Page 31 - Proceedings of the 2017 ITU Kaleidoscope
P. 31

Challenges for a data-driven society




           However, UIDAI also has access to a number of other data   records. The  bank  would,  however, need to  utilize  the
           points that would not be captured by existing restrictions in   authentication logs generated through Aadhaar. The current
           the  Aadhaar  Act. For instance, the  Authority currently   regulatory framework constrains such use by providing that
           maintains an online dashboard that offers data about the   the authentication logs can only be used for certain
           State-wise status of enrolments, including by age and   identified purposes. This includes sharing of the logs for
           gender and the entities involved in the process. Compared   grievance redressal, dispute resolution and audits by
           to this, the information that is  made available about the   UIDAI.  The regulations  will  therefore  need  to be
           usage of the UIDAI authentication / eKYC architecture by   appropriately amended, as discussed further in Section 4.
           its approved agencies is almost negligible. While the law   eKYC: There is marked difference, however, when it comes
           restricts UIDAI from recording or disclosing the purpose of   to the amount of data made available to and generated by
           an authentication request, there is nothing that bars it from   authorized  eKYC partners. The  Aadhaar (Authentication)
           disclosing aggregated details of the  number of    Regulations, 2016 allow the requesting entity to gain access
           authentication requests received by it, the authorized entity   to the person’s demographic information that is filed with
           making the request, the geographic location from where the   UIDAI. This information can be used by it  “for its own
           request  was  made and  so on, on a daily basis. Similarly,   purpose”, i.e. for the purposes of its business. It may also
           transparency  also demands that the  number of failed   share the e-KYC data  with other agencies  for a  specified
           transactions, in terms of generation of  Aadhaar number,   purpose, with the consent of the individual.
           authentication  or  eKYC  requests should  also  be  made   With eKYC agencies, there is scope for release of valuable
           public.                                            data points. To take an example, it has been reported that
           The availability of this information will guide the users of   there exists a vast gender divide in the adoption of
           Aadhaar, researchers and other third parties in assessing the   technology in India (Aneja and Mishra, 2017 [7]). Yet, we
           extent of its adoption, the purposes for  which it is being   do not have any official statistics on the ratio of men and
           deployed and the failure rates. The last of these elements   women among telecom users in India, either at the country-
           can  serve a legitimate basis for conducting a  systematic   wide  level or in local areas. The move  towards eKYC
           audit of the extent and cost of the potential exclusion from   verification of all telecom subscribers in India, means that
           the benefits that have been linked to Aadhaar. This is a   telecom operators  will soon have  an  Aadhaar-verified
           prerequisite for an open and informed debate on issues   (private) database of telecom  users in the country. This
           relating to Aadhaar, including in the context of the ongoing   would include the  gender and geographic information of
           litigations on the project.                        each operator’s user base.  Aggregated together, it can be
                                                              used to find out the total number of female telecom users in
           2.2. Data generated by Aadhaar users               every  geographic location. Further, periodic disclosure of
                                                              such data by all telecom operators will also allow the trends
           Authentication: Every day, large volumes of data are being   to be tracked over a period of time. A lot of this information
           generated through the use of UIDAI’s authentication and   may available with the companies today also. However, the
                                                              fact that all of this information would now be available in a
           eKYC systems, both by government as  well as private
           entities. In case of an  authentication query, the Aadhaar   digitally organized and readily available format, will make
                                                              it easier to  process and compare from  the perspective of
           repository offers only a positive or negative response to   creating open data.
           confirm whether  the submitted  information matches  with
           the information recorded in UIDAI’s database. None of the   The online registration system (ORS), a framework  that
           Aadhaar information is shared  with the requesting entity   links various government hospitals across the country to an
           although the process of authentication in itself leads to the   Aadhaar based online registration and appointment system,
           creation of new data. For instance, a bank that uses Aadhaar   might be another use case. The ORS facilitates eKYC of the
           authentication to verify the identity of a customer prior to   patient,  which is then used for providing appointments at
           authorizing  the transfer of  funds from her account is   various departments of different hospitals. Using the
           creating new data in the process. The bank is then in a   appointments  database  along  with  the  Aadhaar
           position to use  the  fact of  Aadhaar authentication along   identification information, ORS  will be in a position to
           with customer data already  available  with it to  generate   disclose aggregated data about the age and gender profiles
           daily details of the  number of  persons of different age   of the patients visiting  different departments. This
           groups who used Aadhaar authentication to carry out fund   information can be sewn together to gain insights into the
           transfers of different denominations.              broad categories of health  problems faced by different
           The  Aadhaar  Act  and  the  regulations  framed  under  it   groups, the burden on different departments and the
                                                              variations based on the location of the hospital. All of this
           circumscribe the  manner in which information collected   can contribute towards evidence-based research and policy-
           through  Aadhaar can be  used by requesting agencies.  As   making in the field of healthcare.
           per Section 8(2), a requesting entity can use the identity
           information of an individual only for submission to the   Another notable feature of the Aadhaar database is that it
           UIDAI repository for authentication purposes. In the above   was  among the first  government-issued identifications  in
           example, the bank would not need to (or be able to) use the   the country to  recognize  “transgender” as a separate
           customer’s identity information collected by UIDAI,   category (Nilekani and Shah, 2014 [12]).  The release of
           although it  would already  have similar information in its   aggregated data related  to use of banking, payments,
                                                              telecom,  health, education and other  Aadhaar linked



                                                          – 15 –
   26   27   28   29   30   31   32   33   34   35   36