Under the right to information law, Aadhaar data breaches will remain a state secret
Anumeha Yadav explains that Section 6 of the Aadhaar (Sharing of Information) Regulations says:
The Aadhaar number of an individual shall not be published, displayed or posted publicly by any person or entity or agency.
However, at the same time, the Aadhaar Act lacks any provision for a mandatory notice to an individual in case of a breach of his or her information – which was a recommendation of the Justice Shah Committee on Privacy in 2012, which was set up to lay the ground for a comprehensive new privacy law.
Thus, under the law, Aadhaar users have no right to be informed when a crime related to their personal data occurs. And they cannot approach a court directly because under Section 47 (1) of the Aadhaar Act, the Unique Identification Authority of India has the exclusive power to make complaints in case of any violation or breach of privacy.
Read more on Scroll.in.
So no right to be notified and no right to file a complaint, and as Yadav explains, the government can (and does) deny requests under the right to information law, citing security and confidentiality exceptions.
According to technology lawyer Apar Gupta, “the UIDAI is a blackbox that cannot be opened even after a system crash”.
So everyone could be at risk and not know it and not be able to find out more.
Not good, folks.