Privacy Issues with Digital Identification and Verification

Ashish M. Shaji

27 Nov, 2020

Digital identity verification can come with privacy issues. With increased use of digital and online medium, the obvious question regarding privacy issue has popped up yet again.

With the world going through a definite shift in the aftermath of Covid-19, this question cannot be avoided as millions of people around the world have started to increasingly use digital method for any type of work. In this article we look to answer the privacy concerns with Digital Identification and Verification^[1].

What is Digital Identification and Verification?

Digital identification and verification is a process that ensures a person’s identity matches the one that is supposed to be. Identity verification is an essential requirement these days for most processes. You may have done it offline as well as online. Various digital identification verification methods include One-time Password, fingerprint scan, iris scan, facial recognition etc. It may be required for any purpose ranging from opening a bank account to performing tax related compliances.

Why is it needed?

Identification verification is needed to ensure that there is a real person behind the process and proves that he or she is the one who they claim to be. It helps to ascertain the identity of the person. For completing various tasks and activities online there is a requirement of digital identity that helps in preventing frauds and misrepresentation of person.

What are some of the evolving trends with respect to Digital Identification and Verification?

Identity verification has been a key focus for businesses that require complying with KYC regulations and mitigate the risk of fraud during in person on boarding. Today, many financial institutions that seek more customers must know how to onboard a customer in a distanced manner. This would require adding digital identity verification to their online capabilities.

Another common trend to be seen is that the financial services customers want to access banking services or open a bank account with less friction but at the same time they want to be at peace with the level of security to protect their identity and account. Any adoption of digital identity verification must include a close consideration of all security, anti fraud, and data privacy, with the safety of customer’s data to be of paramount importance.

Digital identities will be more commonly used in financial sector, health care and in government services. Especially after the current pandemic this would be the new normal wherein you would see more use of digital identification and verification.

Consumer perception of using Digital method for Identification

There are people who are sceptical of using biometrics for verification and identification, at the same time there are people who are comfortable using the same because of convenience and safety associated with it.  There are people who are not willing to share their personal data with any organization or institution or even with government. Of course different regions and countries differ in terms of concerns relating to biometrics and privacy.

What is the privacy concern with Digital Identification and Verification that has kept people on their toes?

India may have made a start in recognizing privacy and data security however, as per a study, India is next only to Russia and China when it comes to surveillance framework and it is said to be a country with systematic failure to maintain privacy safeguards. When it comes to global privacy index, India scored a mere 2.4 out of 5.

When assessing privacy and state of surveillance in more than 40 countries, India was placed among the bottom five non-EU nations when it comes to protecting privacy of citizens.

Lack of data protection legislation, a large biometric database in Aadhaar etc. are some of the privacy concerns with the Indian citizens.  There is a constant fear in the minds of people with respect to unauthorized use of their personal data. Cases of private data leaks have also added to the fear of people. Therefore, there is a need for strong Data protection law that puts these fears and misconception to rest.

At the moment India doesn’t have a specific legislation primarily for data protection. India’s regulatory mechanism for data protection as well as privacy is Information Technology Act, 2000 and it’s corresponding IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. 

So what does the law state regarding exchanging personal data with third parties?

Personal data may be exchanged up to an extent where such data, which is sensitive private data, is shared with the consent of such person or when such exchange of personal data is part of any legal obligation. Therefore present law relieves one in terms of exchange of these personal sensitive data. However, cases of personal data leak have held many back from fully on boarding the digital set up.

Privacy Issue: Data Breaches on the rise

India has and is undergoing a large scale digital transformation. Increased Smartphone usage has boosted the internet traffic. This has led to a continuous inflow of user data and has also increased the number of personal data breach incidents. As per a report from the Data Security Council of India, India has experienced massive number of cyber attacks among other countries in the year 2016-18.

This massive breach has again raised the issue of privacy as digital identity is provided for every other work online, whether it is fingerprint scan, iris scan, One Time passwords etc.

Conclusion

Read our article:Biometrics Technology in the Indian Banking Sector