That’s what the Aadhaar Act is. It was rightly categorised as a money bill and is wrongly expected to double up as a privacy statute
With the billionth Aadhaar number being issued, the Aadhaar project is well on its way to becoming the centrepiece for governance in India irrespective of which government is in power. To that extent, critical engagement with the Aadhaar act is an essential exercise in a free and democratic polity. But much of this engagement, including on these pages, leads one to believe that the Aadhaar act puts an official imprimatur on a mass surveillance tool violating fundamental rights, hammered through Parliament by a brute majority. The reality, though equally momentous, is nonetheless distinct — Aadhaar is the last chance for an effective welfare state to take root in India. Subversion of this goal for nefarious ends is not only deleterious for citizens but for the state itself.
This realisation is hard-wired in the Aadhaar act and reflected in its rightful categorisation as a money bill. At its core, the Aadhaar act creates a mechanism for unique identification of individuals in order to deliver subsidies, services and benefits from the Consolidated Fund of India alone. The procedures to be followed in such identification, the establishment of the UIDAI to carry out these statutory functions, its funding, its own processes pertaining to data protection and ensuring their compliance through appropriate offences are all incidental and necessary to achieve the sole statutory purpose.
The fact that the act gives the state vast powers and has a potential impact on rights is no reason not to characterise it as a money bill. The archetypal money bills — taxation acts — not only affect fundamental freedoms of individuals, to do business, to eat out, or even more fundamentally to live as free citizens in India itself, but also form the basis for the modern state to perform its functions. Seen in this light, the money bill issue is a red herring. However its characterisation has had one entirely positive outcome. The spirited debate on the Aadhaar act in the Rajya Sabha was the first time in a long time that the Upper House performed its envisaged function of checking and balancing government through sober legislative debate. Statistics indicate that disruptions in the Rajya Sabha in the last two years have been significantly higher than in the Lok Sabha. For a House of Elders established by the founding fathers to “hold dignified debates” this is simply unacceptable. That a money bill was required to put the Rajya Sabha back on track is a timely reminder that if disruptions are going to be the norm, the Constitution isn’t short on remedies.
Unlike the money bill issue, a more genuine concern is around privacy of citizens and how the Aadhaar architecture affects it. First, it is imperative to recognise that the Aadhaar act is not and cannot be expected to double up as a privacy statute for India. How government databases use Aadhaar and their security arrangements must be considered as a distinct question, and one that is not within the remit of the Aadhaar act to answer.
The relevant privacy question is how far the act goes in ensuring the protection of information that the UIDAI possesses in order to ensure effective service delivery. That data, contrary to much of what detractors posit, is limited by the act to basic demographic and biometric information. The Aadhaar database is no panopticon with the capacity to profile individuals by storing information like passport details, PAN card information, etc. This is an intentional design choice.
Further, among the types of data the UIDAI possesses, the act is categorical in its assertion that core biometric information shall not be shared for any purpose, including for national security. For demographic data that is shareable, it has strong safeguards. It can only be used for the purposes that the individual consents to and only with such persons as is indicated beforehand; the individual has the right to access his information, update and correct it. All of these will require new regulations, revised enrolment forms and fresh authentication protocols. These hardly seem to be manifestations of a government that simply wants to steamroller privacy concerns.
Some of the most strident criticism of the act has unfortunately glossed over these important safeguards. They are largely symptomatic of an accountability discourse in India that performs a vital public function, but has demands incommensurate to the authority that the power-wielder possesses. The state, through Aadhaar’s federated and minimalist database, simply does not have the ability to play Big Brother. While, of course, one must remain vigilant and continue to hold the state accountable, that cannot come through fear-mongering at the cost of public reason.
A salutary aspect of such vigilance has been to point out that there is very little accountability for data handling in the Aadhaar act. This is a valid observation and the UIDAI must use its regulatory powers under Section 23 to set up a robust grievance redressal mechanism, including an ombudsman, to adequately bolster its accountability quotient.
Doing so is necessary not just to protect privacy but also to underline the seriousness of the state in delivering services to vast sections of the population that are identity-less and excluded. Aadhaar represents a prototype of a new welfare state — smarter, responsive and oriented towards improving material lives while being respectful of rights. Its failure, either owing to civil society activism or wanton future subversion for surveillance purposes, might be the final straw for a state machinery on the brink of irredeemable discredit.