scorecardresearch
Follow Us:
Saturday, July 02, 2022

Need for robust law to protect citizens sensitive information: SC

Sharing of information, except core biometrics, would require permission of the district court concerned, the UIDAI CEO said. He said the possibility of surveillance with Aadhaar was not there because the UIDAI did not keep any data that can be misused.

By: PTI | New Delhi |
March 27, 2018 10:07:05 pm
supreme court, sc st atrocities act, dalit violence, delhi high court, indian express The Supreme Court of India (Express Photo by Tashi Tobgyal)

The Supreme Court today said there was a need for a “robust” law to protect the sensitive information of citizens and asked the UIDAI about the safeguards to restrain private entities, involved in Aadhaar authentication, from parting with it.

A five-judge Constitution bench headed by Chief Justice Dipak Misra asked Ajay Bhushan Pandey, the CEO of UIDAI, about the safeguards employed to restrain private entities from parting with sensitive information of citizens for commercial gains while conducting the authentication of Aadhaar.

“There are two ends of authentication. You say that you do not know the purpose of authentication and the data at your (UIDAI) end is safe. AUA may be a private entity, what are the safeguards, if AUA parts with the sensitive information,” the bench asked the UIDAI CEO. “Let us have a robust law to protect the data of citizens. There is no such law in India,” the bench, comprising justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan, said.

Authentication User Agency (AUA) is an entity, engaged by the Unique Identification Authority of India (UIDAI), to provide Aadhaar enabled services to Aadhaar number holders by using the authentication. Justice Chandrachud, during the hearing, gave an illustration and said if, he orders pizza from a pizza chain on regular basis and if that chain shares the information with his health insurance firm, then it will have some bearing because the lifestyle is one of the key factors.

Best of Express Premium
UPSC Essentials: Weekly news express — PGII to POEMPremium
Women’s emancipation or population control? Why abortion was legalised in...Premium
Udaipur killing on video | ‘Do something spectacular’: Man from Pak told ...Premium
In village of fauji dreams, second thoughts, insecurity over AgnipathPremium

“This is a commercially sensitive information,” the judge said and added that there was no “enforceable protection against others” even if the CIDR (data repository of UIDAI) was fully secure.

Such sharing is prohibited under the Aadhaar Act, the CEO said, adding that however, there was no control over such sharing of information by private entities, working as AUAs. The bench asked the CEO not to bother the court with operational aspects, but to satisfy it as to whether any breach of data was possible. The CEO said that breaches, if any, might take place from others’ end as the UIDAI’s CIDR was safe and not connected to the Internet.

“In last seven years, not a single breach of biometric details has taken place,” he said, adding that now it has been directed that only the last 4 digits of Aadhaar number would be put in public domain.

“Aadhaar biometrics is shared only for ‘national security’ reasons. The consent is required at the level of the Cabinet secretary and so far, not a single request has so far come to us,” he said. He said that UIDAI gets a lot of requests from IT department seeking Aadhaar data, he said, adding, “We tell them we don’t have ‘a lot of data’.”

Sharing of information, except core biometrics, would require permission of the district court concerned, the UIDAI CEO said. He said the possibility of surveillance with Aadhaar was not there because the UIDAI did not keep any data that can be misused. The UIDAI CEO referred to the point raised by the apex court that why the government could not think of giving ID cards as done in Singapore to ensure that the authorities do not aggregate the data of citizens.

In Singapore, there is a smart card with online authentication to enhance security, he said, adding that even they had authentication records. Moreover, Singapore was also planning to move to biometrics, he said, adding that having too much information on the smart card was risky. “It’s frozen in time. If a new technology develops, you will have to replace all cards,” he said.

UPSC KEY Have you seen our section dedicated to helping USPC aspirants decode daily news in the context of their exams?

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest India News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
Advertisement
Advertisement
Advertisement
Advertisement