* Any views expressed in this opinion piece are those of the author and not of Thomson Reuters Foundation.
India’s Criminal Procedure (Identification) Bill, 2022 authorises the collection and storage of biometric data of citizens charged with even minor offences, with little regard to their right to privacy, and potentially enabling mass state surveillance.
Anushka Jain is an associate counsel at Internet Freedom Foundation, a digital rights advocacy group in India.
Petty offences like smoking in public or traffic violations could soon result in the disproportionate collection of biometric data of Indian citizens which would then be stored for 75 years. The Criminal Procedure (Identification) Bill, 2022, which replaces the Identification of Prisoners Act, 1920, was passed by the lower house of parliament on April 4. It surpasses its predecessor in the amount of data collected, persons from whom the data may be collected, and the duration for which the data may be stored. The types of biometric data that may be collected have been expanded to include fingerprints, palmprints, footprints, iris and retina scans, and physical and biological samples, and need not be related to evidence required for the case. The Bill allows these data to be collected from any person who is arrested in any case. The duration of storage of the data collected has been fixed at 75 years without any explanation, and fails to consider its effect on the right to privacy of citizens.
Such overzealous collection and storage of biometric data, especially in the absence of sufficient safeguards such as a data protection law, will have a negative impact on the right to privacy, freedom of movement and peaceful protest, as through the data a person can be identified throughout their life. Such collection could therefore enable state-sponsored mass surveillance.
Concerns over the increasing collection of biometric data through digital ID systems like India’s Aadhaar, Estonia’s e-Estonia, Mexico's proposed new CUID biometric ID card amongst others, have grown over the last several years. Further, in the absence of internationally established best practices of “purpose limitation”, where data is collected only to fulfil a specific purpose, and “storage limitation” - where data is stored for only as long as necessary to fulfil the purpose for which it was collected – the data may be used to facilitate profiling and discrimination.
It is useful to examine whether the Bill is able to fulfil the thresholds of necessity and proportionality for justifying state intrusion into privacy, as laid down by the Supreme Court in its right to privacy decision in 2017. The thresholds of necessity and proportionality are satisfied when the government can show that state intrusion into privacy is necessary to fulfil a legitimate state aim or purpose, and does not go beyond the stated purpose. However, such overbroad collection and storage of data for 75 years goes beyond the stated purpose of the Bill, which is efficient and expeditious criminal investigation, and points towards the objective of creating biometric databases. Since India still lacks effective data protection legislation, these databases could ultimately facilitate state-sponsored mass surveillance due to the absence of sufficient safeguards.
Another stated objective of the Bill is to increase the conviction rate. The assumption is that a lack of data is the reason for low conviction rates, and that an increase in data collection will lead to an increase in conviction rates. However, this is a faulty assumption, since the government itself has admitted that delays in disposal of cases is due to a variety of reasons including “category of the case (civil or criminal), complexity of facts involved, nature of evidence and cooperation of the stakeholder”. Further, the inclusion of DNA evidence in “biological samples” to increase conviction rates seems inevitable, as DNA evidence is viewed as irrefutable. This is because the term “biological samples” has not been defined, which leaves the category open to wide interpretation. Such ambiguity in criminal law provisions may lead to arbitrary interpretation. The use of DNA evidence presents its own issues, as the evidence can be incorrect, especially when improperly collected and analysed, an outcome which is also likely due to India’s poor infrastructure.
Lastly, the question arises whether the DNA Technology (Use and Application) Regulation Bill, 2019, which provides for the regulation of use of DNA technology for establishing the identity of certain persons and is also under parliamentary consideration currently, will supersede the Criminal Procedure (Identification) Bill, 2022.
The collection and use of biometric data, whether for criminal investigation or for access to services, comes with its own set of concerns as stated. Therefore, it is essential that this Bill, which has been introduced without following any pre-legislative consultation processes, is reintroduced after undergoing the necessary public consultation process and parliamentary scrutiny.
Our Standards: The Thomson Reuters Trust Principles.
