Why do you call this an original report?
They are not just talking about protecting the privacy of Indians, but empowering them at the same time. They’ve referred to the American model, the Chinese model and the European model, but have come up with an original model for India, which is something that not only applies to India but the Global South too. In that sense, this law is a precedent, and they’ve not copied any other law.
There was lot of apprehension by enterprises that it would limit their ability to do business in India. What’s there for them in the recommendation?
There are many things in the report that certainly require more time to go through. But, I think, they have explained that entities that collect data, or data fiduciaries, have certain responsibilities, which is a good thing. It has taken a very balanced view on that front.
The panel has recommended that UIDAI should be autonomous and be given certain powers. But, the Data Protection Authority (DPA) will have the final say. Is this provision good?
It’s very good. On the one hand, they are recommending making UIDAI
like an autonomous regulator, and also saying that if somebody infringes upon the UIDAI law by publishing the Aadhaar number, they should be able to take action against them. I think what they are proposing is basically making UIDAI independent and capable of enforcing regulations.
At the same time, there will be an overall data protection law for the country, and that law, in turn, will create the DPA. Obviously, like all other entities, UIDAI will come under that Act. This means, if someone finds their privacy being infringed upon, they can appeal to the DPA. Therefore, it’s a very balanced view.
The report has recommended that UIDAI should have financial autonomy. Does it help in establishing the overall autonomy?
Usually, when you have a regulator, you need to do something to make sure that they have some financial autonomy. I guess they have recommended for it in that spirit.
The report says Aadhaar authentication should be restricted to entities that perform public functions. Will that reduce its power?
I am assuming that all users, where there is a legitimate public purpose, will be allowed to use. For instance, if a mobile company has to do KYC, which is a legitimate public purpose, then even a private telecom firm doing it would make the same a public purpose. I’m sure it’ll be included.
Do you think these proposals will be taken in and made part of the Aadhaar Act?
I hope so, but please don’t forget there’s still one final piece to fall in place, which is the Supreme Court
Judgment. Once that happens, it will be ready for being passing.