The involvement of the executive in the implementation of the data protection law by the data protection authority which might be already compromised removes any doubt about the independence of the DPAs to supervise and enforce data protection law. 4.6 Digital identification systems (DIS) According to the World Bank about 1.1 billion are without identification documents, with an estimated half being in Africa. The Sustainable Development Goal (SDG) 16.9 intends to ensure that everyone has legal identity including birth registration by 2030. To respond to this challenge, the World Bank launched an identification for development effort, though there are several challenges with the DIS. In most countries, there is a notable absence of comprehensive frameworks enforcing data subject rights and mitigating against abuse of persona data. Since DIS are based on large data sets and integrated systems, the abuse of data usually occurs through surveillance, profiling and attended discrimination. The combining of data sets, means data subjects have limited control and knowledge of how their information is being used, including inability to correct inaccurate data, and access personal data. In addition, due to the cross-border data transfers, DIS presents unique challenges of interoperability, enabling data subjects capacity to access services and enforce their rights across borders. This means that DPAs across regions, and borders must be capable of protecting transnational data subject rights. Furthermore, sufficient technical and organisational measures and safeguards are required to protect against unauthorised access. Data Protection Authorities must be involved and be aware of the many stages and steps of development of DIS. This means they have to be active or at the least aware of each data cycle point. From data capturing, DPA must enforce the principles of data collection such as purpose specification. On data hosting, credentials, and services, the DPA must be capable of enforcing the rights in the data protection law. Globally, DIS has been touted as social protection solutions and access to services. For instance, in India the Aadhaar system is a 12 number identification issued to 1,3 billion people after collection of demographic and biometric information linked to personal data such as voter card, passport, driver's licence, bank account, utilities (electricity, gas) mobile phone, education and property. This integrated system presents major risks for data privacy even though it might be advancing other rights. 67 By their very nature, DIS are dependent on large data sets, within public and private sectors. The constitutionality of the Aadhaar system in protection of the right to privacy was challenged in Justice K.S. Puttaswamy Retd. and Another v. Union of India and Others Writ Petition Civil No. of . The majority bench found Aadhaar to be constitutional with a few amendments. The court decided on the constitutionality by weighing privacy rights with other rights, finding that while privacy was important, the Aadhaar system advanced other rights such as dignity, and welfare, which were equally important. PAGE