GET Stock QuotesNews18 APP
News18 English
Powered by cricketnext logo
»
2-min read

Biometric Info Personal, Can't be Reset Like Password: Mozilla Foundation Questions India’s Data Protection Framework

The letter has also questioned the lack of provisions which gives an individual the right to object the way their data is being processed and, thereby, has viewed it as an attack on ‘individual liberty.’

News18.com

Updated:February 9, 2018, 2:06 PM IST
facebookTwittergoogleskypewhatsapp
Biometric Info Personal, Can't be Reset Like Password: Mozilla Foundation Questions India’s Data Protection Framework
Biometric information is taken for Aadhaar cards, which also hampers "individual liberty", the foundation points out (Representative image)
New Delhi: Asking the Justice B N Srikrishna committee to reconsider their definition of ‘sensitive personal information’, Mozilla Foundation, a non-profit organisation, said that the design of Aadhaar fails to provide “meaningful consent” to users as people are asked to link their card to the “ever increasing public and private services”, which does not even give them the “right to object”.

Further, questioning whether the committee does not believe biometric information to be “sensitive” and personal”, the foundation said that it is “the most personal information” and “cannot be reset like passwords”.

The Modi government had appointed an expert committee, headed by former Supreme Court judge B N Srikrishna, to study the various issues around data protection in India and draft a data protection bill that would be taken up for consideration by the Centre.

Last year, the committee had released a white paper inviting public suggestions to help frame the data protection law. Stakeholders were asked to send their comments by December 31, 2017.

The white paper had specifically looked into the issue of ‘informed consent’ and stated, “Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria.”

However, Mozilla Foundation, in an open letter to the former Supreme Court judge and Ministry of Electronics and Information Technology has asked them to reconsider the definition of “sensitive personal information”.

“The current proposal exempts biometric info from the definition of sensitive personal information that must be especially protected. This is backwards, biometric info is some of the most personal info, and can’t be ‘reset’ like a password,” the foundation wrote.

The letter has also questioned the lack of provisions which gives an individual the right to object the way their data is being processed and, thereby, has viewed it as an attack on ‘individual liberty.’

“Your report also casts doubt on whether individuals should be allowed a right to object over how their data is processed; this is a core pillar of data protection, without a right to object, consent is not meaningful and individual liberty is curtailed,” write Mozilla Foundation Chairwoman, Mitchell Baker.

The foundation has also questioned the design of Aadhaar and has cited examples from recent discussions highlighting the possibility of the unique identification proof as not being completely safe.

“The design of Aadhaar fails to provide meaningful consent to users. This is seen, for example, by the ever increasing number of public and private services that are linked to Aadhaar without users being given a meaningful choice in the matter. This can and should be remedied by stronger consent, data minimization, collection limitation, and purpose limitation obligations,” urged the foundation in the open letter.

“Instead of crafting narrow exemptions for the legitimate needs of law enforcement, you propose to exempt entire agencies from accountability and legal restrictions on how user data may be accessed and processed,” Mozilla Foundation said.

Recently, a group of 24 legal academicians and advocates have written to the Justice Srikrishna Committee of Experts on Data Protection, advocating for a citizen-centric data protection law and making several suggestions to achieve this objective.

The group has also demanded that the consultation process be made more inclusive, claiming that the white paper released by the Committee failed to set out the bigger picture on data protection due to lack of a public consultation on key principles of a data protection legislation.

Also Watch

| Edited by: Sumedha Kirti
Read full article