Those enrolling on the UID database have not been informed that their data is to yield profit for the UIDAI, Rs 288.15 crore a year and its only investor, the government, does not even own the data. How many in the government are even aware of this investing of ownership in an entity that continues to remain deliberately undefined and opaque
The Unique Identification Authority of India (UIDAI) was set up by an executive notification dated 28 January 2009. As per the notification, the Planning Commission was to be the nodal agency “for providing logistics, planning and budgetary support” and to “provide initial office and IT infrastructure”. As part of its “role and responsibilities”, the UIDAI was to “issue necessary instructions to agencies that undertake creation of databases, to ensure standardisation of data elements that are collected and digitised and enable collation and correlation with UID and its partner databases”. It was to “take necessary steps to ensure collation of the National Population Register (NPR) with the UID”. And, the UIDAI “shall own and operate” the UID database.
In July 2009, Nandan Nilekani was appointed as the chairman of the UIDAI, representing a lateral entry of a person from the private sector into the government, with the rank of a Cabinet minister.
The UID project proceeded without a law, despite the seriousness of privacy and security concerns till, caving in to public pressure, a draft Bill was prepared by the UIDAI in June 2010; and it was not till December 2010, after the project had begun to collect resident data, that this Bill was introduced in Parliament. The Bill stayed close to the framework for corporate control over databases that was later enunciated in the report of Technology Advisory Group on Unique Projects (TAG-UP) of which Mr Nilekani was the chair, and which gave its report in January 2011.
The Bill to give statutory status to the UIDAI was roundly rejected by the Parliamentary Standing Committee on Finance in December 2011. The Parliamentary Committee recommended that both the Bill and the UID project be sent back to the drawing board. There has been no effort since to reintroduce the Bill. Every time the UIDAI is confronted with questions about the legality of its enterprise, its officers assert that the executive order of 28 January 2009 is the legal instrument from which they derive their authority; and that order makes them the ‘owner’ of the database.
In the context of the UID project:
• Residents from whom the data is being collected have not been informed that the government is not the owner of the data, or of the database; nor what the legal status of the ownership by the UIDAI will mean for the citizen/resident;
• the UIDAI set up a Biometrics Standards Committee in September 2009, which gave its report in December 2009. Its report reveals that the UIDAI intended to “create a platform to first collect identity details of residents, and subsequently perform identity authentication services that can be used by government and commercial service providers”;
• the “UIDAI Strategy Overview”, in April 2010, estimated that it would generate Rs288.15 crore annual revenue through address and biometric authentication once it reaches steady state, where authentication services for new mobile connections, PAN cards, gas connections, passports, LIC policies, credit cards, bank accounts, airline check-in, would net this profit. Those enrolling on the UID database have not been informed that their data is to be yield profit for the UIDAI; they were perhaps expected to read up from the UIDAI website
• as set out in the TAG-UP report, the data we think we are giving to the government is to end up on the database of what will be in the nature of a private company once it reaches steady state.
Read rest of the column on MoneyLife.
(Dr Usha Ramanathan is an independent law researcher on jurisprudence, poverty and rights)
These excerpts have been reproduced here with permission from MoneyLife