Protecting the right to privacy: Why Aadhar needs to get Parliament sanction first

“It is well established, that in the absence of a specific statutory provision empowering a specified authority to take finger prints or measurements or to compel a person to furnish a specimen signature, the use of force for any of these purposes would prima facie amount to a civil wrong.”

In short, while there is a statutory provision when it comes to dealing even with convicts, there is none for the government’s biometrics-based Aadhar unique identity project.

This is important in the light of the government seeking a modification of the Supreme Court’s orders on Aadhaar, seeking to make it mandatory for the public distribution system and liquefied petroleum gas subsidy benefits. While this seems like a reasonable request and plays to the widely held belief (including mine) that subsidies must be directly targeted, there are a number of questions about Aadhaar that still elude answers.

The central question, therefore, is: Do the ends justify the means, especially when individual rights are involved?

No legislative or legal basis

Based on an idea mooted by the Vajpayee government for a national identification card, Aadhaar is a large database of biometric and other details of millions of people, but it lacks any legislative or legal basis.

This is an important issue because holders of data need to be legally responsible for the data that they collect and hold on behalf of the data givers.  The lack of legislative scrutiny and therefore legislative sanction for this project is troubling. There are no legal obligations on the Unique Identification Authority of India on the use of this data, either in terms of its integrity or for protecting the citizen parting with sensitive data.

The project has been very successfully positioned and presented as a great technological and transformational tool. This spin has been helped along by the absence of any detailed scrutiny or debate in Parliament or otherwise. Which is why questions such as why the scheme funded by the tax-payers is also available to non-citizens and why it would permit non-citizens to avail subsidies and benefits are yet to be answered. Why there are so many fraudulent and fake entries in the Aadhaar database is a question that has also successfully evaded a legitimate answer.

The right to privacy

The lack of a legislation guaranteeing the right to privacy in India also becomes a factor to consider.

Maintaining biometric data of more than 100 crore Indians without any legal obligation to maintain privacy is by far the most compelling argument against Aadhaar. In a post-Snowden world, how can something as contentious as Aadhaar, be allowed to take roots without even as much as a parliamentary discussion?

Aadhaar has been controversial since its very inception. When mooted, the scheme was resisted by the home ministry because authentication data by UIDAI does not satisfy security criteria. The home ministry even refused to use this data for the National Population Register because statutory processes had not been followed in collecting demographic and biometric data.

The methods and processes of data collection and storage for the project may have received severe criticism but they have not received enough scrutiny.  In a recently written article I had detailed how the UIDAI has enlisted the services of several private subcontractors, including those that aren’t Indian or subject to Indian law for data collation, which exacerbates the threat to privacy.

Unless and until there is a comprehensive legislation on privacy there is no reason for Indian citizens to place their faith in the good intentions of vendors with no particular affiliation to our laws. The Central Identities Data Repository, under the UIDAI, is a centralised database – that is, all demographic and biometric data is stored as one database. This, in the absence of a data protection legislation, is a ticking time bomb. The ramifications of central databases on the privacy of citizens are potent.

The debate on the right to Privacy is only gaining in strength and momentum globally. Earlier this week, the European Court of Justice deemed that the United States Safe Harbour mechanism, which facilitates the transfer of personal data from the European Union to servers hosted in the USA, was inadequate, and held that user data generated in the EU will have to be governed by EU laws for data protection. This now puts the ball in the USA’s court, as they will have to match the EU standards for privacy.

As India inches towards Digital India, it is imperative that we too create a robust privacy and data protection architecture. In a post-Snowden world, it would be unwise for us to ignore this.

Brushing aside the issue of privacy is objectionable as the government is not entitled to enforce any condition which in effect deprives a citizen of another guaranteed right under the Constitution. This  “Doctrine of Unconstitutional Conditions” emerges from American Case Laws and was also adopted in India through a nine judge bench decision of the Supreme Court in Ahmedabad St. Xavier’s College Society Vs.  State of Gujarat (1974) 1 SCC 717, which stated:

“The doctrine of “unconstitutional condition” means any stipulation imposed upon the grant of a governmental privilege which in effect requires the recipient of the privilege to relinquish some constitutional right.”

Part of the solution?

The need to reform delivery mechanism for subsides and benefits is undoubtedly justifiable and the government has already spent almost Rs 10,000 crore on the project in which 90 crore Indians are estimated to have enrolled. For good or bad, therefore, it seems that the government has made up its mind that Aadhaar has to be used as part of the solution.

Which is what perhaps explains petitions by government agencies in Supreme Court, including the bizarre one by telecom regulator Telecom Regulatory Authority of India that terrorists will get mobile phone connections if Aadhar is not made mandatory. By referring it to the constitutional bench dealing with question of right to privacy, the apex court has done the right thing.

It is not unusual in our country for spin and hype to create a foggy haze over real issues and that probably seems to be the case here as well. But the growing clamour for privacy rights is piercing through this haze.

This means that legitimate questions about non-citizens and Aadhaar, privacy and data integrity need answers. How can, for instance, a tool purporting to improve delivery of benefits be plagued with many instances of fake entries?

The government needs to finally bring a bill in Parliament and start a long overdue debate on the subject and get the legislative sanction that such a project needs.

If Aadhar is to be effectively used to transform benefits and subsidy delivery, its various gaping flaws need to be fixed and plugged. It is imperative that the means to the ends be as justifiable as the ends themselves.