Committee and its relevance with Aadhaar

• The Srikrishna Committee has suggested certain amendments in Aadhaar Act.
• It has suggested amendments to the Aadhaar Act to provide for imposition of penalties on data fiduciaries and compensations to data principals for violations of the data protection law.
• The report has proposed penalties for violations, criminal proceedings, setting up of a data authority, provision of withdrawal of consent and concept of consent fatigue.
• The report suggests amendments to the Aadhaar Act from a data protection perspective.

Way forward: The Future Of  Aadhaar

• There’s no escaping Aadhaar- it is now mandatory for filing tax returns and availing government subsidies.
• The Aadhaar Act and its regulations will need to be amended to account for the apex court's conclusions with respect to private entities and data privacy norms.

Aadhaar's effectiveness has been realized on the following doctrines:

• One, a range of possible alternatives to the measure employed by the government must be identified.
• Two, the effectiveness of these measures must be determined individually.
• Three, the impact of the respective measures on the right at stake must be determined.
• Four, an overall judgment must be made as to whether in light of the findings of the previous steps; there exists an alternative which is preferable.
• For a vast and varied demography like India, Aadhaar is a necessary platform. It cannot be wished away.
• What is required is to diligently iron out hurdles and keep it clean from all sorts of identity or breach mess.

Learning Aid