Is Aadhaar the only leak of demographic data?

Saturday January 13, 2018 , 5 min Read

While the average Indian mobile user is already used to invasion of privacy by the regular calls from agencies that deal with banks, insurance and real estate companies, the government-led Aadhaar process is problematic, as third-party operators have access to information of citizens.

Digital privacy is going to become a moot point as India moves rapidly into the Digital Age and the future of Big Data

Is Aadhaar the only source of leakage of personal demographic data? As an ordinary consumer, I don't think so.

Last year, my car was insured with an car insurance company. How did the three other insurance companies call me this year for the renewal of my car insurance policy? It means that these other three insurance companies have my mobile number, know which car I drive, when my insurance expires, and even know my car registration number. I don't know what else they have on me but I can be pretty sure that they have my postal address as well, since they mailed me the insurance policy without once asking for my address. Is that a leak of information or it is not? Is it a threat to privacy or is it not? When I complained bitterly to my original insurance company, all they could tell me was that they don't give away the personal data of their customers. When asked how my personal data had become available to three other insurance companies that I had never dealt with ever before, they had no answer. I can't help but feel that all insurance companies share a common database of all insurers. But no one is speaking about it.

And what about the hundreds of spam SMSes I get, including offers to get me a second mobile number that is very close to my current mobile number but with a difference of one or two digits? These SMSes don't even seem to go away despite activating DND. Frankly, I have given up on the wholesale invasion of my privacy in more ways than one.

What about the recurring calls from Ghaziabad in UP that spam me with calls on how I have not redeemed my credit card points, one of the ploys for credit card fraud? If not for Truecaller I might have fallen prey to these calls as well. They seem to know my name, my mobile number and even the last 4 digits of my credit card. I have no idea what else they know. Not to mention hundreds of SMSes from the real estate sector.

Based on my personal experience as a consumer it seems fairly easy to conclude that demographic data is available on a number of databases: insurance, financial services sector, telecom companies and other government databases for income tax etc. The biggest problem the Aadhaar database faces is the third-party operators who have access.

So when the recent sting operation by the Tribune journalist revealed that Aadhar data was available through agents at Rs 500 for the actual data, and Rs 300 to print it, the AIDAI response that demographic data is not useful without the biometric data, I thought, was a very weak response. Does it mean that demographic data is leaking out of Aadhaar, and the only safe piece of data is the biometric data? And a leak of demographic data is not considered serious enough?

Edward Snowden, the whistleblower in exile, had a comment on this, when he tweeted:

'We’re becoming less citizens and more subjects.'

While the Aadhaar database is perhaps not yet being used for surveillance, which is something Snowden was rebelling against many years ago about the situation in the US, the current situation does reveal that the data could well be used for surveillance of any kind; private or governmental were it to fall into the wrong hands at the wrong time.

Before implementing Aadhaar with such vigour across the system, we might have considered looking at our privacy laws. Currently, our privacy is protected by other laws like the Constitution and the Information Technology Amended Act, 2008 (ITAA). But unlike the EU we don't have a separate privacy law, which is critical now, with the huge proliferation of personal data available in several databases from cellular companies, financial institutions to government sources.

'There would be no place to hide if this government ever became a tyranny'

Edward Snowden

The Personal Data Collection Bill has been unfortunately languishing with the government since 2006. While the original draft is perhaps hopelessly out of date and needs a lot of revision before it can be implemented, it needs to be put on the top priority list.