Aadhaar Database Fails Privacy Test, Draft Data Protection Bill Committee Is A Trojan Horse
Ahead of the hearing in the Supreme Court on 17 January amidst push for biometric gnawing concerns about privacy, the issue of Aadhaar’s realistic chances of survival and its acceptance as fait accompli after imminent verdict in UID/Aadhaar case has assumed huge significance in our national life. If one draws on Justice DY Chandrachud ‘s 266-page-long order as part of the 547-page-long...
Ahead of the hearing in the Supreme Court on 17 January amidst push for biometric gnawing concerns about privacy, the issue of Aadhaar’s realistic chances of survival and its acceptance as fait accompli after imminent verdict in UID/Aadhaar case has assumed huge significance in our national life. If one draws on Justice DY Chandrachud ‘s 266-page-long order as part of the 547-page-long right to privacy verdict of the 9-judge bench in the case related to 12-digit biometric Unique Identification (UID)/Aadhaar numbers being fed into Central Identities Data Repository (CIDR), it emerges that a right to privacy Bill has remained pending. After the verdict recognizing it to be a fundamental right, there does not appear to be any need for a law to ascertain whether UID/Aadhaar fails the stringent test of right to life and personal liberty. The investigations by The Tribune underline that it has failed the test.
The order authored by Justice Chandrachud with approval from Chief Justice Jagdish Singh Khehar and Justice RK Agrawal and Justice S Abdul Nazeer puts all its faith in the proposal of a "draft data protection Bill' committee. Justice Chandrachud concludes his order saying, “Since the Union government has informed the Court that it has constituted a Committee chaired by Hon’ble Shri Justice BN Srikrishna, former Judge of this Court, for that purpose, the matter shall be dealt with appropriately by the Union government having due regard to what has been set out in this judgment.” The proceedings on record make it abundantly clear that the Office Memorandum dated 31 July, 2017, was issued under the signature of Group Coordinator, Cyber Law and Unique Identification Authority of India (UIDAI), Ministry of Electronics and Information Technology (MeitY) ahead of Court’s verdict as part of government’s argument underlining that right to privacy is not a fundamental right.
Justice Chandrachud’s order takes cognizance of the fact that it was only during the course of the hearing of the case that the Central government brought to light an Office Memorandum by which it constituted a committee to “suggest a draft data protection Bill”. He observed, “We expect that the Union government shall follow up on its decision by taking all necessary and proper steps.”
He made this observation despite recording that “the Privacy Bill, 2011 to provide for the right to privacy to citizens of India and to regulate the collection, maintenance and dissemination of their personal information and for penalisation for violation of such rights and matters connected therewith, is pending”. He did not take the government to task for failing to enact the right to privacy law before enacting the Aadhaar Act and implementing the UID/Aadhaar scheme.
The proposal of “draft data protection Bill” is part of grossly procedural, formalistic and insincere maneuvers of the government. The proposal of “draft data protection Bill” at this stage is akin to putting a cart before the horse. It is akin to putting a Trojan horse of the battle of Troy mentioned in Homer’s epic Odyssey before the court. Homer alludes thrice to the Trojan horse even in Iliad towards the end. The Court’s order missed the opportunity of looking at the composition of the “draft data protection Bill” Committee, which has given birth to gnawing misgivings. Trojan horses appear harmless, but are, in fact, malicious and deeply destructive.
The ToR of this committee pertains to “study of various issues relating to data protection in India” and “to make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection Bill” after personal sensitive data of the residents of India has contractually been handed over to foreign transnational companies like Accenture, Mongo DB, Safran Group and Ernst & Young for up to seven years only as per information gained through RTI.
It is significant that such revelations have found mention the verdict of the Court as part of Justice SK Kaul’s order saying, “Edward Snowden shocked the world with his disclosures about global surveillance.” It is equally significant that Parliamentary Standing Committee on Information Technology asked about the surveillance by National Security Agency (NSA) of the US in its 27th Report.
It is apparent that the government is attempting to change the goalpost now by talking about the proposal of “draft data protection Bill” to ignore existing right to privacy Bill.
It is noteworthy that the government has admitted before Parliamentary Standing Committee on Finance that examined the issue of UID/Aadhaar numbers observed, “There is no law at present on privacy, and data protection”. The government told the committee that “Collection of information without a privacy law in place does not violate the right to privacy of the individual”. The committee recommended that legislation on UID/Aadhaar would be appropriate “only after passing the legislation on privacy, and data protection so as to ensure that there is no conflict between these laws”.
The parliamentary committee recorded the findings of the Report on UK’s Identity Project by London School of Economics stating that “… identity systems may create a range of new and unforeseen problems… the risk of failure in the current proposals is therefore magnified to the point where the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals”. Taking cognizance of this report, the United Kingdom shelved its Identity Cards Project for a number of reasons, which included: (a) huge cost involved and possible cost overruns; (b) too complex; (c) untested, unreliable and unsafe technology; (d) possibility of risk to the safety and security of citizens; and (e) requirement of high standard security measures, which would result in escalating the estimated operational costs.
For how long can a government hide behind Trojan horses? In the light of the findings of the LSE, parliamentary reports and recent revelations which are quite valid for the UID/Aadhaar project, the realistic chances of survival of the project and Aadhaar Act post-Justice Puttaswamy verdict, after the Constitution Bench’s hearing this month is quite remote.
Dr Gopal Krishna is Convener, Citizens Forum for Civil Liberties & had appeared before the Parliamentary Standing Committee on Finance that examined the UID Bill and is editor of www.toxicswatch.org
[The opinions expressed in this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of LiveLaw and LiveLaw does not assume any responsibility or liability for the same]