Trust, Privacy and India’s Urgent Need to Protect Both
(Bloomberg Opinion) -- The world’s biggest repository of citizen information, India’s Aadhaar database, is now beyond the private sector’s reach. That was the verdict last week by the country’s top court, which refused to strike down the entire biometric-based system as unconstitutional. Now only the government can use it, and that’s a problem.
Fulfilling regulatory “know-your-customer,” or KYC, requirements by verifying a bunch of paperwork once again will cost a lender about 1,000 rupees ($13.80). So-called Aadhaar e-KYC used to cost only 20 rupees, as the Bangalore-based tech lawyer Rahul Matthan told BloombergQuint. This involved obtaining a customer’s unique 12-digit identification number and querying the central database for an electronic copy of personal information including name, address, date of birth, gender, photograph and mobile number.
Now that e-KYC checks using the database are prohibited, telcos will have to spend 100 rupees to physically verify every new connection, six times more than the cost of Aadhaar-based registration, according to Fitch Solutions Macro Research. That will slow the momentum of providing new digital services.
The ruling gives little leeway for the likes of Reliance Jio Infocomm Ltd., which used e-KYC to acquire 215 million users of its fourth-generation telecom service in just 22 months. Any new law opening a side door to the database also would face judicial scrutiny.
This is a big win for privacy, recognized in a separate Indian court ruling last year as a fundamental right. In light of that earlier judgment, it made sense to bar people from agreeing, even voluntarily, to the commercial exploitation of their digital identities obtained by the state.
However, just as privacy is integral to physical life, trust is central to economic life. And if it’s going to be 50 times costlier for someone to make a service provider (or its regulator) believe she really is who she says she is, then the consequences can’t be good for the economy, especially for those just starting to taste the benefits of financial and digital inclusion.
Knowing the identity of the customer is a hassle. KYC is “costly and laborious, and hugely duplicative,” as Singapore’s central bank chief Ravi Menon said in a speech in 2016, describing it as “one of the biggest pain points in the financial industry.” In Hong Kong, a financial institution takes an average of 38 days to complete the formalities and sign up a new client, according to a survey.
The Indian Supreme Court’s move threatens to be a showstopper, though it needn’t be. With a new bill more limited in scope than the disproportionately wide section of the Aadhaar law that was struck down, it may be feasible for New Delhi to own and operate a KYC utility. That way, India could balance the concerns of privacy and trust: by allowing the private sector to only make “Yes/No” queries of the central repository when a customer wants to establish her identity.
Since the data of 1.3 billion citizens can still be used by the government to distribute benefits and collect taxes, there’s no further loss of privacy in letting the system broadcast whether the state knows a person well enough to a let her to open a bank account, or take out an insurance policy. Let Aadhaar data be beyond the reach of companies, as long as they’re allowed to ping the KYC utility to fulfill their obligations to regulators. Privacy may be priceless to an individual, but as a public good, trust also must be supplied. And as cheaply as possible.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Andy Mukherjee is a Bloomberg Opinion columnist covering industrial companies and financial services. He previously was a columnist for Reuters Breakingviews. He has also worked for the Straits Times, ET NOW and Bloomberg News.
©2018 Bloomberg L.P.