LINKING OF AADHAAR CONNECTING WITH SOCIAL MEDIA AND CONNECTED LEGALITIES
BY
DR. PAVAN DUGGAL
ADVOCATE, SUPREME COURT OF INDIA
CHAIRMAN, INTERNATIONAL COMMISSION ON CYBER SECURITY LAW
The recent proceedings in the Supreme Court of India have brought forward the focus of the public attention on an important aspect-
Should Aadhaar be linked with social media accounts? If so, the efficacy thereof.
The argument being put forward in support of the proposition by the Government is that linking Aadhaar with social media is going to help fight the menace of fake news, cyber bullying and trolling and will help and create an orderly cyberspace.
Further, it is also suggested that such move will help in curbing cybercrimes and untoward uncivilized behavior online.
While the objectives of the proposed thought process are indeed noble, the fact remains that such a situation is likely to lead to large number of legal and policy challenges. One of the biggest challenges in this regard would relate to protection and preservation of privacy. By virtue of the judgment of the Supreme Court of India in Justice Puttaswamy v/s Union of India, right to privacy is now part of our fundamental right to life under Article 21 of the Constitution of India. This includes not just personal privacy but also data privacy. Hence, any linkages of Aadhaar with social media accounts could prejudicially impact both personal privacy and also data privacy.
Since the fundamental rights are enforceable against state action, any action by the Government could potentially open up Pandora’s Box of writ litigations against the Government for breach of privacy. Also, it needs to be noted that Aadhaar is no normal information, it is sensitive personal data of a particular person as it helps in personally identifying the concerned person. Further, Aadhaar number is directly linked with the person’s biometric details. Sharing such of information with social media service providers could result into violation of people’s right to privacy. This issue needs to be examined by the Government before it proceeds forward.
Also, another issue that requires consideration is that such an approach is likely to be counter-productive and could prejudicially impact India’s sovereignty, security and integrity. If Aadhaar is linked with social media accounts, it needs to be noted that large number of social media service providers are physically located outside the territorial boundaries of India. Linking of Aadhaar with social media would mean that Aadhaar information would then follow on and be resident on foreign servers located in foreign jurisdictions. These servers are amenable to the laws of different countries. Hence, the said information can be accessed by various foreign governments and their representatives. The access of Aadhaar information by various foreign state and non-state actors could lead to potential attacks against the Aadhaar ecosystem, thereby potentially endangering India’s critical information infrastructure and aiming to prejudicially impact India’s sovereignty, security and integrity.
Complicating the entire scenario is the fact that India does not have a dedicated data localization law yet. The Indian Information Technology Act, 2000 is silent on data localization. Similarly, the Aadhaar Act has not really addressed this issue in detail. In the absence of data localization law, linking Aadhaar with social media accounts could potentially raise far more new legal challenges for the Government.
Seen from another perspective when Aadhaar is linked with social media accounts, the cyber security ramifications of the same will have to be considered, because the Aadhaar information must be safe and secure. It would be not known as to what kind of cyber security mechanisms, processes and procedures would be adopted by the social media service providers so as to protect the authenticity and veracity of Aadhaar information resident on their servers. Considering that most of these social media service providers have servers based outside India, it effectively means that the cyber security ramifications of such servers handling, dealing or processing Aadhaar information would be outside the control of the Indian Government as also Indian law. Such an approach is likely to expose Indians whose Aadhaar is linked with social media accounts, to potential legal consequences and cyber security breaches.
Seen from a different perspective, we need to understand the international ramifications of the same. There are no international norms in this regard. In case, India wants to link Aadhaar with social media, it will still not help solve the challenges. Most of the cyber criminals are not waiting for the linkages to happen in order to commit cyber crimes. Even if such a move is to be implemented, there is nothing stopping cyber criminals and cyber trolls from moving on to the darknet so as to perpetuate their illegal activities while hiding their electronic identities. As such, linking Aadhaar with social media is going to be counter-productive. It is also likely to give rise to large number of litigations. Further, Aadhaar was never really envisaged to be a means of identification for social media accounts and hence the linking could tomorrow be potentially challenged as being violative of provisions of the Constitution of India and the Information Technology Act, 2000. The better approach would be that India should come up with a dedicated legislation on fake news where some specific detailed legal provisions could be legislated and effectively implemented.
Further, India needs to have a re-look at the issues pertaining to intermediary liability. Service providers have massive role to play to ensure that cyber trolling and fake news does not get disseminated on the networks. Unfortunately, after the judgment of Shreya Singhal v/s Union of India, most of the social media service providers have chosen to adopt the role of being mere spectator under the garb of the observations given by the Supreme Court of India. The Government of India can come up with new rules under Section 87 of the Information Technology Act, 2000 mandating service providers to do certain specified activities in the context of preventing the dissemination of fake news and also preventing cyber bullying and cyber trolling.
We need to ensure that these service providers whether they are physically located in India or not, must comply with the Indian law as their services are available on the computers, computer systems and computer networks physically located within the territorial boundaries of India.
Further, effective enforcement of other provisions of intermediary liability also need to be done. Intermediaries also need to be made liable in case it is found that despite reporting of any fake news or cyber trolling on their platform, they do not take action within the specified time period of few hours. Clearly, such an approach is going to help address the distinct challenges better rather than linking Aadhaar with social media accounts.
Currently, the matter is pending before the Supreme Court of India. It will be interesting to see how the Supreme Court of India actually examines and interprets the proposed initiative of linking Aadhaar with social media accounts in the context of principles laid down by the Constitution of India. This will be an interesting space to watch as time passes by.
The author Dr. Pavan Duggal, Advocate, Supreme Court of India, is an internationally renowned expert authority on Cyberlaw and Cybersecurity law. He has been acknowledged as one of the top four Cyber lawyers in the world. He is also the Chairman of International Commission on Cybersecurity Law. You can reach him at pavan@pavanduggal.com. More about Dr. Pavan Duggal is available at www.pavanduggal.com.