Recently, the Election Commission of India (ECI) announced that with the Ministry of Law and Justice, it is considering the integration of Aadhaar and Voter ID information. This, it was suggested, would remove errors from electoral rolls and remove eliminate duplication, and also allow migrant workers to vote in elections held when they are away from their homes. 

This proposal is not new. It first arose in 2015, and at that time, the ECI conducted 'voter seeding' - in effect, providing data available with it to the Unified Identification Authority of India (UIDAI, which administers Aadhaar). However, questions were raised about whether the ECI had taken voters' consent before sharing their data with UIDAI, and the Supreme Court stopped this exercise, observing that Aadhaar's scope was limited to providing welfare benefits. By then, however, 300 million people's data had already been seeded.

In 2018, the Supreme Court upheld the validity of the Aadhaar Act but struck down several key provisions. Among these was Section 33(2), which would have allowed the government to share data in the name of national security. This was important to curtail use of Aadhaar within government agencies. Notwithstanding this, the budget session of Parliament in 2020 showed that the government was pushing for integrating Aadhaar with Voter ID, similar to the exercise conducted in 2015. 

Current Situation

Currently, electoral data is held by the Election Commission in its own database, has its own verification process, and is separate from other government databases. The proposed linkage between the Aadhaar and election database will make data available to the ECI and UIDAI. An RTI request made by Medianama found that the ECI changes to be made to the Representation of the People Act, 1950 (RP Act) involve authorising the Election Commission to request Aadhar numbers from voters to establish identity of new voters and to verify the identity of current voters. The proposed amendment also states that voters will not be disqualified should they decide not to provide their number, or are unable to do so. 

The absence of a Data Protection Law has exacerbated misuse of voter data. In Telangana's local elections in January 2020, facial recognition was deployed as a means to verify voter identity, even though there is no explicit legal provision for allowing facial recognition technology to do so. In fact, a 2015 Supreme Court order had even prohibited the collection of such information!

Another instance is when the Delhi Police requested the electoral rolls of Northeast Delhi to compare names and faces of potential rioters while investigating the 2020 Delhi Riots. A letter from the ECI to the Delhi Police explicitly states that sharing names and photos of voters from its electoral rolls is against its own policies, it still did so. While the ECI argued that it only allowed a physical inspection of voter rolls, voters' privacy was still violated without a legal mandate to do so.

Benefits of Aadhaar Integration with EPIC

1. Accessible Voting for Migrant Workers: There have been calls to allow migrant workers, whose numbers may be as high as 300 million, to be given the right to vote regardless of their location, in order to let them participate in elections in their home states. The government has admitted to Parliament that it lacks national level data on migrant workers and their registration. Given this, it could be argued that linking the two databases will allow the ECI to track migrant workers and build out its database on migrant voters, enabling their participation in elections from their places of work.

2. De-duplication of Voter IDs: The ECI argues that linking these databases through an intermediate platform can help avoid duplicate voter ID cards when people move from villages to cities in search of work. Duplicate cards could, in theory, lead to significant electoral fraud or double voting. Linking the EPIC database to Aadhaar reduces duplication since Aadhaar details are collected using biometric information, which cannot be replicated. Consequently, this would allow migrants to vote outside of their home-towns since a change in residence can be updated on their Aadhaar Card, which is used to receive benefits, which can directly update the EPIC database as well. 

It should be pointed out that the proposed amendment deems the linking to be voluntary, and not mandatory. This amendment also would not remove other forms of identity deemed acceptable to receive and verify an EPIC card, such as driving license, passport, utility bills and other documents.

Pitfalls of Integration

1. Legal and Privacy Concerns: The proposal fails to specify the extent of data sharing between the two databases, the methods through which consent will be obtained, and whether consent to link the databases can be revoked. To obtain a voter ID card, or an Aadhaar card, one can use any of the prescribed documents. This information, when linked to the EPIC database, can result in targeted political advertising, and also disenfranchisement. There have been examples of targeted surveillance using Aadhaar information and demographic data. In Andhra Pradesh, 5.167 million families' locations could be tracked on a website run by the state government, using religion and caste as search criteria. This publicly available list used Aadhaar numbers to match people to theirdemographic data and even their location.

If India passes a Personal Data Protection Bill and decides to press ahead with voter integration, it might be worth examining South Korea's data protection and voting regime, since it mandates data minimisation. It has enabled limited forms of e-voting and other e-governance frameworks while ensuring strong data protection laws to facilitate this push. Its data protection regime applies to government entities as well, apart from private companies, with the burden of proof to prove that personal data was collected voluntarily falling on the data collector. Moreover, for a government agency to share data across the government, the explicit consent of the individual inquestion must be obtained, and even then, the principle of data minimisation is to be followed. 

2. Scope for Fraud: In multiple court cases, UIDAI has admitted that it has no information about the enrolment operator, agency, or even their location while enrolling someone in Aadhaar, raising questions about dubious enrolment practices. Multiple concerns regarding the safety of individual privacy in the Aadhaar database have been raised in the past. Many activists note that Aadhaar is prone to leaks and therefore can undermine the sanctity ofthe electoral roll. UIDAI and MEITY, for the first time admitted to false Aadhaar cards being aproblem in a written answer to Parliament during the 2020 monsoon session. 

With this information in mind, the validity of voting cards that are authenticated by Aadhaar cards which could be dubiously created, is put under question. Unless there is a way to verify the Aadhaar card used to verify one's EPIC card, the exercise's intended aim, to remove duplicate voters from the rolls, will be undermined. The case of PAN cards is illustrative; given that Aadhaar cards are now used to verify identity of the PAN holder, the authenticity of the Aadhaar cards will determine the authenticity of the PAN card. UIDAI has earlier accepted the scope of fraud in Aadhaar, and thus this could extend to fraud in PAN as well.

3. Risk of disenfranchisement: A further argument against the integration of EPIC and Aadhaar is that it is a redundant exercise, primarily because those who have obtained EPIC cards have already proven their citizenship and identity using more reliable documents, such as a driving license, passport, bills,and other proofs of identity and residence. Reports by the World Bank and European Union on integrating social and electoral registries have argued strongly against such integration. The evidence shows that an integrated ID card will disenfranchise voters due to a lack of documentation, undermining the very purpose of integration. 

Conclusion

In 2019, Justice B N Srikrishna, Chairman of the Committee that drafted the Personal Data Protection Bill, called the ECI's proposal to link the two databases "most dangerous," arguing that "if [the government] can collate the data, [it] can profile human beings." This note has already explained the ease with which governments can profile their citizens, as seen in Telangana and Andhra Pradesh, without robust legal hurdles to prevent the misuse and abuse of personal data.

In this note, we have examined the implications of the potential integration of Aadhaar and Election Cards. On balance, we argue against this move, in its proposed form. While we acknowledge that the move seems likely, given the government's desire to push forward with this proposal and its majorities in Parliament, the exercise raises serious questions about the privacy of voters, and by extension, the sanctity of the electoral roll, undermining the very justification for the integration.

On balance, the proposed amendment in its current form does not address the right to privacy that is guaranteed to individual citizens, and does not address the technological mechanism through which an integration would take place. Data minimisation with electronic signatures might be a way to ensure that individual data is not abused by the government, but given previous attempts at integrating social registries with Aadhaar, it seems unlikely.

Given the lack of clarity on the mechanism of this proposed integration, we would recommend that UIDAI and the ECI reconsider this proposal until clear safeguards to protect individual privacy are made clear, until the databases are further secured to prevent potential leaks, and processes and mechanisms to prevent disenfranchisement of voters during this exercise are developed.