‘Please don’t forget there’s still one final piece to fall in place, which is the Supreme Court judgment. Once that happens, it will be ready for being passed.’
The Srikrishna panel has suggested that in order to adhere to the proposed law, the Aadhaar Act would need changes.
While some of the proposals seek to grant Aadhaar more autonomy, others could limit the use of biometric authentication by certain parties.
Nandan Nilekani, former chairman of UIDAI and the key architect of Aadhaar, tells Bibhu Ranjan Mishra and Alnoor Peermohamed that while the proposals are good, one still needs to wait for the Supreme Court judgment on Aadhaar for all the pieces to fall into place.
You are among the earliest to have flagged the issue of data privacy. In that context, what’s your view on the panel’s recommendations?
This is a landmark report. It has come out with a very strategic and comprehensive set of proposals, and, most importantly, is an original report. It is not just trying to import some ideas of privacy and implement it, but has looked at it from the ‘first principles’ and taken into consideration the Indian situation.
I think they have clearly conveyed this in the headline of the report -- ‘protecting privacy, empowering Indians’. They have realised that apart from ensuring privacy, we also have to have systems that enable people to be empowered with their own data.
Why do you call this an original report?
They are not just talking about protecting the privacy of Indians, but empowering them at the same time. They’ve referred to the American model, the Chinese model and the European model, but have come up with an original model for India, which is something that not only applies to India but the Global South too. In that sense, this law is a precedent, and they’ve not copied any other law.
There was lot of apprehension by enterprises that it would limit their ability to do business in India. What’s there for them in the recommendation?
There are many things in the report that certainly require more time to go through. But, I think, they have explained that entities that collect data, or data fiduciaries, have certain responsibilities, which is a good thing. It has taken a very balanced view on that front.
The panel has recommended that UIDAI should be autonomous and be given certain powers. But, the Data Protection Authority will have the final say. Is this provision good?
It’s very good. On the one hand, they are recommending making UIDAI like an autonomous regulator, and also saying that if somebody infringes upon the UIDAI law by publishing the Aadhaar number, they should be able to take action against them. I think what they are proposing is basically making UIDAI independent and capable of enforcing regulations.
At the same time, there will be an overall data protection law for the country, and that law, in turn, will create the DPA. Obviously, like all other entities, UIDAI will come under that Act. This means, if someone finds their privacy being infringed upon, they can appeal to the DPA. Therefore, it’s a very balanced view.
The report has recommended that UIDAI should have financial autonomy. Does it help in establishing the overall autonomy?
Usually, when you have a regulator, you need to do something to make sure that they have some financial autonomy. I guess they have recommended for it in that spirit.
The report says Aadhaar authentication should be restricted to entities that perform public functions. Will that reduce its power?
I am assuming that all users, where there is a legitimate public purpose, will be allowed to use. For instance, if a mobile company has to do KYC, which is a legitimate public purpose, then even a private telecom firm doing it would make the same a public purpose. I’m sure it’ll be included.
Do you think these proposals will be taken in and made part of the Aadhaar Act?
I hope so, but please don’t forget there’s still one final piece to fall in place, which is the Supreme Court Judgment. Once that happens, it will be ready for being passed.
Photograph: Jayanta Shaw/Reuters.