Enrollment in India’s biometric-based universal ID program Aadhaar is approaching the remarkable count of 790 million and nearing saturation levels — 90 percent or more — in some states. Even if the pace of expansion slows as enrollment extends to groups more difficult to reach, the Aadhaar is now poised to provide the basis for “Digital India,” and to help rationalize India’s labyrinthine web of subsidy and other programs. Participation is voluntary, but after the expected passage of the National Identification Authority of India (NIAI) Bill, it will be legal for any service or program to require clients to authenticate themselves against their Aadhaar number. India will then join the considerable number of countries, including Peru, Pakistan and Chile, where interactions between states and citizens, and also often between private parties, are based on a centralized national identity infrastructure.

What is needed for the next stage of Aadhaar to proceed smoothly and effectively? First, sustained attention to data security as well as data privacy. India cannot afford a Korea-type debacle where hackers reportedly copied 80 percent of their population database. The bill under consideration includes a number of provisions to safeguard data held by the NIAI and to prevent the collection of some sensitive items, but it has shortcomings. It is unclear on the possible scope of personal data that can be retained by NIAI, and also on the duration for which transactions data can be held, for example, records of authentication requests. Official demands to access NIAI data on law-and-order or national-security grounds can be submitted by the relatively low administrative level of joint secretary, rather than only by the highest levels of government. To be taken up, complaints must be submitted through NIAI itself, suggesting a serious conflict of interest. There is no provision for damages caused to private individuals from the unauthorized release or misuse of data by NIAI or its employees.

Most problematic, the bill is almost silent on the potential use of the Aadhaar number to link individual records across a wide range of data sets. This, it proposes, should be possible with the consent of the individuals concerned. But it is almost impossible for an average consumer to fully understand the details and ramifications of large-scale data-sharing. Moreover, just as the requirement to show a “voluntary” credential for an essential service introduces a degree of coercion, it is difficult to imagine, for example, individuals desperate for health insurance, social support, passports, bank accounts, and so on refusing to sign the fine print on data policy.

This is not to argue against sharing in principle. Some is basic to the argument for Aadhaar, for example, to rationalize social programs and weed out multiple enrollments. Pakistan’s example of being able to combine information on occupation, bank accounts, property registration, and travel to identify potential taxpayers will be applauded by those concerned about the ability of the rich to evade taxes — even though in that case there has not yet been the necessary political commitment to follow up. However, appropriate legislation is needed to define the permissible purposes of sharing and limits to protect the privacy of personal data, as well as a credible mechanism of enforcement. Although these issues go beyond the NIAI itself, a strengthened and empowered Identity Committee (suggested as a review body in the bill) could form the nucleus of an oversight mechanism and be combined with an identity ombudsman to help support legitimate claims for redress.

A second priority for a smooth transition to orbit is a strong focus on the implementation of programs that use it, especially the customer experience. Frictions and frustrations are inevitable as new approaches are implemented. For example, to shift from a price subsidy to targeted consumer compensation individual users need to be identified and de-duplicated, and their identities linked up to payments mechanisms. There may be disputes, for example, on eligibility. Initial experience, for example, with the LPG program as well as even successful examples in other countries, suggests the need for a strong focus on ensuring that programs have effective grievance mechanisms, complete with monitored service standards, to ensure that problems are addressed and resolved expeditiously. Some problems may be complex even if others are be simple. For example, identifying by Aadhaar numbers may be very precise but Indian names can be transcribed in different ways, causing a nonmatch in biographic data when it comes to linking distributor accounts with bank accounts. Some LPG customers with multiple bank accounts were not able to initially find which account the transfer had been credited to. Taking the long view, transition arrangements — including transitional advances where needed — need to be long enough to bridge the period of rocky implementation and also to enable those initially without an Aadhaar to acquire one before being frozen out of the new systems.

Fortunately, the same advances in ICT that have helped to create and roll out the Aadhaar can be used to monitor the implementation of programs that use it. UIDAI has been able to monitor the enrollment process in great detail, including through the collection and analysis of data on each individual enrollment process. Each rollout of an Aadhaar-based program should include a similar and public monitoring process, together with service standards on the handling and resolution of grievances. As for the LPG program, customers should be able to access a “one-stop shop,” and to follow the status of their case on the internet. Each major rollout of a new system should benefit from objective review and analysis, helping to ensure that technology contributes to the growth of a results-based culture.