In the absence of privacy and data protection laws, the overuse of Aadhaar could result in privacy violations and data breaches
The government would do well to address these issues, just as it would do well to adopt the concept of data minimisation
Aadhaar is a good idea but it is becoming the victim of something that crimps, cripples, and eventually collapses many big ideas: the belief among its proponents and supporters that it is the solution for every problem. Originally meant to ensure the better targeting of the government’s social welfare schemes, Aadhaar is now required for almost everything from securing a driving licence to renewing a life insurance policy. The result, in this case, as in any other, is overuse, and the penalisation, often of the very same people who were supposed to benefit from the idea in the first place.
Irrespective of the nature of and the motive behind the police complaint the Unique Identification Authority of India (UIDAI) has registered against the journalist who highlighted the way in which all demographic details of an individual could be accessed from the Aadhaar database provided one knows the Aadhaar number of the individual, this is simply a case of shooting the messenger rather than responding to the message. The journalist’s investigation also found that it was possible for a person with such access to print the Aadhaar card of the individual.
UIDAI’s position in this case, as in some others, is that the biometric database hasn’t been compromised, but the fact is, in many instances (entering airports for instance), an Aadhaar card is all that is required and there is no verification of biometrics involved.
It is difficult to overlook the obvious advantages of Aadhaar, especially in directing social-welfare schemes of the government. Used well, it could prevent so-called leakages in these programmes, and make sure those who can benefit the most from such schemes do. But in the absence of privacy and data protection laws, the overuse of Aadhaar (some would argue, even its use) could result in privacy violations and data breaches. Such overuse could also end up being exclusionary in nature, and neither the government, nor UIDAI have thus far come up with a plan to address this.
Finally, there’s the behaviour of UIDAI itself – an entity that appears quick to take offence but which appears loath to communicate its position in a language that most people can understand. The government would do well to address these issues, just as it would do well to adopt the concept of data minimisation, which is simply that data that is collected can’t be stored or used for purposes other than those stated in advance.