Address:Prime Legal, 39/2, 2nd floor, K G Road, Bengaluru 560009
Emailsupport@primelegal.in
Call now: 97400 13535
 
Uncategorized

EVOLVING LANDSCAPE OF BIOMETRIC DATA PROTECTION LAWS IN INDIA

November 16, 2024by Primelegal Team0
data protection

ABSTRACT

Biometric data, from fingerprints, facial recognition, iris scans to voice patterns, have been the backbone of identification systems. The integration of biometrics into Aadhaar has changed governance in India but has posed significant questions regarding security and issues related to data privacy. It would then follow an investigation into the shifting dynamics of biometric data protection laws in India wherein some of these legal regimes would be critically discussed, such as the Aadhaar Act, Personal Data Protection Bill, and recent judgments that define this regulatory landscape by way of comparison with global perspectives like GDPR, and challenges in balancing technological advancement with individual privacy. It ends by highlighting the urgent necessity for stricter legislation to address threats rising every day in a bid to defend biometric information from its owners.

KEYWORDS : Biometrics, Data Protection, Aadhaar, Privacy Laws, GDPR

 

INTRODUCTION

The advent of the digital age has thrust biometric data into the forefront as a vital tool for identification and authentication in the country. Though Aadhaar in India presented an ideal example of how far biometrics can go in transformation, it had already raised controversies regarding legal safeguards that were supposed to be in place. An overall data protection regime was lacking in India, making people vulnerable to identity theft and surveillance along with misuse of biometric information without authorization. This heightened acknowledgment through the more recent judicial pronouncements and legislative attempts suggest an increasingly felt need for regulating collection, storing, as well as usage of biometric data. Understanding this aspect, the article takes into account the emerging trends in the legal scenario concerning the associated frameworks, as well as decisive case laws and various global practices within the process of attempting to get a comprehensive understanding of biometric data protection in India.

 

LEGAL FRAMEWORKS IN INDIA

1.1 Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016

Aadhaar Act regulating the use of biometric information. Biometric information is referred to in Section 2 (g) of the Act, while Section 29 strictly prohibits the release of this kind of information for a purpose other than that contemplated. However, critics directed their focus on the fact that the Act does not have sufficient provisions against its misuse. The Supreme Court has pronounced it valid to have Aadhaar in the case of Justice K.S. Puttaswamy v. Union of India in the year 2017 but instead emphasized that the data protection measures should be stringently followed.

1.2 Personal Data Protection Bill, 2019 (Proposed)

Draft of this bill, which has adopted the essence of the EU’s General Data Protection Regulation, does seek to govern the collection, processing, and storage of personal data, including biometrics. Explicit Consent has been a must before such collection, localization is a prerequisite condition, and heavy penalties are to be there if the data were breached. As a draft, new law is expected to bring an overall change in the gamut of nature of data protection.

 

2.LANDMARK JUDICIAL PRONOUNCEMENTS

2.1 Justice K.S. Puttaswamy v. Union of India (2017)

This judgment marked a watershed because the Supreme Court Acknowledged privacy as a fundamental right under Article 21 of the Indian Constitution; the judgment called for legislative protections for biometric data and circumscribed Aadhaar use to specific purposes.

 

2.2 Unique Identification Authority of India (UIDAI) v. Central Bureau of Investigation (2014)

The court prohibited the sharing of Aadhaar data without an individual’s consent, setting a precedent for data privacy.

 

EMERGING AMENDMENTS AND FRAMEWORKS

The Digital Personal Data Protection Bill, 2023 DPDP Bill appropriately establishes a structured framework for protecting sensitive biometric data by determining the obligations of “data fiduciaries” with regard to its collection and processing. It provides that biometrics may only be used for specific purposes for which consent has been provided by the individual and entities to exercise rights over their personal data for access, correction, or erasure, among others. The bill hence makes it robust with the provision of data security, including penalties of up to ₹500 crore in case of breaches. It provides for data localization, particularly on matters of sensitive and essential personal data relevant to enhancing domestic control over sensitive information. It takes a leap toward aligning global standards like GDPR in the DPDP Bill regarding the comprehensive biometric data protection regime in India.

 

The National Biometric Data Protection Guidelines attempt to realize these safeguards in practice through encrypted storage and anonymization, coupled with strict policies in keeping data. Advanced protocols such as multi-factor authentication will discourage redundant data collection while guidelines on auditing and breach reporting aim for transparency and accountability. Such an emphasis on data protection, with AI and emerging biometrics, will address these concerns. Although it has not been an easy process, these policies are an important step forward in addressing the closing of the gap between innovation and privacy toward the fostering of trust in the use of biometrics by the public as well as the private sectors.

 

GLOBAL FRAMEWORK

Global frameworks, such as the EU’s General Data Protection Regulation 2016/679, are aggressive on the protection of biometric data as sensitive personal data requiring explicit consent and strict safeguards. The California Consumer Privacy Act affords consumers various rights, including knowing, deleting, or restricting the processing of their biometric information; these reflect a robust consumer-centric approach. This allows the African Union Convention on Cyber Security and Personal Data Protection to safeguard biometric data from cyber threats and provide a model for developing nations. Other framework styles, the Biometric Information Privacy Act (BIPA) in Illinois, USA, focus on consent, transparency, and liability when dealing with biometric data. These global standards highlight the integrated need to provide adequate legal protection for sensitive data while, at the same time, promoting innovation and are rich lessons for India as its legal landscape continues to evolve.

 

CHALLENGES

India does not have comprehensive biometric data protection frameworks, which causes enormous problems regarding the proper implementation of such frameworks. To begin with, there is a general lack of sensitization about data rights among citizens, leading to uninformed consent and misuse of sensitive information. There is no overarching regulatory body responsible for data protection; as such, fragmented enforcement and oversight are witnessed. Technical vulnerabilities include weak encryption or inadequate cybersecurity measures, which make biometric databases prone to breaches. A policy dilemma arises from the tension between the need for innovation in areas such as fintech and artificial intelligence with the difficulty of implementing stringent laws on privacy. Lastly, installing frameworks such as the Digital Personal Data Protection Bill, 2023, and the proposed National Biometric Data Protection Guidelines demands intense investment in infrastructural development, the presence of skilled personnel, and developmental capacity that may be straining the capabilities of an emerging economy like India.

 

CONCLUSION

Digital identification has progressively become the need of a world becoming increasingly dependent on it. India has been progressing with legislative and judicial interventions. Yet, the platform is still far from full closure. Issues from all over the globe, such as GDPR, have been accepted and problems from elsewhere have been adapted to suit the Indian socio-political scenario. Strong legislation with severe enforcement can ensure that the dividends of biometric technology are not paid for at the cost of individual privacy.

 

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

 

WRITTEN BY- PAYAL DEVNANI

Primelegal Team

Leave a Reply

Your email address will not be published. Required fields are marked *

previous
'COLOR OF UNIFORM DOESN'T CHANGE WITH GOVT CHANGE': SUPREME COURT CRITICIZES ODISHA'S SOFT STANCE ON BJP MLA ACCUSED OF SLAPPING WOMAN OFFICER

    Prime Legal Law Firm

    We at Prime Legal, aim to achieve justice for all our clients by providing individual attention and dedicated legal support. We always prioritize confidentiality and ensure our clients' legal needs are met with the highest standards of professionalism and integrity.