Plea In Kerala HC Highlights Privacy And Legal Concerns With Mandate To Collect Aadhaar For Tracking Education Data

“By linking funding for education to collection of data including Aadhaar data, states are being forced to collect personal information of students and parents and enter these into a centralised database. The centralised collection of personal information of students and parents is arbitrary and illegal,” argued the Democratic Alliance for Knowledge Freedom Society (DAKFS) in their plea against the government’s mandate to collect Aadhaar data from students and teachers for upgrading a central-level education data portal.

According to the petition, reviewed by MediaNama, the Education Ministry’s Department of School Education & Literacy (DoSEL) had issued letters asking all States & UTs to accelerate the process of seeding Aadhaar data of students and teachers in addition to their other personal information, for the Unified District Information System for Education Plus or UDISE+.

The UDISE+ programme initiated by the DoSEL provides a central repository of school education data collected from across the country. The petition filed by the DAKFS at the Kerala High Court with the support of the Software Freedom Law Centre challenges the Ministry’s directions primarily on the grounds that the move infringes upon students’ privacy rights and violates provisions of existing law such as the Right to Education Act.

The petition called upon the court to stay the implementation of such orders and to ask the government to stop the collection of personal data of students and parents through the UDISE+ portal.

On October 30, the Kerala HC directed the Indian government, the Indian IT Ministry, and the Kerala government to respond on the matter. The case will be next heard on November 23rd.

Key arguments made by the petitioner

1. The Ministry’s directions violate the Digital Personal Data Protection Act (DPDPA):

Advertisement. Scroll to continue reading.

• The DAKFS noted that the Centre is collecting a vast amount of personal data including “details on name of parents, address, phone number of students and parents, religion, social category, disability status and even health details”.
• The petition pointed out that the manner and form in which data is being collected through the UDISE+ portal is not specified in the government’s directions. They argue that such an extensive data-collection activity with no clear mechanism to obtain “informed consent” violates the recently passed DPDPA, which recognises the right of an individual to protect their personal data, while allowing for such data to be processed for specified objectives.
• According to the petitioners, given that the DPDPA has received the President’s assent and is brought in tune with the Supreme Court’s judgment in Justice K.S. Puttaswamy vs. Union of India, the Centre’s actions must align with the safeguards provided in the DPDPA.

2. Does the data collection pass the test of privacy?

• The petition stated that the government’s directions do not fit well with the conditions that must determine the State’s legitimate infringement of an individual’s right to privacy laid out by the apex court in the Puttaswamy judgment of 2017.
• First, the Supreme Court had said that there must be a law to justify an encroachment on privacy. In this case, the petition noted, that there is no law which requires mandatory “installation of an app” that tracks a citizen. “The requirement to collect Aadhar Data is not supported by any legal justification or object and violates the fundamental right to Privacy of the students as upheld in the Puttaswamy judgement,” the petition noted.
• Second, the proposed action must be necessary for a “legitimate state aim” and the least intrusive methods must be employed to attain the objective. The petitioners argued that an extensive collection of personal data, including Aadhaar, of students and their parents is not necessary to produce “broad or summary statistics”, and that this can be achieved through non-personal data from schools.
• The government in its letters has also stated the UDISE+ data will serve as a source for determining India’s position in Global Indices such as the ‘Human Development Index’, ‘Human Capital Index’ and ‘Expected Years of Schooling’. Additionally, the Centre’s Data Sharing Policy for School Education & Literacy states that “sensitive data may be shared not only with the Department of Higher Education and associate departments, but also with the Central Government, State/ UT Governments & Government Autonomous organisations on a case-to-case basis”.
• The petitioners have argued that the policy does not specify the details of how such case-by-case determinations are made. Thus, sharing sensitive personal data with third parties without a specified objective goes against the principle of purpose limitation and violates their right to privacy under Article 21 of the Constitution of India.

3. Aadhaar data is not mandatory for enrolment in schools

• The Education Ministry, in its letter, has stated that the Aadhaar data of students must be provided to maintain the student registry under UDISE+. The student database will be used to determine funding allocation to States for the Centre’s Samagra Shiksha Abhiyan (SSA), a government programme for assisting states in the effective implementation of the Right to Education (RTE) Act amongst other objectives. Under Article 21-A of the Indian Constitution, the State is responsible for providing every child in the age group of six to 14 with access to free and compulsory education.
• Countering the proposed action by the Ministry, the petition argued that mandating Aadhaar for SSA violates the Supreme Court’s observation in the Puttaswamy judgment. The Court had held that Aadhaar is not mandatory for facilitating benefits under SSA to children in the age group of six to 14 years, and if Aadhaar is required for access to other welfare schemes, it must be subject to the consent of the parents.
• In this case, given that the purpose of Aadhaar data collection, such as ensuring 100 percent enrolment and budget allocation for SSA, already align with the implementation of the RTE, which does not require Aadhaar, according to the petitioners, the State’s demand for such data is against the test of proportionality for privacy.

4. Right to Education is not a benefit under the Aadhaar Act

• Seeding Aadhaar data to the UDISE+ portal will require schools to collect such data from students during admissions or at the time of enrolment. The petition highlights that the Supreme Court in 2019 had observed that the right to education under Article 21-A is not a benefit under Section 7 of the Aadhaar Act, which means Aadhaar is not mandatory for admissions in schools.
• Also, the RTE Act does not mandate Aadhaar for admissions. On this note, the petitioners stated that currently, no law justifies the infringement on children’s privacy under Article 21 by demanding Aadhaar for enrolment in schools.
• Additionally, the RTE Act requires local authorities to maintain students’ data and ensure that students complete their elementary education. They observed, “There are provisions under which a record of such data is already maintained, there is not a legitimate state aim that specifically requires Aadhaar data or other personal data to be collected in a centralised manner to arrive at statistical analysis. Thus, the data collection exercise violates the principle of necessity.”

5. There are alternative methods for student data collection under the RTE Act

• The Supreme Court had also stated, “when there are alternative means, insistence on Aadhaar would not satisfy the test of proportionality. This would violate the privacy right of the children importance whereto is given by the Constitution Bench in K.S. Puttaswamy…”
• The petition noted that the RTE Act states that a birth certificate qualifies as proof of admission for a child, and a record from a hospital or Auxiliary Nurse and Midwife (ANM) register record, Anganwadi, or declaration by a parent or guardian qualify as proof age of the child.
• While the Union government has the power to make rules to determine the manner of maintenance of records of the children under Section 38 of the RTE Act, the petition informed that no rules have been issued mandating Aadhaar. This indicates that currently, the only alternative methods are the ones above-mentioned, which are legally permissible under the RTE law.

6. “Unnecessary accumulation” of personal data poses dangers of profiling, data breaches

• The petitioners argue that the “centralised collection” of personal data, including Aadhaar data, violates the principle of data minimization, which requires that organizations limit the collection of personal data to only what’s required for the stated purpose.
• “Such collection of Aadhaar Data is being done without stating any just cause or object and unnecessary accumulation of sensitive information increases the risk of potential data breaches, unauthorized access, or misuse of personal information, posing significant threats to students’ privacy and security,” the petition stated.
• Highlighting the dangers of centralised collection of personal data, the petitioners stated that the activity can facilitate high-level data profiling, “categorization and segmentation” of students based on various criteria. This will also add to the risks of privacy breaches and misuse of sensitive personal information.
• Moreover, the petition noted, “Such centralised collection of Personal Data goes against the provisions of the Right of Children to Free and Compulsory Education Act, 2009, wherein emphasis has been placed that the local authority must maintain records of students.”

Also Read:

• Plea Challenges Mandatory Collection Of Aadhaar Data For School Education Data Registry: Report
• Unified Digital System To Deliver Scholarships In Tamil Nadu: A Half-Baked Scheme For Inclusive Education?
• India’s Education Ministry Asks Schools To Begin ‘Automated Permanent Academic Account Registry’ Process
• Video: Here’s What You Need To Know About Vidya Samiksha Kendras For Education Data
• Govt’s Education Registry Project: Stakeholders Raise Key Issues, Make Recommendations Amid Feedback Constraints

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!