Despite misgivings in many quarters, especially about the security of the biometric data collected by the Aadhaar project and the possibility of abuse of privacy when the scheme is put to many uses by the government, the overall reality is that India has pulled off a coup of the kind seldom seen before.

Aadhaar, which now has the biometric data of over a billion Indians, is comparable to the kind of success achieved by Google, Apple, Facebook, Alibaba and Amazon. Even though it is a project pushed down many unwilling throats by government using unfair means, including the coercive power of a weak state, having gotten this far it makes more sense to seek benefits from it than to diss it.

Aadhaar is the greatest technology platform created by India, and the reason why one can compare it to Google or Facebook is simple: technology platforms enable the creation of growing networks that ultimately create huge value. The world over, platforms have valuations that are several times that of pure technology companies, because once users, software developers and companies start building their own usage and business models around you, you acquire enormous power. Nobody can say today that they won’t develop an app for Apple or Android, unless they don’t want to succeed in business. Tomorrow, using our billion-user database, India can insist on mobile phone companies and other platforms burning Aadhaar-authentication capability directly onto their hardware and software. It is our leverage with the Googles of the world, which are enormously powerful in the world of technology.

If, after addressing privacy and data security concerns adequately, the Unique Identification Authority of India (UIDAI) converts itself into a full-fledged technology company and not just a repository of IDs, and if it lists on Nasdaq, it is not inconceivable that it will be valued at $50-$100 billion over the next decade, especially if it charges for commercial applications. That is what converting a simple solution to give poor people IDs means when it becomes the core around which thousands of other businesses can be built.

Consider what all is already visible.

Reliance’s Jio could activate 100 million users using the Aadhaar e-KYC. It could not have done so in six months (without incurring huge costs) if there was a need to get millions of people to physically fill forms and authenticate their IDs and addresses. Aadhaar the platform enabled this.

Kotak Mahindra Bank has launched its 811 service, under which you can become a bank customer purely by signing into its app using your PAN and Aadhaar e-KYC. You can operate deposits upto Rs 1 lakh doing this.

IDFC Bank is an early mover in the use of Aadhaar-authenticated payments to merchants. No need for credit cards, cash, or even e-wallets. Just an Aadhaar fingerprint at the merchant end will do. On 14 April, Babasaheb Ambekdar’s birth anniversary, Narendra Modi will launch Aadhaar Pay, a biometric-based payments system which will enable even the illiterate to operate a bank account and make payments using fingerprint scanners. IDFC Bank, which has already launched the service, says in two weeks it will get five lakh merchants on board for Aadhaar Pay. Clearly, at some point Aadhaar Pay can be burned into bank apps, or even downloaded as a payments app for use on any smartphone.

If you really come to think of it, Aadhaar may end up doing more for ease of doing business in India than all those measures announced for single-window clearances, reduction of licensing requirements or reducing bureaucratic delays. It will enable more and more businesses to build themselves around this database, levelling the field for all kinds of players, big or small, manufacturing or services.

Aadhaar is a winner, the biggest killer-app India has designed in the modern age. We can’t let go of this advantage we created by blundering into it.

Nandan Nilekani, the father of Aadhaar, has assured us that the data is secure. He told The Times of India in an interview that Aadhaar is “very secure. The agency collecting the data has no access to it as it uses the most advanced encryption technology. The data packet is encrypted at source. Even before the data you have given is written onto the disk, it is encrypted. You can’t open it. It’s a very, very secure system. The level of encryption that Aadhaar has is way above any other system today, including in the private sector. Plus security keeps getting enhanced.”

That’s reassuring. But there is still scope for misuse. Three things can be legislated to reassure citizens that Aadhaar is no licence to kill.

First, the provision that Aadhaar details can be shared on a joint secretary’s say-so is dangerous. Joint secretaries (JSs) are career babus, and it cannot be anyone’s case that they won’t bow to pressures from the top. The JS authorisation (apart from courts) should be replaced by a three-member panel’s authorisation. This panel could include a retired high court judge plus an eminent citizen with clear credentials on personal liberties.

Second, despite Nilekani’s assurances, data breaches do occur. From Yahoo to Google, from banks to credit card details, data leaks have occurred despite high security. We can’t prevent all leaks, given human mistakes or perverse incentives to do so. Let’s also remember, even Swiss bank account details have been leaked. So there must be a simple compensation process for people whose personal details (or financial positions) have been leaked or lost due to hacking or theft. The compensation must be immediate and the need for elaborate investigations and proof should not be required if a data leak is obvious.

Third, the provisions against misuse that is now part of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act needs to be elevated to a separate law on data security and protection of privacy for any private data held by anyone – by government, corporation, or businesses. A Google or a State Bank of India or an income-tax department should be equally liable to compensate individuals for leakages of data that they are custodians to. And punishments, if the source of leakage or abuse of authority is discovered, should be exemplary.

It is easy to believe that Aadhaar data needs protection from breaches, but we forget that almost every business collects data about us all the time. Google knows what you searched for, your location and where you are going. So do many mobile companies. Your bank or credit card company knows where you had dinner last night, and what your monthly spends are on what kind of products.

We need privacy protection not only in Aadhaar, but in every business or public service that collects data from us, whether voluntarily or otherwise.