All that data that Aadhaar captures: 

All that data that Aadhaar captures:

Context

Recently, Supreme Court affirmed that privacy is fundamental right. This has cleared the much-debated privacy issue related to Aadhar.

What is the issue?

• The fact of the matter is that Aadhaar, in its current form, is a major threat to the fundamental right to privacy.
• There is a common perception that the main privacy concern with Aadhaar is the confidentiality of the Central Identities Data Repository (CIDR).

How relevant is the issue?

• The perception that has built around Aadhar is a misleading for two reasons.
• One is that the CIDR is not supposed to be inaccessible.
• On the contrary, the Aadhaar Act 2016 puts in place a framework for sharing most of the CIDR information.
• The second reason is that the biggest danger, in any case, lies elsewhere – leaking of private information
• One obvious concern is the confidentiality of whatever personal information an individual may not wish to be public or accessible to others.
• The Aadhaar Act puts in place some safeguards in this respect, but they are restricted to biometric and identity information.

What are the different types of private information?

There are three different types of private information:                      

i. Biometric information

In the Aadhar Act, biometric information essentially refers to photograph, fingerprints and iris scan, though it may extend to “other biological attributes of an individual”.

The term “core biometric information” basically means biometric information minus photograph, but it can be modified once again at the discretion of the UIDAI.

ii. Identity information

Identity information includes biometric information but also a person’s Aadhar number as well as the demographic characteristics that are collected at the time of Aadhar enrolment such as name, address, date of birth, phone number etc.

iii. Personal information

The term “personal information” (not used in the Act) can be understood in a broader sense, which includes not only identity information but also other information about a person, for instance where she travels, whom she talks to on the phone, how much she earns, what she buys.

What are the arguments in favor of Aadhar?

• That part of the CIDR, where identity information is stored, is supposed to be inaccessible except for the purpose of biometric authentication
• There is a view that, in practice, the biometric database is likely to be hacked sooner or later.
• Be that as it may, the UIDAI can at least be credited with trying to keep it safe, as it is bound to do under the Act.

What are the arguments in against of Aadhar?

•    Far from protecting your identity information, the Aadhaar Act puts in place a framework to share it with “requesting entities”.
• The core of this framework lies in Section 8 of the Act, which deals with authentication. Section 8 underwent a radical change when the draft of the Act was revised.
• In the initial scheme of things, authentication involved nothing more than a Yes/No response to a query as to whether a person’s Aadhaar number matches her fingerprints (or possibly, other biometric or demographic attributes).
• In the final version of the Act, however, authentication also involves a possible sharing of identity information with the requesting entity.

What are the other issues apart from leaking of private information?

• The proliferation and possible misuse of identity information is only one of the privacy concerns associated with Aadhaar, and possibly not the main concern.
• A bigger danger is that Aadhaar is a tool of unprecedented power for mining and collating personal information
• Aadhaar is a tool of unprecedented power for the purpose of mining personal information. Nothing in the Aadhaar Act prevents the government from using Aadhaar to link different databases, or from extracting personal information from these databases
• In short, far from being “based on the premise that privacy is a fundamental right”, Aadhaar is the anti-thesis of the right to privacy

The very foundation of Aadhaar must be reconsidered in the light of the privacy judgment.