Opinion

Aadhaar's Convenience Must Not Outrun Its Consent

Thirty-one million Aadhaar downloads and a relaunched Aarogya Setu prove Indians want digital identity — but adoption is not proof that consent is being honoured.

Arjun Nair

Opinion & Analysis ·

6 min read
A smartphone displaying the Aadhaar app with a QR-code identity screen, illustrating India's expanding digital identity ecosystem

India has built two of the most consequential digital habits of its citizens in the space of a few years, almost without asking permission for the scale of trust it now demands in return. The Aadhaar app has crossed 31 million downloads, turning a card once handed over in full to any official who asked into a QR-code scan meant to reveal only what a transaction needs. Aarogya Setu, once a pandemic-era tracker installed on hundreds of millions of phones by necessity rather than choice, has been relaunched as a personal health record app, asking citizens to now voluntarily entrust it with prescriptions, vaccination certificates and diagnostic reports. Two apps, two ministries, one shared question: does India's digital identity infrastructure actually run on consent, or does it merely gesture at consent while convenience does the real work of adoption? We think the honest answer is closer to the latter.

Convenience is not the same as consent

The Aadhaar app's central promise is a genuine improvement: consent-based, selective sharing in place of full document disclosure. Instead of handing over a card exposing a full name, address, date of birth, photograph and a twelve-digit number to whoever asks, a resident can in theory prove only the specific fact a transaction requires. That is a real design achievement. But a mechanism for consent is not a culture of consent. The app's usefulness depends on whether every party demanding a scan, a bank teller, a hotel front desk, a telecom retailer, respects the boundary of what was agreed to be shared, rather than treating the QR code as a pretext to extract more. Nothing in 31 million downloads tells us that discipline exists, only that scanning has become habit. Adoption measures how thoroughly a tool has been woven into daily life; it says nothing about whether institutions on the other side are behaving themselves.

Recognition is not trust, and Aarogya Setu proves it

If Aadhaar shows what happens when a consent mechanism outruns institutional discipline, Aarogya Setu shows what happens when a brand tries to outrun its own history. The relaunch is a shrewd bet: the app already sits on millions of phones, and reviving a familiar name shortcuts building public awareness from zero. But that shortcut has a cost. The same recognition that eases adoption drags along the baggage of an app once associated with location tracking and exposure alerts, uses citizens tolerated because they had no real choice, not because they were freely asked. Health data is more sensitive than almost anything a person hands over, capable of revealing chronic illness, mental health history and reproductive decisions. Repurposing a surveillance-era app to hold that data without a visible, sustained break from its past is not consent. It is momentum borrowing the language of consent.

The strongest counterargument, and why it is not enough

The fair rebuttal is that both platforms solve real, unglamorous problems paper systems failed to solve for decades. Aadhaar was built for a population where documentation was patchy or unavailable to the poor and those in remote areas; it let people prove eligibility for subsidies or open a bank account without a paper trail many could not produce. Aarogya Setu 2.0 answers a separate failure: records scattered across paper files and disconnected clinics, doctors starting from scratch with a patient's unreliable recollection, tests repeated because the last lab's report never travelled with the patient. These are real frictions in Indian life, and a portable, selectively shared record is a legitimate answer to both. We do not dispute the underlying ambition. Our objection is narrower: solving a real problem does not entitle a system to skip proving, continuously, that consent is being honoured rather than merely offered.

Scale is the warning, not just the achievement

The more sectors that plug into Aadhaar-based verification, welfare, banking, telecom, travel, education, private-sector onboarding, the more valuable the data becomes as a single thread connecting a person's financial, civic and personal life. That concentration of value is precisely what should make safeguards non-negotiable, yet the incentives run the other way: every sector that adopts the same rail makes the system more useful and more tempting to misuse, and neither pressure slows the other. The same logic applies to Aarogya Setu. Its value depends on interoperability, on hospitals, labs and insurers plugging in so records move automatically rather than through manual uploads. But interoperability is also where health data's sensitivity multiplies fastest, since a record once confined to one clinic's cabinet becomes visible, in principle, to every connected node. Insurers eyeing a verified health history for claims is the clearest example: useful for settling claims, troubling once that visibility shapes pricing decisions a patient never agreed to.

What should happen next

None of this argues for slowing digital identity or digital health in India; both are overdue and already delivering real convenience. It argues for treating consent as infrastructure in its own right, not a checkbox bolted onto infrastructure built for other purposes. That means clear, enforceable rules on who may demand a QR scan and what happens to entities that overreach, rather than leaving compliance to the goodwill of banks and telecom retailers. It means Aarogya Setu earning trust through a transparent, public consent and deletion framework, not brand recognition alone, and inviting independent scrutiny rather than resisting it. It means regulators stating in advance whether insurers can ever use health-record access to inform pricing, rather than letting that boundary get tested quietly later. And it means treating grievance redress as seriously as uptime: a system used by tens of millions cannot afford ambiguity about who is liable when things go wrong. Momentum has built adoption. Policy design, not momentum, will determine whether it was ever really consensual.

The bottom line

  • Thirty-one million Aadhaar app downloads and a relaunched Aarogya Setu show genuine public appetite for digital identity and digital health tools, but adoption figures measure habit, not whether consent is actually being respected by every institution demanding a scan.
  • Selective, QR-based disclosure and portable health records solve real problems, undocumented citizens under the old paper system, fragmented medical histories under the old clinic system, and that legitimacy should not be dismissed.
  • Recognition is not trust: reviving a pandemic-era app for a new, more sensitive purpose carries forward old scepticism unless privacy safeguards are made visible and sustained, not merely assumed from the brand's familiarity.
  • The next phase must be enforceable rules on who can demand data and why, transparent consent and deletion frameworks, explicit limits on uses like insurance pricing, and serious grievance redress, so that convenience does not quietly harden into routine surveillance.
Share

You may also like to read