AADHAAR, Antithesis of the Right to Privacy
"This is a free country: madam. We have
a right to share your privacy in a public place." - Peter Ustinov in
Romanoff and Juliet
Privacy is a multi-faceted concept compendiously described as the right “to be let alone”. Except in the case of celebrities and criminals -- they either waive or forfeit this right -- privacy is an issue in everyone’s life. Distinct from isolation or loneliness, it is a conscious or unconscious attempt to free oneself from the interference or influence of other people, of society or the establishment at large. Now all of a sudden privacy has become important to us with the landmark judgment of the Supreme Court declaring it as a fundamental right.
The judgment came at a time when Aadhaar, the 12-digit number issued by the Unique Identification Authority of India, is becoming mandatory and pervasive. In the globalised digital world information is big business.
Aadhaar, a vast reservoir of biometric data, is a potential threat to privacy. It is in this context that the Supreme Court examines the validity of the Aadhaar Act 2016 which permits access to the Central Identities Data Repository (CIDR) and sharing of information deposited there.
The dawn of information technology in the 1960s witnessed growing anxiety about the perceived threats posed by the uncontrolled collection, storage, and use of personal data. The fear of Orwellian Big Brother provoked calls in several countries for the regulation of these potentially intrusive activities.
There are three different types of private information: biometric information, identity information and personal information. The first two are formally defined in the Aadhaar Act, and protected to some extent. Aadhaar’s biggest threat to privacy, however, relates to the third type of information. At the heart of any data-protection law lies the principle that personal data shall be collected by means that are lawful and fair. In respect of the use and disclosure of such data, they may be used or disclosed for the purposes for which the data were collected or for some directly related purposes, unless the data subject consents.
In the absence of the term “personal information” in the Act, it can be understood in a broader sense, which includes not only identity information but also other information about a person. The Aadhaar Act puts in place some safeguards in the privacy context, but they are restricted to biometric and identity information, leaving personal information unprotected.
The strongest safeguards in the Act relate to core biometric information. Biometric information essentially refers to photograph, fingerprints and iris scan, though it may also extend to other biological attributes of an individual. The term core biometric information basically means biometric information minus photograph. Identity information has a wider scope. It includes biometric information but also a person’s Aadhaar number as well
as the demographic characteristics that are collected at the time of Aadhaar enrolment, such as name, address, date of birth, phone number, and so on.
The starting point of any data protection law is the concept of “personal data” or, in some statutes, “personal information”. The term “personal information” can be understood in a broader sense, which includes not only identity information but also other information about a person, for instance where she travels, whom she talks to on the phone, how much she earns, what she buys, her internet browsing history, her health or sex life, and so on. Though the definition of personal data in legislation elsewhere manifestly incorporates information the obtaining or disclosure of which would constitute what might properly be called an invasion of privacy, its wide sweep neglects these issues. It is principally information that is intimate or confidential that warrants protection in the name of privacy. But the Aadhaar Act neglects this species of information.
Aadhaar is a tool of unprecedented power for the purpose of mining personal information. Personal information on a large scale can be extracted easily by linking Aadhaar to different databases. Viewed from multiple angles, Aadhaar can be condemned as the anti-thesis of the right to privacy. The ubiquity of computers and computer networks facilitates almost instant storage, retrieval, and transfer of data. The relationship between data protection and privacy may not be immediately obvious. But the relationship is so close that it cannot be ignored. The collection and use of personal data is readily -- and often disingenuously -- justified as being in the public interest. As privacy is a valuable and indispensable right, elevated to the hallowed status of a fundamental right by the Supreme Court, we have to protect it at any cost. Aadhaar has to be revamped and restructured to make it in consonance with the emerging privacy regime. A data protection umbrella is needed to resolve the problems relating to privacy.