Privacy advocates slam India's CBSE for facial matching process 

Occurred: October 2020

India's Central Board of Secondary Education (CBSE) was criticised for using 'facial matching' to identify students accessing and downloading academic documents stored on DigiLocker without using ADHAAR and their telephone numbers.

To access the documents, students had to verify their identities via 'Facial Recognition System, a so-called 'state of the art' facial recognition system provided by India's National e-Governance Division, that matches a human face from a facial dataset stored on a CBSE database.

The CBSE said it expected the system would 'immensely' help foreign students and those who are unable to use or open DigiLocker - an Aadhaar-based cloud-based locker - should they not have an Adhaar Card or use the wrong mobile number. 

However, as noted by MediaNama, the system did not have a privacy policy at launch. The CBSE later said its facial recognition system did not have a privacy policy because it is a 'simple face matching process', something confirmed in its response to a digital rights group Internet Freedom Foundation Right to Information (RTI) request.

This was seen to have failed to explain why the technology, which the CBSE refused to provide information about, was described as a facial recognition system. The Internet Freedom Foundation described the CBSE's 'face matching technology is just facial recognition in disguise.'

Operator: Central Board of Secondary Education (CBSE)
Developer: National e-Governance Division
Country: India
Sector: Education
Purpose: Access documents
Technology: Facial recognition
Issue: Accuracy/reliability; Privacy; Security
Transparency: Governance; Marketing; Privacy

Freedom of information requests 🔦

Page info
Type: Incident
Published: January 2023