As the Modi government aggressively pushes the linking of biometric-based Aadhaar to key identity documents, bank and phone records of Indian citizens, Infosys co-founder Nandan Nilekani, hailed as the architect' of the Aadhaar scheme, has also stressed the need for a strong data protection and privacy laws.
In an interview with the Economic Times, Nilekani said while Aadhaar remains a 'lifeline' for many citizens, privacy and security need to be addressed in an advanced legal framework.
"Digitisation in India has certainly created an urgency to put in place an advanced data protection, security and privacy law, and for creating enough digital literacy, so that the people of the country are aware of what digitisation means," he told ET.
While pointing out that privacy is often a trade-off for convenience and national security, measures to make private entities accountable for data breaches need to be strengthened.
"So how do we make sure people's data is secure? It has to be encrypted, well protected, vaulted, and with sufficient checks and balances for that data to be kept secure. If there is a data breach, there should be an obligation on the organisation to immediately notify the breach," he said.
While strongly defending the Aadhaar's technology and security, he admitted that privacy regulation is usually an after-thought of tech innovation, and there are "a lot of ways to make the systems more and more [secure]."
According to him, the government could mandate data security methods and processes such as the use of encryption or use of digital certificates, but that hasn't been done yet.
"Obviously, everything does not move at the same pace. Some innovation happens, then you think of regulation," he said. Read the full interview here.
Concerns regarding the security and privacy of citizens biometric data have surrounded the government's recent moves to make Aadhaar mandatory for a number of government services and even PAN cards.
On Friday, advocate and litigation expert Shyam Divan made a compelling argument against mandatory Aadhaar in the Supreme Court citing the overreach of the state into owning sensitive individual biometrics and the chances of misuse.
"The Union has no competence to nationalise my fingerprints. Eminent domain is confined to land. Not to the body of the individual," Divan said. "Consequently, you can do this only in narrowly tailored circumstances. If the State can have control over your body to this extent - taking your data and centralising it - that reduces us to vassals. At best, the State can act as a trustee or a fiduciary over this data, which is our personal property. "