#MyBodyMyRights: Privacy is not just a word and shouldn’t be so with Aadhaar

Without an Aadhaar one cannot file taxes, and without giving biometric data one cannot get his or her Aadhaar.

The PAN-Aadhaar issue before the Supreme Court has raised many issues. This affects the right to livelihood under Article 19(1)(g) because economic activities are likely to be hampered. There is also the issue of the promised voluntary nature of the Aadhaar scheme under the Aadhaar Act, conflicting with Section 139AA of the Income Tax Act, which makes linking Aadhaar number to the PAN Card. Section 139AA was inserted in the IT Act on April 1, 2017, and it made it necessary to quote Aadhaar number for applying for a PAN number, and for filing income returns. This necessity to link Aadhaar and PAN is to begin from July 1, 2017. It is in direct conflict with a previous Order of the Supreme Court, that directed against making Aadhaar compulsory for availing schemes and benefits from the Government (March 27, 2017). Section 139AA is in effect an “indirect legislative overruling” of this order; a fact that was ably pointed out by Mr. Datar in his Court Submissions.

With the Aadhaar, we are talking of biometric data. Reading Section 87 of the Information Technology (Reasonable Information) Rules 2011 with Section 43A of the Information Technology Act, 2000, biometric data means “the technologies that measure and analyse human body characteristics, such as ‘fingerprints’, ‘eye retinas and irises’, ‘hand measurements’ “facial patterns’, ‘voice patterns’, and ‘DNA’ for authentication purposes” Biometric Data and Genetic Data has further been classified as Personally Sensitive Data by the Department of Personnel and Training of the Government of India, in its “Approach Paper for Legislation on Privacy”. By linking Aadhaar to various schemes the Government is hoping to achieve “targeted delivery of scheme benefits” and “prevent leakages” of black money (As stated by Attorney General of India at the Third Universal Periodic Review of India at the United Nations in Geneva).

This invites questions on the rationale of linking biometric data to income returns and taxation. If the Government wants further verification of a person’s identity (to overcome the issue of PAN duplicity), there are other ID document that can be provided. Businesses and individuals are bound to have other IDs at their disposal. Furthermore, where targeted delivery of benefits is concerned, putting a face to every name in the country, and providing valid identity documents for every citizen makes sense, given how it’s not very difficult for identity theft to occur in India. The main problem arises when the Government begins to link these uniquely personal identity documents that contain data of a personal kind, to schemes and financial transactions. Citizens quoting their Aadhaar number for either of these two goals are at risk of their Aadhaar numbers being stolen from the documents where they mention the Aadhaar by the officials collecting the documents.

Moreover, there is usually a need to give a photocopy of the Aadhaar itself. In 2016 November, it become apparent that Aadhaar numbers were being stolen from the photocopies at Government or Agency offices. The CEO of UIDAI, Mr. Ajay Bhushan Pandey, advised citizens to write on their photocopies the purpose for which the Aadhaar photocopy had been given, to prevent theft or misuse. When Aadhaar was initiated, it was clearly a voluntary scheme, and now through the contradictory Governmental orders and Section 139AA, the Government has tried to make it compulsory in certain areas. Who’s to say this practice won’t continue? This fact was brought up in Mr Datar’s arguments in Court, and were echoed by Mr. Divan.

As well-meaning as aims of curtailing black money and ensuring proper reach of benefits are, this is an issue of trust. Can any Government be trusted with such data? Is it not a form of surveillance where the Government has with great ease, information on every citizen in its country? Can the Government really ensure data security and prevent data misuse, by third parties or worst of all, by its own officials? Tackling black money, terrorism, duplicate PANs and traceability, are all noble causes, but the means to the end matter. Has there been enough debate on countering terrorism and black money transactions? Are there are other measures that can be used to tackle these issues, that do not result in civil death (the death of the rights of citizens) and the creation of a large national security threat? Based on the arguments made by Mr. Arvind Datar in his rejoinder arguments on 4th May 2017 at the Supreme Court, these are questions that the Government have not considered very deeply.

“Indians have no absolute right over their bodies”

The Attorney General told the SC bench that Indians did not have an absolute right over their bodies, and therefore could not refuse to give body samples for Aadhaar. He cited various legal justifications such as the Roe vs. Wade judgement, the fact that body evidence must be given in case of criminal matters, legal regulation over time of abortions, and the right to die not being there. If one analyses these justifications, it can be inferred that citizens do not have absolute rights over their bodies, but the Government does. If these linkages are allowed, the linking will continue, and in effect the Government will have a database of every citizen’s data (personal or otherwise). This is a lot of power in the hands of not just the Government, but also in the hands of other agencies. Though the Aadhaar Act has strict punishments for breaches and guidelines for what information can be shared under specific circumstances and how, it must be noted that only the UIDAI can file complaints where there are breaches as enshrined in Section 47(1) of the Act.

Moreover, the Aadhaar (Authentication) Regulations, 2016 in Section 18(1) and (2) require the “requesting entities” – defined under Section 2(u) of the same Regulations – to keep detailed logs of its requests for Aadhaar Authentication for a period of 2 years, after which the logs must be archived for a period of 5 years. Requesting entities could be banks, governmental schemes, the IT department or telephone service providers (where quoting of Aadhaar is currently compulsory for certain services). When these entities request “identity information” [Section 2(n) of Aadhaar Act 2016], they can ask for biometric information [Section 2(g) of Aadhaar Act 2016] or demographic information [Section 2(k) of Aadhaar Act 2016] or both. However, core biometric data [Section 2(j) of Aadhaar Act 2016] cannot be “stored, shared or published by the requesting entity as per Section 17(1)(a) of the Aadhaar Regulations. Core biometric data refers to finger prints and iris scans. There appears to be some ambiguity on whether core biometric data can be stored in the logs and archives. As alarming as this logging and archival is, it is also worth noting that requesting entities can choose which mode of authentication of Aadhaar numbers to adopt as per Section 4(3) of the Aadhaar Regulations.Therefore the Government is not the only body with access to one’s Aadhaar information.

Third parties such as the companies who have contracted with the Government (Accenture for example), for managing the infrastructure of Aadhaar can store the data. Telling citizens that they have no absolute right over their bodies, is in effect stripping them of existence. This is a dangerous path to tread on. How much regulation is too much regulation? This is the challenge faced by the social contract in modern times. Is it right for Governments to demand such personal data from its citizens? Instead of the Government being more reliable and tightening up on corrupt officials and closing loopholes in tax laws, the Government wants its people to be more transparent, traceable and accountable to it. It will become easier for fraud and corruption to occur. The risk of identity theft, and theft of money is very real.

The issue of privacy is not one of wanting to hide from the Government. It is an issue of wanting to prevent theft and misuse of personal data. It must be reiterated that information is power. Mr. Divan highlighted this argument on privacy beautifully when he spoke of bodily integrity. Body samples are a part of a person’s being. He pointed that this would be violating Article 21 of the Constitution which he asserted protects the body of each citizen, and bestows on them the absolute rights over their own bodies. Mr. Divan argued against “state expropriation” of bodily material of citizens, stating that such “nationalisation” would be unconstitutional.

“Privacy”, may seem like a just a word. It may seem unimportant and overused in everyday life even. It doesn’t mean keeping people out of your affairs alone. It means controlling information flow about one’s life, one’s choices (financial or otherwise), and one’s personal biological factors. It means protecting one’s very existence from outside interference. Protection of one’s own body, and consequently one’s own ability to transact and avail benefits is at stake.

About the writer:

Shambhavi Ravishankar is a human rights lawyer and an ardent lover of writing and reading, who believes in the pen being mightier than the sword!

Leave a Reply

Your email address will not be published.


*