1. Aadhaar case: How data protection will also fix privacy issue

Aadhaar case: How data protection will also fix privacy issue

Even if SC rules privacy is a fundamental right, data protection laws critical for this, and it goes beyond Aadhaar.

By: | Published: August 4, 2017 5:51 AM
Why does each app need access to your contacts/SMS—the new law must lay down rules on how much data can be collected/used and also fix rules on getting proper user consent.

Though the 10-member panel headed by Justice BN Srikrishna on recommending a framework for data protection is widely perceived to be related to the data collected by UIDAI for Aadhaar, it goes way beyond that—mostly because the Aadhaar Act itself provides for a lot of security to data collected by even third parties working on behalf of UIDAI; to the extent the Aadhaar Act has some gaps, the Srikrishna panel will address that. The need for a comprehensive look at all Indian laws and practices emerges from the fact that the laws are scattered and unclear—some laws provide for data protection, but only when the collection is done by private organisations, some include data collectors and users, some don’t. And, what is unique in the Indian case, the panel will have to resolve the seeming contradiction between the need for data protection/privacy and the need for transparency and third-party audits. Making public the details of how many days an individual worked on MGNREGA is certainly a violation of privacy, but in a country where half of rations/subsidies are purloined before they reach the intended beneficiary, such data is put out in the public domain so that individuals and third parties can audit the data—in a strict data protection environment, is the privacy to be assured by restricting access to third parties that will, in turn, have to agree to protect the data? Since there is so much data that is given to Google or Facebook or hundreds of other apps as part of our daily lives, this will probably be the first place the Srikrishna panel will begin with.

Should a cab aggregator, for instance, stop tracking consumer movements the moment they are out of the cab or can this carry on for a few minutes more and, either way, can this data be monetised by, say, targeting customers with location-based advertisement or even suggesting which restaurants to eat in? Should a Google maps be allowed to do this? Apart from the principle of how much data can be collected by different agencies, another principle will have to be laid out to specify how the data is to be used and to ensure it is used only for the purpose for which it was collected—given the menace of tele-marketing, it is difficult to believe mobile phone players are protecting customer data in the manner they should. Since each app collecting and monetising the data collected will be able to show user consent, the Srikrishna panel will have to put down rules on how user consent is to be acquired.

Long consent forms, and in fine print, that have to be agreed to for any app to be downloaded, surely, are not the way to go about getting this. While it may still make sense for a bank app to have access to your contacts—this makes it easier to transfer money to a contact—why do most apps need access to your address book and SMSs before they can function? By law, many organisations such as banks are required to keep data confidential, but this does not apply to everyone. According to a study by Vidhi Centre for Legal Policy, the provisions of the Information Technology Act that has stringent protection for data collected and how it is to be used, should apply to all personal data, not just ‘sensitive personal data’ and the rules should apply to individuals and governments also, not just to ‘body corporates’.

The data protection rules, in each case, have to apply to those collecting and processing such data—how do income tax data leak or get publicized if this applies to the income tax authorities? Are those in charge of rations to disclose any or part of the data they collect—this is the issue of transparency versus privacy. Though important from a competition law point of view, the Srikrishna panel needs to examine the concept propounded by Luigi Zingales and Guy Rolink in The New York Times on how individuals should be free to get back their ‘social graph’ from service providers—while Zingales and Rolink talk about a person porting from a Facebook to a “MyBook”, a person moving from one map app to another should, for instance, be able to port her entire travelling history, favourite places, etc.

Related to this is the issue raised by Nandan Nilekani (goo.gl/RHfrX6) on users having the right to get back all of their data from a Google or an Amazon or even the bank they use—this goes beyond the ‘right to be forgotten’ which, needless to say, is an important one. The right to privacy, it is obvious, is not the same as data protection, but the two are inextricably interlinked. And whether or not the Supreme Court rules in favour of the right to privacy being a fundamental right, it is clear you can’t have this without a strict framework/law on data protection and a data protection authority whose job it is to ensure this is followed by everyone. Even if the right to privacy is ruled to be a fundamental right, the state and other players have the right to ask citizens/users for certain types of information—in such a situation, data protection and privacy amount to really the same thing. It is, of course, a pity that the government is choosing to move on this so late in the day, and only after it looked as if SC ruling on privacy may hurt its work with Aadhaar.

  1. R
    Reader
    Oct 11, 2017 at 9:18 am
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    Reply
    1. R
      Reader
      Sep 20, 2017 at 2:31 pm
      A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. A centralized and interlinked database can lead to commercial abuse. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused.
      Reply
      1. R
        Reader
        Sep 20, 2017 at 2:31 pm
        UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
        Reply
        1. R
          Reader
          Sep 20, 2017 at 2:31 pm
          The US Social Security Number (SSN) card has no biometric details, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government does not collect the biometric details of its own citizens for issuing Social Security Number.
          Reply
          1. R
            Reader
            Oct 11, 2017 at 9:22 am
            The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
            Reply
          2. S
            Sandra Kalniete
            Aug 4, 2017 at 1:47 pm
            Hello everyone, I am Sandra Kalniete. I did not trust any internet loan lender not until I was introduced to Mr James Peterson, he approved and credited my loan just about a week ago after I agreed with the company terms and condition. Now the loan purpose is being carried out. If you are 100 sure to pay back the loan and ready to apply message Mr James Peterson World Loans Inc on ( petersonworldloans outlook ) and you will be glad you did. Thanks.
            Reply
            1. #
              #AADHAARFAIL
              Aug 4, 2017 at 10:29 am
              When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
              Reply
              1. #
                #AADHAARFAIL
                Aug 4, 2017 at 10:28 am
                Aadhaar product is SEVEN years old, authentication still fails for "Half Billion" indians, millions of honest tax payers are unable to link aadhaar with PAN, UAN, etc. #AADHAAR's right place is in dust bin, it has wasted billions of dollars of tax payers money. When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate #AADHAAR
                Reply
                1. S
                  Sadasivan
                  Aug 4, 2017 at 9:52 am
                  In Sweden ALL the Citizen's Data have been leaked.The present Swedish Government may fall,it is being conjectured. In view of the above,the best way forward, is to make Aadhaar Voluntary. Government should not force on the reluctant population.
                  Reply
                  1. Mark Jack
                    Aug 4, 2017 at 8:11 am
                    Quiero compartir mi testimonio sobre cómo conseguí mi tarjeta de cajero automático BLANK que han cambiado mi vida hoy. Una vez vivía en la calle donde por las cosas eran tan difíciles para mí, incluso para pagar mis cuentas era muy difícil para mí tengo que aparcar fuera de mi apartamento y empezar a dormir en la calle de Las Vegas. Intenté todo lo que podía hacer para asegurar un trabajo, pero todo fue en vano. Así que decidí hojear a través de mi teléfono para los trabajos en línea donde conseguí un anuncio en piratas informáticos que anuncian una tarjeta en blanco del cajero automático que se pueda utilizar para cortar cualquier cajero automático por todo el mundo, nunca pensé que esto podría ser real porque la mayoría del anuncio en el Internet se basan en el fraude, así que decidí darle una oportunidad y mirar a donde me llevará si puede cambiar mi vida para siempre. Me puse en contacto con estos hackers y me dijeron que son de Nigeria y también tienen sucursal en todo el mundo en
                    Reply
                    1. Mark Jack
                      Aug 4, 2017 at 8:11 am
                      Quiero compartir mi testimonio sobre cómo conseguí mi tarjeta de cajero automático BLANK que han cambiado mi vida hoy. Una vez vivía en la calle donde por las cosas eran tan difíciles para mí, incluso para pagar mis cuentas era muy difícil para mí tengo que aparcar fuera de mi apartamento y empezar a dormir en la calle de Las Vegas. Intenté todo lo que podía hacer para asegurar un trabajo, pero todo fue en vano. Así que decidí hojear a través de mi teléfono para los trabajos en línea donde conseguí un anuncio en piratas informáticos que anuncian una tarjeta en blanco del cajero automático que se pueda utilizar para cortar cualquier cajero automático por todo el mundo, nunca pensé que esto podría ser real porque la mayoría del anuncio en el Internet se basan en el fraude, así que decidí darle una oportunidad y mirar a donde me llevará si puede cambiar mi vida para siempre. Me puse en contacto con estos hackers y me dijeron que son de Nigeria y también tienen sucursal en todo el mundo en
                      Reply
                      1. #
                        #AADHAARFAIL
                        Aug 4, 2017 at 7:09 am
                        Aadhaar product is SEVEN years old, authentication still fails for "Half Billion" indians, millions of honest tax payers are unable to link aadhaar with PAN, UAN, etc. #AADHAAR's right place is in dust bin, it has wasted billions of dollars of tax payers money. When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate #AADHAAR
                        Reply
                        1. #
                          #AADHAARFAIL
                          Aug 4, 2017 at 6:59 am
                          When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
                          Reply
                          1. #
                            #AADHAARFAIL
                            Aug 4, 2017 at 6:58 am
                            #AADHAAR is based on complete lies, deception and betrayal. Reliance Jio leaked #AADHAAR e-KYC details of 120 million users which can be used to clone SIM, change bank password via OTP. Did UIDAI take any action against them? A mobile shop can take your fingerprint, store it and replay it to sell your property, clean your bank account.
                            Reply
                            1. #
                              #AADHAARFAIL
                              Aug 4, 2017 at 6:54 am
                              When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
                              Reply
                              1. #
                                #AADHAARFAIL
                                Aug 4, 2017 at 6:53 am
                                When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
                                Reply
                                1. Load More Comments

                                Go to Top