yesterday was profoundly anomalous. i filed two stories. both, as it were, on aadhaar. one on a sting by cobraport which flagged faulty enrolments. and the other where the supreme court said aadhaar cannot share its database with anyone without consent from the number holders.
this is a significant development. over the last five years, a clutch of government departments and private companies have been collecting biometrics with gusto. however, with the privacy bill still on the drawing board, India has seen biometric data get collected, by multiple agencies, without any laws governing their collection, use or retention.
see these links for more substantiation of the preceding sentence. one. two. three. in the process, the country has entered a world of new risks. without, sigh, getting the safeguards in place. which brings us to the dispute between the cbi and the uidai which culminated in this SC judgement. it is one kind of an outcome.
The SC ruling was in response to a 26 February, 2014 ruling by the Mumbai High Court directing the UIDAI to provide the CBI with biometrics of all residents of Goa. The High Court’s ruling was related to the rape of a seven year old in Vasco last January. The case was handed to the CBI which, as the Aadhaar appeal to the SC says, initially asked it for biometric information of “all the persons in the state. That request was modified and only the fingerprints of 3 specified persons were asked for.”
Later, the CBI dropped that request. Says the Aadhaar affidavit, “The CBI has now found a chance fingerprint and asked Aadhaar to compare its data and the biometric data provided by the CBI.” Aadhaar refused to share information citing two reasons. One, that such a move would violate privacy of the number-holders. And two, that its biometric database and deduplication systems are not designed for forensic inquiries. When its appeal was rejected by the HC, UIDAI appealed to the SC.
what are the protocols for the use of such data? as legal researcher usha ramanathan says in the article: “the idea that databases can be used by anyone makes people vulnerable, especially in a state where there is neither law nor much respect for law.”
the good news is that the SC verdict clarifies matters to some extent. but the country still needs a regime on privacy and data (including biometrics) protection.