The launch of the National Digital Health Mission (NDHM) was announced on August 15, 2020. NDHM intends to create a voluntary Unique Health Identifier (UHID) based on the voluntary use of Aadhaar. NDHM will maintain health records of a patient’s information that will be ‘manageable and interoperable with various subsystems’. The pilot of this process has been launched in six union territories and will soon also be launched across India. Doctors in Chandigarh note having been “compelled” to register for a voluntary UHID with the NDHM. Further, individuals getting vaccinated against COVID-19 are being automatically enrolled for UHID without their informed consent.
The NDHM’s strategy document states the development of privacy by design: “A National Policy on Security of Health Systems and Personal Health Records will be developed in accordance with the Personal Data Protection (PDP) Bill, 2019”. In March 2021, the Joint Parliamentary Committee reviewing the PDP Bill, 2019, was given a fourth extension till the Monsoon session of the Parliament to submit its comments on the Bill. Till the Bill is passed, there is no legal framework to protect anyone’s right to privacy.
Impact of the (in)ability to disclose gender and sexuality in data systems
With the global push for the use of a biometric-based digital ID to “leave no one behind”, the understanding around identification and citizenship has significantly shifted to mean a person being under the constant surveillance of the State, including details of their gender identity and sexual orientation, among others. Globally, State-based surveillance has seen a significant rise during the COVID-19 pandemic, consequently redefining the global understanding of agency, consent and bodily autonomy.
Women who cannot produce their own and their husband’s Aadhaar cannot access maternal benefits. Accessing abortion services in the public healthcare system without an Aadhaar is not possible. According to the new law, transgender persons are expected to produce a medical certificate to be able to self-identify their gender within the binary on their IDs including Aadhaar. Mandatory use of Aadhaar for a life-affirming treatment like Anti-Retroviral Treatment (ART) has resulted in individuals discontinuing their treatment fearing a breach of their privacy. In the current wave of the pandemic, even procuring oxygen requires Aadhaar!
Evidently, in the present digital framework, the human rights guaranteed by the Constitution of India become relevant and available only if individuals are able to turn themselves into neat (and perfect) categories of data – cisgender, heterosexual, able-bodied, married (and remaining married), among others, through the use of a 12-digit number and biometrics such as finger prints, iris scan, and facial recognition (the most recent addition). There’s also a DNA Bill in the works! This list also seems to include information related to one’s sexuality and gender. The inability to turn different parts of one’s self into data, ironically with an instrument introduced to fulfil constitutional guarantees, has resulted in a whole range of exclusions for gender and sexual minorities[1]. Contrary to constitutional guarantees, these exclusions become far higher and more complex due to the existing marginalisation owing to an individual’s caste, class, religion, educational qualification, and so on.
Apart from systematic exclusions faced by individuals, evidently the mandatory use of a biometric-based digital ID has also reshaped the understanding of an individual’s agency and right to bodily autonomy. Gender and sexuality seem to no longer be matters of an individual’s right to privacy. With digitisation, disclosure of one’s gender and sexuality has become a hindrance to accessing one’s rights. However, the inability to disclose such details would also mean exclusion. In a country where anything related to sexuality is considered taboo, it becomes an additional burden when individuals are forced to reveal details related to their gender identity and/or sexuality to gain access to their rights.
Redefining the meaning of agency and bodily autonomy
The use of a digital ID to authenticate the use of a public health service also tracks the individual’s personal terms of engagement with another consenting adult – as seen with single mothers, cis women accessing abortion services and with the professional agency exercised by sex workers – in order to access essential SRHR services. This also implies the conscious dismissal of or the erasure of the right to privacy for individuals belonging to gender and sexual minorities. Presently, as there is no legal framework to protect an individual’s right to privacy in India, there is no assured protection or recourse against any breach of privacy. Besides, the constant vacillation between voluntary and mandatory use of Aadhaar over the last several years – even prior to the Supreme Court verdict that upheld the constitutionality of the Aadhaar Act – has gradually changed the general understanding of consent. Mandating the use of Aadhaar to access welfare, inspite of exclusions, further emphasises the changing understanding of consent. We don’t really have a choice! Changing our understanding of consent over time is a subtle way of redefining our understanding of individual agency. The ‘voluntary’ use of Aadhaar without informed consent to create a digital health ID is yet another example of the same.
In digital systems, the disclosure of an individual’s gender identity and sexuality seems to be essential to access all public and private services, well beyond SRHR services, by using a government-issued ID. Digital data implies interoperability across multiple devices, formats, and locations. The inability to comply with such exposure of oneself due to various reasons beyond one’s control such as exclusionary design, authentication failures, access to Internet, marginalisation, and so on, seems to mean exclusion. This is an inherent flaw with digitising offline systems without rectifying the existing structural problems. Yet, the ability to codify oneself into different data systems also does not guarantee inclusion and access to sexual and reproductive health and rights, or any other right for that matter. However, such exposure does increase one’s vulnerability to data breaches, especially without a legal framework for protection. The data breach on CSC Bhim site in 2020 included information such as Aadhaar details, addresses, bank records, caste certificates, and a complete personal profile of the users’ biometrics, among others. The current version of the PDP Bill has no provision to inform individuals in case their data is breached.
Evidently, mandatory use of a digital ID, data breaches, and the continued exclusions then significantly reshape the understanding of an individual’s agency, right to bodily autonomy, and consent, especially for gender and sexual minorities owing to the historical marginalisation faced by them.
Shaping reality using bad (exclusionary) data sets = Erasure!
The insistence on using data to make welfare decisions, including access to healthcare, has the potential to hardcode existing offline biases into digital data systems due to the biased datasets that are fed into Automated Decision Making Systems (ADMS) that use Artificial Intelligence (AI) and Machine Learning.
This also includes datasets that impact sexual and reproductive health and rights related services. The continued inability of individuals to enter data systems will lead to their civil death, and with a diminishing dataset of a particular identity, might even lead to the erasure of a whole population group over time.
With the constantly changing understanding of consent in addition to the existing marginalisation, individuals don’t have any real control over the data collected from them or the use of this data, especially in the absence of a regulatory legal framework. From apps to IDs, from private players to the State, everyone wants a piece of your data. The understanding of agency and autonomy is likely to further devolve when ADMS will determine the ability of an individual to access healthcare using algorithms. How will certain highly sensitive details such as HIV status, number of abortions undergone, or gender identity play a role in determining the eligibility of a person to access insurance services and healthcare? How will this access be further shaped by other data such as caste or religion or disability status, factors historically used to discriminate against and marginalise individuals? What is the morality being used to shape the understanding of these systems? Is it the morality of a cisgendered heterosexual reality that is being used to shape the algorithm of these systems? What about the rest who don’t fit into that paradigm? What is the interpretation of the ‘reality’ that we are allowed to exist within? Is it a State-sanctioned understanding that: Upper caste/class + cisgender + non-disabled + heteronormative + married = human?
* Author’s note: At the time of publication of this article, the excessive dependency on technology has impacted the access to COVID vaccines in rural India , and also of those without an Aadhaar in urban areas.
[1] Gender and sexual minorities in the context of this essay includes all (married and unmarried) cis women, transgender+ persons, LGBQIA+ persons, persons with disability (because there is often erasure of their sexuality), sex workers (female and trans+), and all those who identify themselves to be non-heteronormative with respect to their gender and/or sexuality.
Cover Image: Unsplash