It is not often that the Supreme Court has to make the same observation twice - but it has had to do so in the case of Aadhaar, asking the government to immediately withdraw all notifications making it mandatory to have an Aadhaar card to claim social security benefits. In the process, the Bharatiya Janata Party has turned full circle. It began by opposing the Aadhaar legislation when it was introduced by the previous government; but, on coming to power, appears to have removed all stops in using the identification tool after it was firmly endorsed by Prime Minister Narendra Modi. It is important to retain a balanced approach. Biometric tools, which are used by Aadhaar, are very useful in determining identity so as to eliminate the chances of impersonation and creation of fictitious identities in making social security payments. But it is necessary to proceed with a full understanding of what Aadhaar can and cannot do to ensure that adequate safeguards are in place to prevent misuse.
Unfortunately, an adequate law to protect privacy is still not in place despite being in the works for five years. In the absence of the latter, a centralised biometric database of citizens could theoretically be misused. The risk of this is highlighted by two developments. First, the apex court has also simultaneously stayed an order by a Goa court asking the Unique Identification Authority of India (UIDAI) that maintains the Aadhaar database to share information sought by the Central Bureau of Investigation to investigate a case of child rape. The UIDAI's fear is that if such a request is allowed, there can be a flood of similar requests from various state agencies. Sharing personal data, obtained from citizens for civilian use, without their permission would breach their fundamental rights. Second, the Union home ministry wants the country's intelligence agencies to be left out of the purview of the proposed privacy law. While biometrics can be used to get at criminals, it can also be misused to go after political dissenters.
The shape the law should take has been well-outlined to the government by a committee, headed by the respected former judge of the Delhi High Court, A P Shah, as early as in 2012. It should be technologically neutral, so that it protects data irrespective of the way it is stored, be it on paper or digitally. It should protect all types of privacy - bodily information like those relating to DNA, protection against unauthorised surveillance in whichever form and protection of big data from commercial misuse. The safeguards should cover both official and private entities, and there should be a privacy commissioner at both the central and regional levels. Industry should set up self-regulatory organisations, which should develop a baseline framework that is approved by the commissioner. If a privacy law framed along these lines is passed, then it will only add to Aadhaar's legitimacy and help in realising its full potential.
