Challenges for a data-driven society




           regulations  would need to be amended to allow  the      https://ajayshahblog.blogspot.in/2017/09/an-
           authentication records to be used for the purpose of     analysis-of-puttaswamy-supreme.html,  September
           generating aggregated statistics for the release of open data.   20, 2017.
           Step III: The open data committee should identify the types
           of aggregate statistics that may be generated by (i) UIDAI;   [4]   Tim Davies and Jeni Tennison, “More than one way
           and (ii) different categories of agencies that use Aadhaar for   to open some data: government owned and
           authentication and eKYC. Further, it should also drive the   government influenced”, Open Data Charter,
           process of developing  Aadhaar-specific principles of    http://opendatacharter.net/one-way-open-data-
           anonymization and carrying out an open, consultative     government-owned-government-influenced/, 2017.
           process to test their robustness.
           To the extent that disclosures are sought to be enforced   [5]   Paul Ohm, Broken Promises of privacy: Responding
           through UIDAI contracts, the committee  would also       to the surprising failure of anonymization, 57 UCLA
           recommend the appropriate provisions to be incorporated in   L. Rev. 1701, 2010.
           the agreements between UIDAI and the relevant agencies.
           This step becomes particularly important in light of the fact
           that the information  generated by each entity  would  vary   [6]   RaaG & SNS, Tilting the balance of power:
           based on the nature of its business and the likely purpose of   Adjudicating the RTI Act, http://snsindia.org/wp-
           its linkage  with  Aadhaar.  For instance, an e-governance   content/uploads/2017/07/Adjudicating-the-RTI-Act-
           programme will have very  different uses  of Aadhaar     2nd-edition-2017.pdf, January 2017.
           compared to a payments service provider or a telecom
           company.                                           [7]    Urvashi Aneja and Vidisha Mishra, “Digital India Is
           Step IV: UIDAI should review the recommendations of the   No Country for Women. Here’s Why”, The Wire,
           open data committee,  which should be  made available    https://thewire.in/139810/digital-india-women-
           publicly, and incorporate appropriate open data standards   technology/, 25 May 2017.
           and provisions in the agreements entered into with different
           categories of authentication and eKYC agencies.    [8]   Amber Sinha and Srinivas Kodali, “Information
           Step V:  The open data committee should also assist UIDAI   Security Practices of Aadhaar (or lack thereof)”, The
           in the implementation of the open data principles by     Centre for Internet and Society, https://cis-
           identifying potential violations and notifying UIDAI for the   india.org/internet-governance/information-security-
           purposes of initiating necessary actions against any breach.   practices-of-aadhaar-or-lack-thereof/view, 16 May
           It can also play a key role in adopting a communications   2017.
           strategy for sensitizing Aadhaar users about the principles
           and use of Aadhaar related open data.              [11]  IDinsight, State of Aadhaar Report 2016-17,
           The proposed UIDAI-led open data policy will ensure both   http://stateofaadhaar.in/wp-content/uploads/State-of-
           private and public sector participation, and a narrow focus   Aadhaar-Full-Report-2016-17-IDinsight.pdf, May,
           on anonymized aggregate statistics  will  minimize  privacy   2017.
           risks,  while still contributing valuable data points to the
           public domain. The full benefits of open data will however
           accrue over time, as we develop a shared understanding of   [12]  Nandan Nilekani and Viral Shah, Rebooting India:
           Aadhaar-specific  principles  of  anonymization  and     Realizing a Billion Aspirations, Penguin, 2016.
           disclosures.  All of this  will contribute towards better
           research, informed policy  making and enhanced public   [13]  L. Sweeney, Simple Demographics Often Identify
           accountability in the Aadhaar ecosystem.                 People Uniquely. Carnegie Mellon University, Data
                                                                    Privacy Working Paper 3. Pittsburgh, 2000.
                            REFERENCES
                                                              [14]  Randy Bean, Mastercard's Big Data For Good
           [1]   Press Information Bureau, UIDAI generates a billion   Initiative, Forbes, August 7, 2017.
                 (100 crore) Aadhaars - A Historic Moment for India,
                 http://pib.nic.in/newsite/PrintRelease.aspx?relid=138  [15    Facebook Research, Disaster maps methodology,
                 555, April 4, 2016.                                https://research.fb.com/facebook-disaster-maps-
                                                                    methodolog, 2017.
           [2]   Nicholas Gruen, Houghton and Tooth,  "Open for
                 Business: How Open Data  Can Help Achieve the   [16]  Arvind Narayanan & Vitaly Shmatikov, Robust De-
                 G20 Growth Target", Lateral Economics, June 2014.   Anonymization of Large Sparse Datasets,
                                                                    Proceedings of the 2008 IEEE Symposium on
           [3]   Vrinda Bhandari,  Amba  Kak, Smriti Parsheera and   security and privacy, 2008.
                 Faiza  Rahman,  An analysis  of Puttaswamy: the
                 Supreme      Court's    privacy     verdict,




                                                          – 19 –