Digital Identity And Biometrics In India: Governing Privacy And Security In The Digital Age

Satyam Singh, Research Scholar, Deen Dayal Upadhaya Gorakhpur University, Gorakhpur, Uttar Pradesh

Dr. Ashish Kumar Shukla, Assistant Professor, Deen Dayal Upadhaya Gorakhpur University, Gorakhpur, Uttar Pradesh

ABSTRACT

This article examines the regulation of digital identity and biometric systems in India through the lens of data governance, privacy, and cyber security. It traces the historical development of Aadhaar and the broader ‘JAM’ architecture, situating these initiatives within a constitutional jurisprudence that recognizes privacy as a fundamental right. It then analyses the principal legal instruments the Information Technology Act, 2000; the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; the Digital Personal Data Protection Act, 2023; and the 2022 CERT-In directions and discusses how they allocate responsibilities and risks across public and private actors. Against this backdrop, the paper assesses technical and governance challenges in biometric enrolment and authentication, the political economy of direct benefit transfers and financial inclusion, and the rise of facial recognition in public service delivery and law enforcement. Drawing on international standards such as NIST SP 800-63-4 and World Bank ID4D guidance, the article proposes a policy agenda for rights-preserving digital identity, including risk-based assurance levels, formal prohibitions on open-ended surveillance, independent oversight and auditability, stronger breach notification and redress, and inclusive design to reduce exclusion errors. The analysis concludes that India can harness the developmental benefits of digital identity only by embedding privacy-by- design and security-by-default into institutional practice, supported by legal safeguards and robust accountability mechanisms.