On 12 December, the Indian government-appointed Lieutenant-Governor Manoj Sinha announced that his administration will establish a J & K Family ID database for all the families residing in India's Union Territory of Jammu and Kashmir. A unique alphanumeric code – pehchan patra (identity card) – will identify family members through the head of the family.
The family pehchan patra will use a unique eight-digit alphanumeric code to identify each family and its members. The card will have information on all the family members including their employment status, names, ages, qualifications and so on. Additionally, this card is supposed to be linked to Aadhaar – the world's largest biometric ID system – and the bank account number of the head of the family. The administration has said that the new database will help with better delivery of government schemes, including old-age pensions and scholarships.
Although some Indian states have built similar databases, the Indian government's iron-hand militaristic policies in Kashmir have made people doubt the stated goals behind this database. The government has heavily securitised Jammu and Kashmir since the abrogation of Article 370 in August 2019. The article gave limited autonomy to the region and accorded exclusive domicile rights to its permanent residents. The abrogation of the special provision also accompanied the bifurcation of the state into two union territories – Jammu and Kashmir, and Ladakh – and its demotion to the status of a union territory controlled by the central government, instead of its own elected legislature.
India currently does not have a data protection law, and a fourth iteration of a data bill, the Digital Personal Data Protection Bill (2022), was recently published for public feedback. Interestingly, it provides little to no safeguards against government surveillance. The bill grants broad exemptions to government agencies "in the interests of sovereignty and integrity of India, security of the State" and so on, without any procedural safeguards such as restrictions on the data collected, its retention and access to it. The bill is in line with India's existing surveillance laws, which do not provide for universally accepted safeguards such as mandatory judicial and independent oversight. For example, the Information Technology Act provides for the formation of an oversight mechanism via a review committee. However, the review committee is entirely composed of government officers and does not have judicial officers, making its independence questionable. Similarly, while the Criminal Procedure Code enables both a court and a police officer to compel the production of data, it is more commonly used by police officers without securing a court order. The legal vacuum on data privacy and wild-west surveillance laws in India indicate that there will be no limitations on purpose or retention of the data collected for the Family ID. Linking individuals together using this database goes beyond Aadhaar, which primarily collects individual biometric data.