The petitioners are an interesting array of parties, two former judges, several academics, technologists, a few organisations that work for social justice, two retired army personnel who claim that Aadhaar is a massive national security threat, and individuals who have been not given their due services and benefits due to non possession of Aadhaar.
The Petitioner has contended that in the Uttarakhand State Elections held in February 2017, not only the Election Commission officials and employees of Electronics Corporation Of India Limited(ECIL) were allowed access to the EVMs, but also several persons belonging to a private firm M/s T&M Services Consulting Private Limited engaged by the ECIL were allowed to access the EVMs — thereby raising serious concerns and apprehensions about the possibility of a security breach.
While it creates a distinction between personal data, and sensitive personal data,the exemptions under Data Protection Bill include matters of security of state, for prevention, detection, investigation and prosecution of contraventions of law, processing for purposes of legal proceeding, research, archiving, or statistical purposes, personal or domestic purposes, journalistic purposes, or manual processing by small entities.
Aadhaar data-linked sensitive private information on citizens that Central and State governments, and by default, the political parties in power, have access to could easily be used to create caste and religion based voter maps. Such data would be invaluable to a Delimitation Committee mandated with the task of redrawing the boundaries of constituencies, and could well empower such a Committee with the potential to influence the delimitation process in a manner that could influence the outcome of an election in favour of a particular political party/group, thereby unethically influencing the electoral system and undermining democracy.
From its premature Cabinet clearance without any enforceable data protection framework in place, to its muddled approach to consent, in-built technologies of coercion leading to profiling and possible criminalisation of vulnerable groups, invasive information collection methods and mythicisation of the “infallibility” of the DNA technology — the Bill is a confused disarray of State arrogance fused with misplaced reliance on technology that’s still too nebulous for effective and wide-scale use
Provisions that permit personal data processing without express consent are clearly overbroad in comparison to comparable frameworks such as General Data Protection Regulation (GDPR) brought forth by the European Union (EU). The non requirement of necessity and proportionality with respect to personal data processing by the State prima facie seems regressive and violative of the tests laid down by the Puttaswamy verdict.
The SMCH can reasonably be construed to be a surveillance mechanism encompassing the entire digital space, laying the groundwork for an information system where it only flows from a Statist source, with all dissenters silenced into fear of State sanction.