The National Health Authority (NHA) has sought Aadhaar and other details of beneficiaries under the National Food Security Act (NFSA), in a letter sent to the Director of the Department of Food and Public Distribution (DoFPD) on January 5. Deficiencies in the Socio-Economic Caste Census (SECC) require it to be mapped with Aadhaar and NFSA data to identify beneficiaries under the AB-PMJAY (public health insurance scheme), NHA CEO RS Sharma wrote in the letter.
Subsequently, the DoFPD director urged states and Union Territories to share this data with the NHA using API integration. However, several state governments were reluctant to do so, owing to confusion around whether Aadhaar data can be shared freely within ministries, according to minutes from a meeting between the NHA and the Unique Identificatory Authority of India (UIDAI) held on January 4. Officials from the National Informatics Centre, IT Ministry, and DoPFD also attended the meeting. The NHA has denied any reservations among states on this issue, saying that “the process of database sharing has already commenced in several States/UTs.”
In October last year, the UIDAI allowed central government departments to share masked Aadhaar information between themselves for similar identification of beneficiaries under different schemes. Privacy advocates expressed concerns, saying that it could lead to the creation of family databases and hence, reuse data that was collected for another purpose.
Questions around sharing of masked Aadhaar data
NFSA ration card data from 18 states is already being shared with the NHA to identify beneficiaries over the last 18 months, DoPFD officials said at the meeting. In an attempt to convince the remaining states to share the data, NHA Deputy CEO Vipul Aggarwal asked for the following clarifications regarding the sharing of masked Aadhaar data:
Which authority should take consent? The UIDAI said that it would prefer if the ministry/department which had first collected the data asked for consent from beneficiaries. However, taking note that the DoFPD had expressed difficulties in collecting such consent, the UIDAI added that the NHA could also do it.
At what stage should consent be collected? The UIDAI said that consent has to be collected at the time of delivery of the services, goods, etc.
How should consent be taken? On the mechanism of taking consent, Aggarwal asked why consent could not be assumed in case of no response from a beneficiary to a text message for the same, as is done by the Income Tax Department. The UIDAI did not directly reply to his question and simply referred to its October memo which laid down that consent can be collected via a physical ‘No-Objection certificate’ or in an electronic form through an email, message, or a similar form put on the using ministry/department’s website.
Issues with inter-departmental sharing of Aadhaar data
The UIDAI’s October memo cited court judgements that recognised different ministries and departments as one unit i.e the ‘central government’ as grounds to allow inter-departmental sharing of the last four digits of an Aadhaar number and certain demographic data. It led to the following concerns:
Allows consent to be taken pre-emptively: “This circular will allow ministries to reuse data collected for a particular purpose because they already hold it. It is shady,” Srikanth Lakshmanan, a tech activist said. He also raised concerns with the form annexure allowed to be put on a website for consent collection by a ministry for purposes in the future. “It is slightly problematic because you are giving your permission for that agency to use your data for a future thing you do not know about as if you are signing a blank cheque,” Lakshmanan said.
Privacy concerns: The sharing of masked Aadhaar data in addition to demographic data did not make sense, Lakshmanan said, because it is almost like sharing the whole set of data. “It is a fairly unique dataset even if you do not have the 12 digits,” he said. Lakshman also noted that the timing of the memo was “interesting” as it was released just before the Joint Parliamentary Committee’s report on the data protection bill was tabled in the Parliament. He suggested that the intention seemed to be to give permission and nudge the government ministries/departments to share data freely before the data protection law comes into force. He also stressed that the Aadhaar Act has purpose limitations built into its framework.
Creation of State Family Database: The move could be an attempt to build a family database under the State Family Database (SFDB), according to researcher Srinivas Kodalli. SFDB is a data integration and exchange platform that is supposed to be an all-in-one database used across different departments of the state government to maintain records of various kinds. Tamil Nadu and Haryana are a few of the states that are currently working on such a database.
- Exclusive: Inside Telangana’s pilot project to digitise the health records of citizens
- UIDAI permits govt to share partial Aadhaar details, collect consent for future
- Over 96% Health IDs linked with Aadhaar: New details emerge from ABDM webinar
Have something to add? Post your comment and gift someone a MediaNama subscription.