Emerging fault lines in data protection
Although Aadhaar is thought to be the world’s biggest biometric database, there is no data protection Act in India
British writer and journalist George Orwell in his Dystopian classic Nineteen Eighty Four coined the phrase Big Brother. But when 1984 did come around, Britain saw the enactment of a surprisingly benign data protection law, which sought to limit the harmful collection of data on individuals, including data about racial, political, religious, psychological and sexual characteristics.
One of the leading British campaigners for data protection at the time was journalist Duncan Campbell, a security expert, who was dissatisfied with the 1984 Act and argued: “What suspicion about your sexual life, family relations or friends may have been put in a databank by government investigators who are checking your entitlement to government benefits?”
Across the Atlantic, too, a similar debate had been raging since the 1970s. In both the US and UK, this debate was fuelled by reports of increasing government surveillance as well as the involvement of private contractors.
In 2007, the Office of the Director of National Intelligence in the US indicated that more than 37,000 private contractors worked for the federal government on covert operations and security matters, according to We Know All About You: The Story of Surveillance in Britain and America by historian Rhodri Jeffreys-Jones.
And now, the debate has reached India, not surprisingly, just as the nation showcases a technological revolution that traces its most recent history to the growth of the software industry and telecoms and looks to step into a bold near-future of Artificial Intelligence.
With technology at its heart, the Indian debate broadly follows the contours of those in the West. It began with governments articulating the need to plug gaps in the welfare system (subsidies meant to benefit the poorest). This, in turn, was sought to be linked to the problem of illegal immigration and, now, terrorism.
Proposed during the Congress-led United Progressive Alliance (UPA) government, the Indian scheme was rolled out in 2016 by the Bharatiya Janata Party-led National Democratic Alliance government.
Enshrined as an Act, it allows every India to have a unique identity number. The aim of the law is clear, describing the Aadhaar (Targeted Delivery of Financial, and Other Subsidies, Benefits and Services) Act 2016 as: “An Act to provide for, as good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals and for matters connected therewith or incidental thereto.”
But privacy campaigners are worried about attempts to link this 12-digit unique identity number with other areas, such as banks accounts, mobile phone numbers and income tax. And some developments have been seen as plain unfair—such as some schools asking for the Aadhaar number to provide free school lunches to poor children.
Then there is the matter of privacy, marking the final Indian echo of the debate in the US and UK after the Supreme Court last year ruled the right to privacy as “intrinsic to life and liberty”.
Also giving the privacy campaign a boost was an expose by The Tribune newspaper, published earlier this year, that claimed that its reporter had managed to get access to details of all 1.3 billion unique identity numbers from a private operator for a tiny payment.
The government’s defence essentially has been that it has saved tens of thousands of crores of rupees by plugging subsidy loopholes, that the scheme is too big and expensive to be allowed to fail, and that privacy is not an absolute right. A series of more than 20 legal challenges in various courts have ended up with the Supreme Court, and a Constitution bench is set to rule on the matter by 31 March.
The involvement of private operators—essentially neighbourhood shacks—in Aadhaar card enrolment and updating services has been particularly controversial.
There’s one in my neighbourhood in south Delhi whose owner says he gets around 60-to-70 applicants every day, and that he charges them between Rs100 and Rs300 per job. He has a staff of two, dealing with requests that can range from registering Aadhaar cards, to linking Aadhaar with another service, to updating a card holder’s address, name or other details. Nine out of 10 people who begin gathering at the shop at 8am every day appear to be poor—many are immigrants in Delhi.
“I do this as a service,” he told me. There was one case that I am familiar with where updating a simple home address took four attempts over a month. On the first three occasions, the request was rejected for “technical reasons” that were not specified. After the third, the shop owner told the applicant to directly call up the UIDAI helpline, adding, “This time it will come through—110%.” The man answering the phone at the UIDAI helpline explained: “Your biometrics do not match.”
Indeed, the fourth attempt was successful. Many of these shops have now been ordered closed by the central government to give citizens added protection.
One change that is a direct result of the controversy and publicity around Aadhaar is that India, never a very privacy-conscious nation (mobile numbers are freely asked for and shared), has been familiarizing itself with the debate around privacy, governance, transparency and the aims of government policy.
However, although Aadhaar is thought to be the world’s biggest biometric database, there is no data protection Act in India.
“There is no data protection Act which could have provided the framework for protecting civil liberties, although there are nine pillars or government initiatives under the Digital India programme—which by the way is a good thing because you can eliminate fraud. The state of Andhra Pradesh has been particularly successful in plugging loopholes in the public distribution system. But very little work has been done on the cost versus benefits of Aadhaar, which is needed because everything is now linked,” said Sanjay Dwivedi, a Bengaluru-based consultant and educator who mentors start-ups, including those working on artificial intelligence.
Dipankar’s Twitter handle is @Ddesarkar1