Privacy Peril in Pixels: India's Digital Census Dilemma

Introduction:  

When British administrators conducted India's first nationwide census in 1881, the logistical challenge was enormous; tens of thousands of enumerators needed to go out across a vast subcontinent, recording lives on paper by lamplight. A century and a half later, the challenge has changed its character entirely. The upcoming Census 2027, the sixteenth in India’s history and the eighth since independence, will be conducted not on paper but through mobile-based digital systems, raising questions that go far beyond logistics. As the census becomes increasingly data-driven, it is no longer only about counting people but also about protecting the vast volume of personal information being collected from them. 

What is a census and why do we need it? 

A census is a nationwide exercise through which the government collects detailed demographic, social, and economic information about the population. Census data forms the foundation for policymaking, welfare schemes, infrastructure planning, healthcare, education, urban development, and the distribution of public funds. It also helps determine electoral representation, administrative planning, and long-term economic strategies.  

How is it being carried out?  

For things to work smoothly, the census framework has been redesigned around a fully digital system that replaces the paper-based processes used in every previous census. At the centre of this transition are three key digital mechanisms:  

• Mobile Application for Enumerators: Enumerators conducting field visits will use a dedicated mobile application capable of offline data collection and later synchronisation with central systems. This allowss household information to be recorded digitally at the source, reducing dependence on physical census schedules and manual data entry. 

  
  

• Self-Enumeration Portal for Citizens: Residents, particularly in urban areas, will have the option to complete a self-enumeration process through an online portal before an enumerator visit takes place. After submitting their information, households will receive a unique Self-Enumeration ID, which can later be verified by census officials during field verification. The self-enumeration feature is intended to improve convenience, reduce duplication, and streamline the overall enumeration process. 

  
  

• Census Management and Monitoring System: The entire exercise will be coordinated through the Census Management and Monitoring System, a centralised digital platform designed to track enumeration activity across states and districts in near real time. The system is expected to assist authorities in monitoring progress, identifying gaps in coverage, and managing operational challenges during the census period. 

Furthermore, the census itself will be conducted in two separate phases. The first phase will have the house listing and housing census, which will collect data relating to housing conditions, household assets, and amenities. The second phase will be the population enumeration, which is expected to begin in February 2027 and will focus on demographic, social, and economic data relating to individuals.  

Current legal framework and some of it’s shortcomings 

India’s census framework has historically operated under strict confidentiality protections. Section 15 of the Census Act 1948, prohibits individual census data from being made public, accessed under the Right to Information Act, or used as evidence in court proceedings. Only aggregated statistical data can be published. In addition, Section 11 makes unauthorised disclosure of census information by officials a criminal offence.  

However, the shift to a digital census introduces risks that did not exist in the paper-based system. One of the biggest concerns is the use of personal smartphones by more than three million field enumerators to collect and upload sensitive demographic information. These devices are privately owned, used for everyday personal communication, and may not follow uniform cybersecurity standards. As a result, each device effectively becomes a temporary storage point for sensitive household data. 

To address these concerns, government officials have stated that Census will rely on end-to-end encryption during data collection, transmission, and storage. The central servers hosting census data have also been classified as critical information infrastructure, while the broader system is reportedly designed in compliance with ISO/IEC 27001:2022 cybersecurity standards and subject to regular security audits. Despite these assurances, there is limited publicly available information on the exact encryption standards being used, the access control framework governing who can view census data, the protocol for responding to a data breach, or the timeline for anonymising and deleting identifiable records.  

Can’t the DPDP Act help address these shortcomings? 

While the census, in principle, involves the large-scale processing of personal data and should align with the broader objectives of the DPDPA, the reality is more complicated. The Act contains broad exemptions for the state, and the census, operating under the statutory framework of the Census Act, 1948, has historically remained outside the scope of ordinary data protection safeguards. As a result, citizens currently have limited ability to verify, correct, or challenge their census records, with no clearly defined grievance mechanism for cases involving inaccurate data collection or exclusion from enumeration.  

What should be the way forward? 

The way forward should be an attempt to make the 2027 census align with the following DPDPA principles:  

• Firstly, citizens should be given a transparent mechanism to access and correct their digital census records, with a functioning redressal system for errors and exclusions. 

  
  

• Secondly, the government must legally restrict the use of census data exclusively to statistical and welfare purposes, ensuring that the demographic databases generated by this exercise are never integrated into wider surveillance systems without adequate safeguards.  

  
  

• Thirdly, technical transparency must replace vague assurance and the encryption standards, server architecture, access controls must be publicly documented.  

  
  

• Lastly, the government must publish a clear data lifecycle policy, specifying how long identifiable records are stored, who can access raw data, and when anonymisation will occur. 

Conclusion:  

While India has demonstrated its ability to build massive digital infrastructure through initiatives such as Aadhaar, those experiences have also highlighted the importance of strong safeguards for privacy, transparency, and inclusion. Census 2027 carries even greater significance because its data will shape governance, representation, and welfare policy for the next decade. Ensuring that every individual is counted accurately while also protecting sensitive personal data will ultimately be a test not just of technology, but of public trust and institutional accountability. 

Want to know more?  

Learn more about India's data protection environment, compliance frameworks, and in-depth analyses of privacy policies at Tsaaro.com.