Last year, India’s top court ruled that the central government’s national identification system – Aadhaar – doesn’t violate the privacy of citizens. Now, there are three major developments on this front that might put privacy activists on high alert.

First, India’s parliament passed an amended bill on Aadhaar that allows voluntary use of the ID to open a bank account or get a SIM card and penalty for any private company if it stores Aadhaar data – a step to curb frequent data leaks.

Then the government’s chief economic advisor, K Subramanian, said in this year’s Economic Survey report that a master database built by the government collating all the citizens’ information too – with Aadhaar at the heart of it.

And finally, in the annual budget presented by the reelected government’s finance minister Nirmala Sitharaman, suggested that Aadhaar should be used to file taxes instead of PAN (Permanent Account Number) – an ID issued by the country’s tax department. Earlier this year, the government made it mandatory to link the Aadhaar card to the PAN to file taxes.

Impact of these developments

While the amended bill notes that use of the Aadhaar card is voluntary, companies have refused to give out new SIM cards without an ID in the past. The modified bill also introduces a penalty of Rs 1 crore ($146,045) and jail for private entities who store Aadhaar data. However, there’s no clarity at the moment as to how authorities will monitor and audit private firms; there’s also no details on who will bear the responsibility of checking Aadhaar data has been fairly used.

Subramanian’s suggestions in the Economic Survey 2019 also raises a lot of concerns. He said the collection of data can be used for good. In a chapter named ‘Data of the people, by the people and for the people,’ the survey notes the government already possesses large troves of data, and it’s just a matter of centralizing it:

The prospect of empowering the government with such comprehensive, exhaustive information about every citizen may sound alarming at first. However, this is far from the truth. First, large quantities of data already exist in government records, and the objective is only to use this data in a more efficient way.

Several reports in the past couple of years have outlined the dangers of a central database containing biometric information of over a billion people. However, the government remains convinced it can handle all the privacy problems.

The finance minister’s suggestion to use Aadhaar instead of PAN means that could render the latter virtually irrelevant for taxation purposes. Furthermore, since Aadhaar numbers don’t obscure citizens’ identities, it puts their tax records and other information stored in the central database at risk of exposure.

All proposals also ignore the fact that India still doesn’t have a data privacy law in place. Last year, the authorities presented a draft version of the bill, which was supposed to be tabled in the parliament for a discussion in June, but the decision has now been delayed. To co-exist with this bill, Aadhaar might need special exemptions and privileges that seriously threaten citizens’ rights to privacy.

Months after the country’s supreme court limited the scope of mandatory Aadhaar usage, the government is pushing new schemes and economical suggestions to increase usage of Aadhaar. It’s even encouraging to build a central database using the ID that can be potentially used as a surveillance tool. India’s only hope to get out this mess is a solid data protection bill that can overpower Aadhaar, but unfortunately – chances of that remain paper thin.

Read next: Social media shaming and forgiveness: why nobody's beyond the pale