Mozilla executive chairwoman Mitchell Baker has appealed to justice Srikrishna headed committee on data protection for "strong recommendations and overall framework". Last year, the ministry of electronics and information technology (MEITY) formed a committee headed by justice Srikrishna to propose recommendations on data protection and formulate a comprehensive legislation around it. The committee had brought out a white paper on data protection and had sought public feedback by January 31.

The non-profit which works for free software and open standards voiced its concern over a series of breach incidents wherein data related to Aadhaar was made public. Flagging its concerns towards a strong data protection framework, Baker pointed at four privacy safeguards which were missing in the draft white paper.       

First is the exemption of biometric information from the definition of 'sensitive personal information'. "This is backwards, biometric information is some of the most personal information, and can't be "reset' like a password," Mozilla chairwoman wrote in a statement carried as an advertisement by some of the Indian national dailies.

Second, she pointed at the lack of meaningful consent in the very design of Aadhaar programme. "For example, by the ever increasing number of public and private services that are linked to Aadhaar without users being given a meaningful choice in the matter," she said. As remedy, she pressed for stronger consent, data minimization, collection limitation, and purpose limitation obligations.

Third is the broad exemption given to law enforcement agencies in terms of accountability and legal restrictions on how user data may be accessed and processed. The exemptions, Mozilla said, could have been narrow meeting the "legitimate needs of law enforcement".

Fourth, Baker underlined the doubts casted by the committee on whether individuals should be allowed a right to object over how their data is processed. "This is a core pillar of data protection, without a right to object, consent is not meaningful and individual liberty is curtailed."

"There is resounding support for privacy in India, and the Supreme Court has made clear that the protection of individual privacy and security is an imperative for the Government of India. We hope you and your colleagues in the Government of India will take this opportunity to develop a data protection law that strongly protects the rights of users and makes India’s framework a model for the world," she wrote.