DAMODARAM SANJIVAYYA NATIONAL LAW UNIVERSITY

LEGAL LANGUAGE PROJECT

AADHAR CARD AND RIGHT TO PRIVACY ISSUES AND

CHALLENGES
MR.ARVIND NATH TRIPATHI

ABHIJIT CHATURVEDI
2015003

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 1

SEMESTER 2ndACKNOWLEDGEMENT
I would like to thank Mr. Arvind Nath Tripathi for providing me with this challenging
opportunity. I thank you sir for your continuous guidance and support in order to complete
this project.
I would also thank DAMODARAM SANJIVAYYA NATIONAL LAW UNIVERSITY for
providing me with useful resources which have played a vital role in completing this
project.
Lastly i would thank my parents who have continuously helped me by providing emotional
and psychological support in situations where I lost all my hopes.

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 2

TABLE OF CONTENT
S.No.

TOPIC

Introduction

Hypothesis

Scope of the study

Right to privacy in India

Aadhar Card

Problems & challenges faced

Remedy to the Problem

Conclusion

Bibliography

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 3

Pg. No.

HYPOTHESIS:
1)Researchers believe that aadhar card exploits right to privacy of an individual.
2)Researchers believe that biometrics of an individual are being misused, which promotes
terrorism, cyber-crimes and other such crimes.
3)Researchers believe that aadhar card is a financial waste for the Indian economy, as it is
mandatory for all citizens of the country
4)Researchers believe that with the introduction of such identification cards cases of forgery
have increased, which makes the entire system inefficient.

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 4

INTRODUCTION
Aadhar Card, being the brand identity of the card issued by the Unique Identification
Authority of India, under the chairmanship of Nandan Nilekani, the co-founder of Infosys
was developed as a solution to tackle the legal issues caused by the increasing number of
illegal migrants from neighbouring countries. The fundamentals of UID are highly corelated to the Social Security number issued by the United States Department of Social
Security Administration. The significant point of difference between the two being the UID
was a mandate while the latter was at the discretion of the citizens.
The scheme makes into application the technology of collection of personal as well as
biometric information relating to the citizens and encryption of the collected data. However,
the failure of the scheme vests in the fact that taking into account the technological as well
as the legal background prevailing in our country, the maintenance of a comprehensive
database is feasible only when there are sufficient legal mechanisms, enforcement agencies
and encryption standards to monitor the protection of data. Further it is pertinent to note that
the project infringes upon our right to privacy, which flows from Article 21 and right against
self-incrimination under Art.20 (3).

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 5

RIGHT TO PRIVACY AND THE CONSTITUTION OF INDIA

There is no direct provision providing for the right to privacy in the constitution of India.
Hence the right to privacy needs to be understood on the basis of the decisional
jurisprudence developed by the constitutional courts in India. Furthermore, the reason which
the right to privacy is a non-defined right has its basis in the social context of India. The
development of the right to privacy in India could be traced from the case of M.P. Sharma
v. Satish Chandra 1, in which case the Supreme Court held that the Indian constitution does
not conceive the right to privacy while determining the contours of search and surveillance
by the police. This narrow interpretation of the constitution reflects the view point of the
judiciary of that particular time period.
In the case of Kharak Singh v. State of Uttar Pradesh 2, the Supreme Court observed that:
The right of privacy is not guaranteed under our Constitution and therefore the attempt to
ascertain the movements of an individual, which is merely a manner in which privacy is
invaded is not an infringement of fundamental right guaranteed by Part III 3. This again
reflects a restrictive interpretation of the constitution. But, in the case of Govind v. State of
M.P4, the Supreme Court took a viewpoint which represents a paradigm shift in perspective
from their earlier rulings. In this case the Supreme Court observed that: There can be no
doubt that the makers of our Constitution wanted to ensure conditions favourable to the
pursuit of happiness. They certainly realized, as Brandeis, J. said in his dissent in
Olmstead v. US, the significance of mans Spiritual nature, of his feelings and his intellect.
They sought to protect the individual in their beliefs, thoughts, their emotions and their
sensations. To do this they must be deemed to have conferred upon the individual a sphere
where he should be left alone, free from governmental access.

1AIR 1963 SC 1295: (1964) 1 SCR 332

2Kharak Singh v State of UP, AIR 1963 SC 1295(1994) 1 SCR 332; supra, Ch.
XXIV, Sec. G
3AIR 1973 SC 157: (1937) 1 SCC 471
4AIR 1975 SC 1378
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 6

The Govind case turned out to be a landmark case with the Supreme Court reiterating the
right to privacy in subsequent cases. In the R. Rajagopal v. State of T.N5, Supreme Court
speaking through Jeevan Reddy, J. observed that: The right to privacy is implicit in the
right to life and liberty guaranteed to the citizens of this country by Article 21. It is a right
to be let alone. A citizen has a right to safeguard the privacy of his life, family, marriage,
procreation, motherhood, child-bearing and education among other matters. None can
publish anything concerning the above matters without his consent, whether truthful or
otherwise and whether laudatory or critical. If he does so, he would be violating the right to
privacy of the person concerned and would be liable in an action for damages.
In P.U.C.L. v. Union of India, the Supreme Court of India, while laying down the standards
for telephone wiretapping had observed that the right to privacy is an integral part of the
fundamental right to life enshrined under Article 21 of the Constitution and this right shall
be available only against the state. Further in the case of Mr. X v. Hospital Zalso
Supreme Court acknowledged the right to privacy, but held that it is not an absolute right.
The cases mentioned above clearly establish that the right to privacy is very much a part of
the fundamental rights under the Constitution of India. Furthermore, one must not forget
that the right to be left alone and to be free in ones private space is an important right,
which the Supreme Court has accepted in the case of Naz Foundation v. Government of
NCTand Others6 . Right to privacy cannot be claimed to be a negative right restraining the
power of the state, but it should be viewed to be a positive duty casted on the state to crated
institutions that would help in protecting the private space and life of the individual.

ISSUE OF BREACH OF PRIVACY

Almost every country that tried to implement national identity cards based on integrated
systems had public resistance, because of concerns over privacy. There are many
dimensions to privacy, including the privacy of a person, privacy of communications,
5AIR 1995 SC 264: (1994) 6 SCC 632
6 Indiankanoon.org/search/?forminput=naz%20foundation
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 7

territorial privacy and privacy of personal data. Privacy of the person concerns the privacy
of body, and its integrity and freedom of not being infringed upon. Privacy of
communications deals with the freedom to have communications by any means without
being infringed upon by surveillance, telephone tapping etc. Territorial privacy addresses
freedom from encroachment into domestic and official spaces by the way of surveillance.
Identity and informational privacy or data privacy deals with the protection of information,
especially sensitive information.
It is important to note that the main privacy concerns brought by the UID project are:
territorial and data privacy. In India, the concept of privacy in the social sphere is not as
prevalent as it is in Europe or the United States. A great observation made by Justice
Brandeis and Samuel Warren in their article in Harvard Law review clearly shows the
importance of limiting the impact and encroachment of technologies into the private sphere.
Justice Brandeis observed that: The intensity and complexity of life, attendant upon
advancing civilization, have rendered necessary some retreat from the world, and man,
under the refining influence of culture, has become more sensitive to publicity, so that
solitude and privacy have become more essential to the individual; but modern enterprise
and invention have, through invasions upon his privacy, subjected him to mental pain and
distress, far greater than could be inflicted by mere bodily injury 7.
The UID leads to a situation of access to all the sensitive information of the people enrolled
in the UID. This information could be misused by authorities. The risk that the UID poses to
an individuals privacy is enormous as information that is now scattered in the public
domain will be brought into one point of convergence through the UID. Further, there are
issues of privacy infringement due to the use of biometric information in the project. The
collection of, and identification based on biometric information could be understood as a
breach of ones territorial privacy and ones data privacy8.
As persons are being identified on the basis of sensitive biometric information, the risk of
being profiled, targeted and marginalized by the state on the basis of this sensitive
information is very high. Hence, there is a requirement for the protection of data privacy and
7Http://eaadhar.uidai.gov.in
8Internet Law And Practice
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 8

territorial privacy. The claims that the UID number will provide efficient access to
developmental projects and facilities, should be viewed with suspicion, because when
sensitive information of this nature is placed in the control of the state, it gives enormous
power to the state.
ORIGIN AND EVOLUTION OF AADHAR
Aadhar Card, being the brand identity of the card issued by the Unique Identification
Authority of India, under the chairmanship of NandanNilekani, the co-founder of Infosys
was developed as a solution to tackle the legal issued caused by the increasing number of
illegal migrants from neighbouring countries. The fundamentals of UID are highly
correlated to the Social Security number issued by the United States Department of Social
Security Administration. The significant point of difference between the two being the UID
was a mandate while the latter was at the discretion of the citizens.
The series of events relating to Aadhar can be chronologically summarized as under:
2009- Introduction of a scheme giving every citizen a unique 12 digit Identity number
linked to his biometric information. The very purpose of the scheme was to make cash
payments directly to the needy thereby ensuring a welfare system of governance. Till
January 2014, the agency had issued nearly 57 crore Aadhar cards in India.
The said scheme was challenged by Aruna Roy and K. Puttuswamy, the former Judge of
Karnataka High Court on the ground that the right to privacy of a citizen is violated by the
collection of their biometric information and the same information can be misused.
The Honble Supreme Court on 24th March 2014 held that the biometric data collected from
citizens cannot be shared with anyone. This comment was in connection with the Honble
Bombay High Courts order to hand over the Aadhar Biometric database to C.B.I for
facilitating an investigation regarding the murder of a 7 year old girl in Goa.

Aadhaar and UIDAI

Aadhaar is a brand name of Unique Identification Number that the Unique Identification
Authority of India (UIDAI) will issue to every resident of India. The twelve digit number
is linked to the residents demographic and biometric information, which they can use to
identify them everywhere in India, and to access a host of benefits and services. Each
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 9

number relates to a set of information stored in centralized data base that provides for real
time verification.9
Unique Identification Authority of India is the government agency responsible for the
implementation of Aadhaar. UIDAI was set up through notification number A43011/02/2009 admin.1 dated 28/01/2009 as an attached office of the planning
Commission. As per the notification on UIDAI has been assigned the responsibilities of
laying down the plan and policies to implement the UIDAI Scheme, own and operate
UIDAI database including its updation and maintenance on an ongoing basis. The
implementation of the scheme entails, inter-alia, the responsibilities to generate and
assign UID number to resident and define 15 sage and applicably of UID for delivery of
various services. NandanNilekani former Co-chairman of Infosys was appointed as the
Chairman of UIDAI (with Cabinet Rank) R.S. Sharma is the Director General and
Mission Director of UIDAI.
The data stored in the Central ID repository (CIDR) include basic biometric and
demographic information of every individual in India. Photograph, ten fingerprints and
the iris scans are the biometric information collected.10 Details are listed below:
1. Name
2. Gender
3. Date of birth
4. Fathers/Husbands/Guardians Name and Aadhaar Number
5. Mothers/Wifes/ Guardians Name and Aadhaar Number
6. Educational Qualification
7. Address
8. Voters ID Number
9. PAN
10. Ration Card Number
11. Driving License Number4 9 - 9 5 9 8 Page 478
12. Details of Gas Connection
9http://resident.uidai.net.in//
10http://www.uidaadhaar.com/history

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 10

13. Introducers Name and Aadhaar Number in case of lack of documents

14. Ten finger print
15. Iris scans
16. Photograph
17. NREGS number
Various state governments and enrolling agencies are incorporating who-knows-what all
details in forms.
Aadhaar project is being implemented in two phases. Phase I compromises of setting up
of necessary infrastructure at the Head Quarters and Regional Offices, testing facilities,
putting the man power and process to kick start the programme. Phase II, involves
enrolling of people in the scheme through some enrolling agencies. Then the process of
de-duplication (de-duplication is the process by which data collected through enrollment
process is subjected to verification by the UIDAI by biometric matching to ensure that no
duplication has occurred). And the process of data updation by which any change in the
biometric or demographic data is recorded in time.
The data collected during enrollment process which include demographic and biometric
information would be stored in Central ID Repository (CIDR) maintained by the UIDAI.
The scheme has a multi registrar approach. The registrar General of India having the
responsibility of preparing the National Population Registry (NPR) under the citizenship
Rule 2003 is one of the main registrars of UIDAI. This multi registrar approach would
reduce the risks associated with data security says the UIDAI.
The data stored in the CIDR is used for the verification of identify of the resident who
has a UID number. A real time verification system will be made available to all service
providers who prefer to make use of Aadhaar. These might include various social welfare
schemes of the government like Public Distributing System (PDS) and National Rural
Employment Guarantee Scheme (NREGS) and financial institutions like Banks. The
UIDAI also contemplates expanding the use of Aadhaar to various other applications in
private and public sectors. UIDAI says it would provide only indentify verification to
personal information would be made available to their agencies whether government or
private.11

11 Constitutional Law Of India, H.M. Seervai, Fourth Edition

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 11

CONTENTIONS RAISED KEEPIN IN MIND THE RIGHT TO

PRIVACY
The said scheme was challenged by Aruna Roy and K. Puttuswamy, the former Judge of
Karnataka High Court on the ground that the right to privacy of a citizen is violated by the
collection of their biometric information and the same information can be misused.The
Honble Supreme Court on 24th March 2014 held that the biometric data collected from
citizens cannot be shared with anyone. This comment was in connection with the Honble
Bombay High Courts order to hand over the Aadhar Biometric database to C.B.I for
facilitating an investigation regarding the murder of a 7 year old girl in Goa.
Inadequacy of Data Protection Laws
Data Protection refers to the set of privacy laws, policies and events that aim to minimize
intrusion into ones privacy caused by the collection, storage and dissemination of personal
data. Personal data generally refers to the information or data which relate to a person who
can be identified from that information or data whether collected by any Government or any
private organization or an agency. Taking note of the Indian scenario, it is evident that India
does not have dedicated data protection Laws. This makes the sensitive information and
personal details of Indian Citizens Highly Vulnerable to misuse.
Recently the susceptibility of governmental databases to cybercrimes has been well
documented and exposed all over the world. The absence of any legal safeguards for lapses
on the part of the Registrars, authorities and enrolling agencies, further makes the entire
situation far more problematic for an individuals privacy. Still it is wretched to observe that
Indian government does not have a specific Law on data protection. Indian Government
owes a reasonable duty of care to the citizens to ensure the protection of their data from
misuse. In the absence of such reasonable care which is expected from a governmental
authority, the realization of projects like Aadhar should be given a second thought.
Even though India presently does not have any express legislation governing data
protection or privacy, the relevant laws in India dealing with data protection are the
Information Technology Act, 2000 and the (Indian) Contract Act, 1872. Let us now analyse
how far these provisions succeed in ensuring data protection.

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 12

The Information Technology Act 2000 defines the term data as a representation of
information, knowledge, facts, concepts or instructions which are being prepared or have
been prepared in a formalised manner, and is intended to be processed, is being processed or
has been processed in a computer system or computer network, and may be in any form
(including computer printouts magnetic or optical storage media, punched cards, punched
tapes) or stored in the memory of the computer. Even though the concept of data was
defined, the definition of data would be more relevant in the field of cybercrime rather
than in the field of data protection.Introducing a UID scheme like Aadhaar in the pretext of
vagueness in existing law should not be warranted.
Some provisions are considered by Indian scholars as providing rules pertaining to personal
data protection. Let us analyse these rules in the light of how far they ensures protection to
the personal data involved in a scheme like Aadhar. The basic provisions are;

Grounds on which Government can interfere with Data

The Controller, appointed by the Government, can direct a subscriber to extend facilities to
decrypt, intercept and monitor information, If the Controller under the IT Act is satisfied
that it is necessary or expedient so to do in the interest of sovereignty or integrity of India,
defence of India, security of the State, friendly relations with foreign States or public order
or for preventing incitement to the commission of any cognizable offence relating to above
or for investigation of any offence. Section clearly envisages the right of the government to
access personal information in special circumstances. But in the instant case the section fails
to address how protection can be offered to the accessed data and remedy in the case of
misuse on account of lapse in protective measures. Thus in the instant case as there is no
sufficient protection for the accessed data. Hence the said Aadhaar project is not feasible.

Penalty for Damage to Computer, Computer Systems, etc. under the IT Act

IT Act, imposes a penalty for downloading data without consent. Even though such a
penalty is imposed on the downloader, there is no penalty on the person who fails to protect
the data from being exposed to such a threat. In the present case when we provide the
government with our personal data for the purpose of Aadhaar, the government is duty
bound to protect data. I f the government fails strict action should be taken.

Computer related offences

If any person, dishonestly or fraudulently does any act referred to in Section 43, he shall
be punishable with imprisonment for a term which may extend to three years or with fine
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 13

which may extend to five lakh rupees or with both. Here also as discussed earlier
punishment is given only to the downloader and not to the person who fails to take
reasonable care for protecting the data, which is obviously government in the instant case.12

Penalty for Breach of Confidentiality and Privacy

Section 72 of the IT Act speaks specifically about confidentiality and privacy. The Section
provides that any person who, in pursuance of any of the powers conferred under the IT Act
Rules or Regulations made there under, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the consent of the
person concerned, discloses such material to any other person, shall be punishable with
imprisonment for a term which may extend to two years, or with fine which may extend to
INR 100,000, or with both.
Thus there is no provision mandating the government to protect the data that was made
available from the public. Thus introduction of Aadhaar at this stage is highly unwarranted
decision. Now let us analyse the adequacy of existing provision on the basis of wellestablished principles.13
Content Principles
Basic principles with respect to the content of applicable regulations have been established
in the adequacy of the protection for personal data provided by a countrys legislation. The
Information Technology Act 2000 is neither privacy protection legislation nor data
protection legislation as in Europe. It does not establish any specific data protection or
privacy principle. But the IT Act is a generic legislation.
Principle of Purpose Limitation
The purpose limitation principle requires that data should be processed for a specific
purpose and subsequently used or further communicated only insofar as this is not
incompatible with the purpose of the transfer. Even though this is the principle, data bases

12 Cyber Law Cyber Crime Internet & E-Commerce, Prof.VimlenduTayal

13http://cis-india.org/internet-governance/blog/privacy/privacy_encryption
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 14

are used private agencies with the aid of data collector itself. There are no proper
legislations prohibiting private agencies from such acts.
Principle of Transparency
The transparency principle requires that individuals should be provided with the information
as to the purpose of the processing and the identity of the data controller in the third country,
and other information insofar as this is necessary to ensure fairness. As far as Aadhaar is
concerned there is no information as to the purpose for which information is used and the
persons by whom information are used.
Principle of Security
The security standard requires that technical organisational measures should be taken by the
data controller that are appropriate to the risks presented by the processing. Any person
acting under the authority of the data controller, including a processor, must not process data
except on instructions from the controller. As far as government of India is concerned no
proper measures are taken to secure the privacy of Aadhar. In the absence of such technical
protection the implementation such an elaborate data scheme revealing personal data cannot
be entertained.
No doubt, data protection requirements are essential part of civil liberties protection in
cyberspace thereby privacy and data protection assuming an integral part of human rights
India lacks efficiency. It is the high time to formulate a strong legal framework for data
security, protection and privacy protection.
The basic objective behind implementation of a Unique Identification Number for Indian
citizens was no doubt a welfare scheme of the Government. But it remains still a fallacy as
to how far the Government and the agency could ensure data security as well as protection.
The basic purpose of the scheme stands defeated if the collected data are provided to other
agencies for various purposes including criminal investigation. The order of the Honble
Supreme Court reversing the order of the Bombay High Court to provide for database for
criminal investigation stands as a positive move. The SC has also prohibited the agency
from transferring the information collected from the citizens to any other agencies. The

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 15

absence of a strong legislative framework to deal with Unique Identification scheme stands
as a major hindrance for the success of the scheme.
INEFFICIENT ENCRYPTION STANDARDS
The lack of a proper cyber-crime policy, encryption policy, cyber security policy etc affects
the authenticity of schemes like Unique Identification number. Encryption or encoding is
defined as the act of converting data or information into code. In cryptography, encryption is
the process of encoding messages or information in such a way that only authorized parties
can read it.
Security and privacy have a fundamental relationship, because they act complimentary, and
yet at the same time they are opposed to each other. First, data security and privacy are not
the same. Breaches in data security occur when information is accessed without
authorization. There is no loss of privacy, however, until that information is misused.
Though data security is critical for protecting privacy, the principles of data security call for
practices that threaten privacy principles. For example, data security focuses on data
retention, logging, etc, while privacy focuses on the consent, constrained access to data,
limited data retention, and secrecy.
DEDICATED ENCRYPTION POLICY IS THE NEED OF THE HOUR
An efficient encryption policy also plays a vital role in ensuring national security. Presently,
India does not have a parallel system, but it is no doubt prudent to frame one. Though the
government is conscious of the connection between encryption and national security, it
seems to be addressing it by setting a low standard for the public which enables it to monitor
communications and other information so easily. It is significant to note that today we live
in a digital age or cyberspace where there are no boundaries. One cannot encrypt data at 40
bits in India and think it is safe, because that encryption can be broken everywhere else in
the world. Despite the fact that there are no boundaries in the digital age, users of the
internet and communication technologies are subject to different and potentially inconsistent
regulatory and self-regulatory data security frameworks and consequently different
encryption standards. As stated before, Aadhar database contains many significant biometric
as well as personal information. Hence, while dealing with such sensitive information about
the citizens, the Government could have ensured a strong legislative protective shield.

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 16

One way to overcome this problem could be to set in fact a global standard for encryption
that would be maximal for the prevention of data leaks. For instance, there are existing
algorithms that are royalty free and available to the global public such as the Advanced
Encryption Standard algorithm, which is available worldwide. The public disclosure and
analysis of the algorithm bolsters the likelihood that it is genuinely secure, and its
widespread use will lead to the expedited discovery of vulnerabilities and accelerated efforts
to resolve potential weaknesses. Another concern that standardized encryption levels would
resolve is the problem of differing export standards and export controls. As seen by the
example of the US, industrialized nations often restrict the export of encryption algorithms
that are of such strength that they are considered dual use in other words, algorithms
that are strong enough to be used for military as well as commercial purposes. Some
countries require that the keys be shared, while others take a hands-off approach. In India
joining a global standard or creating a national standard of maximum strength would work
to address the current issue of inconsistencies among the required encryption levels.
Hence, a comprehensive data protection legislation along with proper encryption standards
that seeks to install a data protection regime covering both personal and data privacy is in
the pipeline.

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 17

CONCLUSION
E-surveillance in India has come as a death knell for privacy rights in India. When the state
is not in a position to provide privacy to accessed data from public the implementation of
Aadhar project should necessarily remain as a dream. India does not have a Data Security
Law and Privacy Law. The privacy protection Bill 2013 is yet to be passed. Keeping in
mind the past experience and e-surveillance hunger of Indian government, this does not
seems to be realised. In the backdrop of Snowden incident there is always a necessity to
ensure data protection through proper legislations and encryption mechanisms. Fair
information practices should be enacted into national law to place obligations on companies
and governments who collect and process personal data, and give rights to those individuals
whose personal data is collected. Data protection should be monitored by independent data
protection authorities, which work transparently and without commercial advantage or
political influence. Legislations must address the risk of misuse of data. They should clearly
specify the provisions for lawful access .Once obtained the data must only be used for
lawful purpose. Time limit should be kept for granting the access. The lawful access
provisions should be stated clearly and published in a way that they are easily available to
users, key holders and providers of cryptographic methods. The Government also has to
ensure an efficient encryption standard to prevent further hazard.A key management system
should be developed in such a way that it could balance the interests of users and
enforcement authorities. Thus elaborate database schemes like Aadhar can only be
implemented after equipping the whole system with the glittering sword of data protection.
AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 18

BIBLIOGRAPHY
BOOKS REFERRED
1.

Christopher Kuner, Data Protection Law and International Jurisdiction on the

Internet (Part 1),International Journal of Law and Information Technology (2010)
and Data Protection Law and International Jurisdiction on the Internet (Part 2),
International Journal of Law and Information Technology 227 (2010)

2.

Mohammed Nyamathulla Khan, 2009, Does India have a Data Protection Law.

3.

Alessandro Acquiati, Digital Privacy- Theory, Technology and Practice, Auerbach

Publications

WEBSITES
1.

http://www.ehcca.com/presentations/privacysymposium1/steinhoff_2b_h1.pdf

2.

http://www.legalserviceindia.com/article/l406-Does-India-have-a-Data-Protectionlaw.html

3.

http://cjnewsind.blogspot.in/2011/04/encryption-standards-in-india.html

4.

http://cis-india.org/internet-governance/blog/privacy/privacy_encryption

5.

http://www.business-standard.com/article/technology/the-face-of-indian-cyber-lawin-2013-113123000441_1.html

6.

http://www.ehcca.com/presentations/privacysymposium1/steinhoff_2b_h1.pdf

7.

http://www.uidaadhaar.com/history

8.

http://www.ijens.org/Vol_11_I_06/112206-7474-IJECS-IJENS.pdf

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 19

AADHAR CARD & RIGHT TO PRIVACY: ISSUES AND CHALLENGESPage 20