Nandan Nilekani, the founding chairman of the Unique Identity Development Authority of India (UIDAI), has once again raised concerns about the security of the data collected in the Aadhaar database. While underlining that the Aadhaar system had not yet been hacked, Mr Nilekani said security would be a big concern in the future. The Infosys co-founder was speaking against the backdrop of the UIDAI lodging a complaint against an IIT-Kharagpur engineer and his start-up for developing an app and illegally accessing the Aadhaar database. One of the key reasons why many academics and civil liberties activists have been resisting the enrolment of Aadhaar is the lack of data security and privacy protection. With each episode of Aadhaar data being leaked, such concerns are heightened.
The government, however, has been aggressively pushing for Aadhaar as the identity establisher. Apart from making it mandatory for a whole host of welfare schemes where the government spends the bulk of its subsidy allocations, it has also argued for Aadhaar to be used for a wide variety of other public services and regulations, from driving licences to mobile phones to death certificates. What gives this push legitimacy is the saturation coverage of Aadhaar: 99 per cent of Indians above the age of 18 have been enrolled and as of June end, over 1.15 billion Indians had an Aadhaar.
These concerns about the security of Aadhaar data are growing by the day as India does not have any law to protect such data. In fact, the government is fighting a massive judicial battle with the civil society to ascertain whether or not Indians have a “fundamental” right to privacy. A nine-judge Bench of the Supreme Court is likely to decide on the matter soon. However, regardless of whether it is a “fundamental” right or not, India will, in any case, need a law to protect data. That is because Aadhaar is not the only set of personal data that is being generated at present. With digital devices becoming ubiquitous, there is a genuine fear of data colonisation. Mr Nilekani also talked about his apprehensions about the consolidation of user data with just a few digital aggregators and how this could put the country under a new model of colonisation. He argued for a new privacy policy that provided users control over their data. This makes sense as instead of data being sold to the user, who is actually creating the data, the person should be empowered to decide what to do with the data — a concern that has forced regulators in Europe to draft new privacy laws. Currently, there is nothing that users know regarding what is happening to their data and this information needs to be given back to the people, a point the telecom regulator also raised about Apple earlier this week.
There are at least two reasons why policymakers should heed Mr Nilekani’s warning and take a strategic position on data colonisation and privacy. One, in the absence of a legal framework, it might be unclear how the aggrieved will be compensated, or the guilty punished, in case data theft does take place. Two, while it might be true that the Aadhaar system has not been hacked, technology is forever evolving and there are no guarantees — as the IIT engineer showed — that things will not change quickly in the future.
To read the full story, Subscribe Now at just Rs 249 a month