Mitchell Baker, Executive chairwomen of Mozilla published an open letter responding to the Srikrishna Committee. Mitchell is asking for indian community members and friends of Mozilla to support the demands by cosigning this letter.
In 2017, the Government of India set up a committee headed by Justice Srikrishna to examine a data protection framework and draft India’s first comprehensive data protection law. The Srikrishna Committee was formed in response to the increasing number of concerns on consent, privacy, and data protection by lawyers, organisations and activists.
The Committee has come out with recommendations on data protection that are now open to public consultation.
There have been countless security incidents and cases where private Aadhaar data has been published online. These breaches will only put more Indians at risk as the Government of India is requiring Aadhaar to access more and more services and even private companies are requiring Aadhaar to use their services.
It’s vital that the Srikrishna Committee establish a robust law that will protect the data and privacy of Indian citizens.
We have a rare opportunity to make sure India’s first comprehensive privacy law is as strong as possible.
Join Mozilla’s Executive Chairwoman, Mitchell Baker in signing an open letter to the Justice Srikrishna Committee highlighting our main concerns.
The letter:
Dear Justice Srikrishna and the Honourable Members of the Ministry of Electronics and Information Technology Committee of Experts,
With the support of and in solidarity with members of Mozilla’s community in India, I write today to urge you to stand up for the privacy and security of all Indians. Your recent consultation on the form of India’s first comprehensive data protection law comes at an auspicious time. The Supreme Court of India has ruled unequivocally that privacy is a fundamental right guaranteed to all Indians by the Indian Constitution. We ask that you take that decision and ensure that right is made a reality in law.
Mozilla’s work on upholding privacy is guided by the Mozilla Manifesto, which states: “Individual security and privacy is fundamental and must not be treated as optional online” (Principle 4). Our commitment to the principle can be seen both in the open source code of our products as well as in our policies such as Mozilla’s Data Privacy Principles. The Mozilla India Community has run numerous campaigns to educate Indians on how to protect themselves online.
Data protection is a critical tool for guaranteeing fundamental rights of privacy. It is particular important today as Aadhaar is being driven deeper into all aspects of life. Digital identity can bring many benefits, but it can also become a surveillance and privacy disaster. A strong data protection law is key to avoiding disaster.
In the digital age, especially in regards to the Aadhaar, individual security and privacy is increasingly being put at risk. Recently, a private citizen was able to buy access to all of the demographic data in the Aadhaar database for just 500 rupees. There have been countless leaks, security incidents, and instances where private Aadhaar data has been published online. Private companies are increasingly requiring Aadhaar in order to use their services. In the vacuum created by India’s lack of a comprehensive data protection law, the Government of India continues its relentless push to make Aadhaar mandatory for ever more government programs and private sector services, in contravention of the directives of the Supreme Court.
We commend you for the strong recommendations and overall framework proposed in your report. While this represents important progress in developing a strong data protection framework, we remain concerned about several missing protections:
- The current proposal exempts biometric info from the definition of sensitive personal information that must be especially protected. This is backwards, biometric info is some of the most personal info, and can’t be “reset’ like a password.
- The design of Aadhaar fails to provide meaningful consent to users. This is seen, for example, by the ever increasing number of public and private services that are linked to Aadhaar without users being given a meaningful choice in the matter. This can and should be remedied by stronger consent, data minimization, collection limitation, and purpose limitation obligations.
- Instead of crafting narrow exemptions for the legitimate needs of law enforcement, you propose to exempt entire agencies from accountability and legal restrictions on how user data may be accessed and processed.
- Your report also casts doubt on whether individuals should be allowed a right to object over how their data is processed; this is a core pillar of data protection, without a right to object, consent is not meaningful and individual liberty is curtailed.
There is resounding support for privacy in India, and the Supreme Court has made clear that the protection of individual privacy and security is an imperative for the Government of India. We hope you and your colleagues in the Government of India will take this opportunity to develop a data protection law that strongly protects the rights of users and makes India’s framework a model for the world.
Sincerely,
Mitchell Baker
Executive Chairwoman
Mozilla
Mozilla is trying to square the circle. The Aadhaar scheme is punitive, highly vulnerable, intrusive, and counterproductive to its stated goals. It should be entirely scrapped. Britain tried a similar National ID Card/Biometric Personal Data system years ago, and it was ultimately scrapped after a years-long campaign of fierce opposition. (“Success Story: Dismantling UK’s Biometric ID Database” (*see below) , https://www.eff.org/pages/success-story-dismantling-uk%E2%80%99s-biometric-id-database). But India, a nation of 1.3 billion people, has a tiny opposition. Mozilla should stick to improving Firefox.
*”Despite powerful momentum behind the [British] ID scheme and the fact that 10,000 cards had already been issued, the endeavor was ultimately scrapped in the face of controversy. Shortly after a national election, the first act of the newly instated government was to reverse the legislation that created the ID cards, rendering all existing cards invalid. The government went on to fully dismantle the database, and physically grind the hardware of the centralized register to dust. A coalition agreement between the Conservative Party and the Liberal Democrats signed in May of 2010, which did away with the scheme, noted that the program had caused a “substantial erosion of civil liberties.”
Mozilla effort to educate Indians on data privacy and perils of adopting projects like aadhar must be applauded .. In solidarity I