By Anil Rachamalla
Privacy is a Fundamental Right to Life and Personal Liberty under Article 21. Now-a-days both companies and states have violated the privacy of Individuals. Individuals are neither informed about the ongoing monitoring, the way our personal data is collected, analysed, shared and monetised, nor given the opportunity to question the activities.
In the recent Aadhaar related judgments, the most welcome part is the scrapping of Section 57 of the Aadhaar Act, which allowed private entities to use Aadhaar for identity purposes. The comment that came from one of the honourable judges was that the Aadhaar continues to pose a “grave threat to privacy, liberty and autonomy”.
Evolution of Personal Data Protection – A proposed Act:
The Bill has been drafted with the intent to enhance individual rights by providing individuals with full control over their personal identity and data.
- In 2005, Justice K Puttuswamy recognised the necessity of privacy under the right to protect articles 19, 20 (3), 21, & 25.
- In 2017, Justice B N Srikrishna suggested some changes.
- In 2018, a Draft Personal Data Protection Bill was presented. Ownership lies with the Ministry of Information Technology.
- In 2019, it was presented by Joint Parliamentary Committee (JPC) and was sent to further suggestions and is yet to come out as an Act in the Parliament.
Classification of data based on privacy:
- Personally identifiable data (PII): It is any data that could potentially be used to identify a particular person.
- Non-personally identifiable information (non-PII): Data that cannot be used on its own to trace, or identify a person, so basically the opposite of PII.
- Sensitive personally identifiable information: General Data Protection Regulation (GDPR), not all data that qualifies as personally identifiable information is sensitive.
- Non-sensitive personally identifiable information: Popular software and websites increasingly rely on users’ personal information; PII is put at risk of exposure by cyber-attacks and data breaches. Once exposed, attackers can use sensitive personally identifiable information to facilitate identity theft, fraud, and social engineering attacks, particularly phishing and spear phishing. Your personal data rights:
- Right to Access
- Right to Confirm
- Right to Correct
- Right to Portability
- Right to Forget
- Right to Consent
Purpose of Aadhaar card:
Aadhaar is a 12-digit unique identification number which is a biometric identification—iris and fingerprint scan with the Unique Identification Authority of India, which can be used to avail benefits offered by the government.
The Aadhaar number is now required for direct cash transfers for the cooking gas subsidy, Ayushman Bharat, and the Mahatma Gandhi National Rural Employment Guarantee Scheme. Aadhaar number incorporation has helped to provide government subsidy to the right beneficiaries thereby removing middlemen and revenue leakages. Moreover, Aadhaar number and Permanent Account Number (PAN) card have been linked to remove ambiguities related to tax evasions.
Aadhar number privacy concerns:
- Identity theft
- Identification without consent
- Correlation of identities across domains
- Illegal tracking of individuals.
Authority and responsibility:
Authority should come with responsibility, and only government authorities can authenticate for the transfer of government funds (for benefits). It is an official authentication and not identification.
Neither an Entity (Includes judicial and investigation authorities) nor Individual can question the identity of any individual unless and until there is something that illegitimate activity going around that too with reasonable restrictions and consent of the individual.
- Reasons for a citizen to avoid presenting are: inappropriate matching of fingerprints or iris scans, or facial photographs, or using demographic data to identify people without their consent and beyond legal provisions.
- Individuals could be tracked or put under surveillance without proper authorisation or legal sanction using the authentication and identification.
We all have the liberty to move around, express, and interpret our free will in both the physical and online worlds without disclosing who we are. Facebook, Twitter, or any platform for that matter, doesn’t ask you for any personally identifiable information.
We must safe guard our personal rights to be in place for liberty and autonomy; otherwise, a day will come when we will all have barcodes printed on our bodies and will be restricted in where we can go, what we can eat, who we can meet, and what we can express.
Stay tuned to the Cyber Talk Column for more information on “Internet Ethics and Digital Wellness,” brought to you by Anil Rachamalla of the End Now Foundation (www.endnowfoundation.org).