Privacy News
Road Ministry Unveils Data Sharing Policy for National Transport Repository Interview with Sujeet Katiyar, Co-founder of Fourteenth Degree Azimuth, on DPDPA Act, and Healthcare Compliance in India Chief Secretary Reviews Steps to Safeguard Jammu & Kashmir’s Digital Assets WhatsApp Says Sharing Generic User Preferences Doesn’t Violate Privacy

What are You Looking for?

India’s Digital ID India’s Digital ID

India’s Digital ID Systems and Consent: Can They Coexist? 

India is at a pivotal point in its digital transformation. It is developing systems that are fundamentally changing the way citizens interact with the governance and public services. Aadhaar, recognized as the world’s largest biometric identification program, along with DigiLocker and the National Digital Health Mission (NDHM), are indeed the foundation of a vast digital ecosystem. They focus on delivering efficiency, transparency, and access. These initiatives are stretching the limits of innovation and inclusion. They are also empowering citizens by providing faster access to essential services. However, alongside this progress, there is an equally important discussion taking place. How will privacy, consent, and potential surveillance be addressed? As India embarks on a more connected future, the challenge is clear. We must ensure that the digital empowerment of citizens does not undermine fundamental rights—especially access to informed consent.

Inside India’s Digital ID Revolution: What It Means for You

India’s vision for digital identification and data management is bold and comprehensive, including multiple industries in different sectors ranging from healthcare to finance. Let’s take a closer look at the key of India’s digital ID ecosystems in India.

India’s Digital ID

Aadhaar: India’s Biometric Identity 

Aadhaar is the largest biometric identity system in the world. It was issued by the Unique Identification Authority of India (UIDAI). The system aims at linking individuals with a variety of services. These include public services such as banking and welfare, and private services such as mobile connections and many others.

Aadhaar collects biometric data such as fingerprint and iris scans. It also records demographic information including name, address, and date of birth. Together, these details provide individuals with a unique identification number. To date, in 2023, 1.2 billion people have enrolled in Aadhaar. It has become an important aspect of day-to-day life for many.

Although Aadhaar has increased access to services, it has also generated conversations about surveillance and the risk of data abuse. Data is inherently sensitive, and having it geographically centralized raises privacy concerns. These concerns grow when data is used in situations where consent is not explicitly given—for example, accessing welfare or banking services.

DigiLocker: Revolutionizing Document Storage 

DigiLocker is a cloud-based storage service that gives Indian citizens the ability to securely store and access digital copies of their important documents. These include ID cards, academic certificates, and medical records. The Ministry of Electronics and Information Technology (MeitY) launched DigiLocker to facilitate workflows in traditional processes that depend on physical documents. Ultimately, DigiLocker provides citizens with additional convenience and productivity.

DigiLocker allows citizens to share official documents in conjunction with government services they access. This includes numerous use cases, such as applying for a loan or receiving educational services. But the question remains—are people’s documents being stored and shared securely across platforms, particularly within a centralized system?

National Digital Health Mission (NDHM): The Future of Health Data 

The NDHM’s goal is to develop a national digital health ecosystem which will provide all citizens with a unique health ID. This system will digitize health records allowing easy access to medical histories, prescriptions, and information related to treatment across healthcare facilities.

As one of the most sensitive forms of personal data, healthcare data has significant potential for improving medical care in India via the NDHM. However, the collection and management of this data raises serious concerns about patient consent and privacy, particularly given the sensitive nature of health records and the need for continuous oversight.

How India’s Digital ID Systems Collect and Use Your Data 

Each of India’s digital ID systems collects different types of personal data. Here are the details of what is collected and how it is used:

  • Aadhaar: Collects biometric data (fingerprints, iris scans and facial images) and demographic data (name, age, address). This data is then used to verify identity of individuals when using public and private services.
  • DigiLocker: A storehouse for digital versions of official documents and may include personal information, financial information, or education information. It will give users access to and the ability to share documents online.
  • NDHM: Gathers sensitive health information, such as medical records, prescriptions, and treatment history. The focus is to improve the way health services are provided and the way patient care is undertaken.

Even though convenience is being offered by these systems, the amount of personal information being merged into one central data store raises questions surrounding our data privacy. When significant amounts of data are stored in centralised data repositories, who has the access to this information and how is it protected?

In a perfect world, consent would underlie every digital service. But there are complexities to consent. These systems are designed to be grounded in this agreement – informed and voluntary consent, but many citizens remain in challenging positions to exercise meaningful control over their personal data.

Aadhaar registration is voluntary in that you don’t have to do it. But the reality is that it’s impossible to avoid. One cannot get away from the requirement of having Aadhaar registration for so many important services. However, This includes opening a bank account and receiving social welfare from the government. This “forced consent” ultimately means that many people have to comply to participate in modern life, whether they are ok with sharing sensitive information or still uncomfortable with it.

Users of DigiLocker must consent to share, store, and reuse their documents digitally. However, many users do not clearly understand how their data is stored, shared, or reused. This leads to uncertainty about whether their consent is genuinely informed. Are users even aware of the access third parties might have to their data? Or is their consent simply a regulatory checkbox that allows them to proceed with the service?

The NDHM plans to transform healthcare by making health records easier to access. While NDHM aims to establish efficiencies by digitizing and streamlining medical processes, it also raises privacy concerns. These concerns come from the amassing of health data from potentially every Indian. Similar to Aadhaar, NDHM’s consent for data collection may not always reflect a completely free choice. It can feel more like a forced choice for people who need health services. Informed consent will be a necessary component of this process. The data collection from NDHM will ultimately determine the extent to which consent is truly informed.

Providing our users the opportunity for “informed consent’ would be simple: our users would have knowledge of how their data would be used, who would have access to their data, and how long we would store their data. However, we encounter several hurdles to achieving this goal:  

  • Lack of Transparency: Our users are often unaware of how their data is collected, who is collecting it, how data can be used, and how long that data will be stored. The lack of user-friendly information and/or communication makes it much harder for users to make informed consent.
  • Forced Consent: The situation of feeling compelled to give your Aadhaar number or another personal identifier to access services. Citizens must use their Aadhaar number as a condition of access. It is not real consent when you are compelled to provide your information 
  • Privacy and Surveillance: Storing all this data in a centralized database raises a real concern about the surveillance of data, data breaches, and/or misuse?Who can access the data? How can citizens trust where their data will be stored or input?

India’s Data Protection Law: The DPDPA 2023 

India introduced a Data Protection Law the Digital Personal Data Protection Act (DPDPA) in 2023 to address the rapidly growing concerns around privacy. Therefore, the DPDPA was intended to provide a framework for how personal data is collected, stored, and shared in India. The DPDPA contains the following high points:

  • Clear Consent: Collecting any data will require informed consent, and importantly individuals will have the right to withdraw said consent at any time.
  • Data Protection: Organizations must store and process data in a manner to safeguard the data, and protect the data from breach or misuse.
  • Individual Rights: Individuals will have rights to access, rectify, and erase their data.

DPDPA marks considerable progress in personal data privacy, there are still gaps in practice. Systems including Aadhaar, DigiLocker, and NDHM, continually run astray of true transparency, true informed consent, and enforcement protections despite the legislative framework.

India is advancing toward a digital vision and a digitally equipped economy through inclusive and immersive digitalization. A major aspect of this digital leap is achieving digital equality. So, this means balancing access to digital tools and environments with strong privacy protections. Achieving this will require several important things:

  • Clearer Consent Mechanisms: Systems must provide clear and understandable information about how data will be used and who will have access to it. People must also be able to exercise their choice freely. The systems should enable them to make informed decisions about their participation.
  • Increased Transparency: Data sharing practices must be transparent. Individuals should easily be able to opt in or out of a data sharing arrangement as opposed to being trapped in the system.
  • Stronger Oversight: Independent and (ideally) mandatory audits must be conducted to confirm that the systems are adhering to laws that protect data privacy and individuals’ rights.
  • Public Awareness: To be successful, a digital system requires an educated citizenry. Citizens must be educated about their rights and about how companies and governments are using their data.

Can India Go Digital Without Sacrificing Privacy?

India’s digital transformation is immensely exciting, but it should be approached with care to an individual’s rights. The goal should be to create a future in which digital access through India’s Digital ID systems does not require sacrificing privacy, and where individuals’ consent is a meaningful choice rather than a hollow process.

To create this future, India’s Digital ID framework must ensure that transparency, consent, and privacy protections remain at the centre of its digital transformation. Then, India would create an environment where digital access and personal rights can coexist in ways that allow citizens to benefit from technology without giving up their autonomy.

Concur Consent Manager Banner
Processing Impact Assessment

Understanding the Difference Between Processing Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA)

DPA and DSA

Understanding Data Processing Agreements (DPAs) and Data Sharing Agreements (DSAs)

Read Next

Effortlessly align your data compliance with Concur, ensuring seamless integration and robust adherence to regulatory standards.
Facebook concur Instagram Linkedin
©️ 2025 — Concur - Consent Manager. All Rights Reserved.