Introduction

Data linkage refers to the process of combining information from multiple datasets, databases, or sources relating to the same individual, group, event, or entity. The purpose is usually to:

• improve decision-making,
• conduct research,
• identify patterns,
• enhance public services,
• enable surveillance,
• perform analytics,
• support artificial intelligence systems.

Data linkage may involve combining:

• healthcare records,
• banking information,
• biometric databases,
• educational records,
• telecom metadata,
• criminal justice data,
• social media information,
• government databases.

While data linkage offers enormous societal and commercial benefits, it also creates serious legal and ethical concerns involving:

• privacy,
• surveillance,
• consent,
• profiling,
• discrimination,
• autonomy,
• informational self-determination,
• algorithmic bias.

Meaning of Data Linkage

Simple Definition

Data linkage means connecting separate pieces of information about a person or subject from different databases to create a more comprehensive profile.

Example:
A government links:

• tax records,
• Aadhaar information,
• bank accounts,
• telecom records,
• travel history.

This creates a powerful integrated identity system.

Types of Data Linkage

1. Deterministic Linkage

Uses unique identifiers:

• Aadhaar number,
• Social Security Number,
• passport number.

Example:
Linking hospital records through patient ID.

2. Probabilistic Linkage

Uses statistical matching where exact identifiers are unavailable.

Example:
Matching:

• name,
• age,
• address,
• phone number.

3. Anonymous Linkage

Uses anonymized or pseudonymized datasets.

Though names are removed, re-identification risks often remain.

Ethical Issues in Data Linkage

1. Privacy Invasion

Linkage may reveal:

• intimate personal habits,
• medical conditions,
• political opinions,
• religious affiliations.

Even harmless datasets become sensitive when combined.

2. Loss of Informational Autonomy

Individuals lose control over:

• who accesses data,
• how it is combined,
• how long it is retained.

3. Function Creep

Data collected for one purpose gets used for another unrelated purpose.

Example:
Health data used for insurance discrimination.

4. Surveillance Risks

Mass linkage can create:

• surveillance states,
• predictive policing,
• citizen scoring systems.

5. Re-identification

Anonymous datasets can often be re-identified when linked with other databases.

6. Discrimination and Profiling

Linked data may be used to:

• deny loans,
• refuse employment,
• target vulnerable groups.

7. Consent Problems

Most individuals:

• do not understand linkage systems,
• cannot meaningfully consent,
• are unaware of secondary uses.

Legal Principles Governing Data Linkage

A. Purpose Limitation

Data collected for one purpose cannot automatically be linked for another.

B. Data Minimization

Only necessary data should be linked.

C. Necessity and Proportionality

Linkage must be:

• necessary,
• proportionate,
• justified.

Especially in government surveillance.

D. Transparency

Individuals should know:

• what data is linked,
• why,
• by whom.

E. Accountability

Organizations must:

• justify linkage,
• maintain safeguards,
• conduct audits.

F. Security Safeguards

Linked databases create high-value targets for hackers.

IMPORTANT CASE LAWS ON DATA LINKAGE

1. Justice K.S. Puttaswamy v. Union of India (2017)

Puttaswamy Privacy Judgment

Court

Supreme Court of India

Facts

The Aadhaar system involved large-scale linkage of:

• biometric information,
• banking accounts,
• mobile SIM cards,
• welfare databases,
• tax systems.

Petitioners argued:

• excessive linkage enabled mass surveillance,
• privacy rights were threatened,
• centralized databases endangered autonomy.

Legal Issues

1. Whether privacy is a fundamental right.
2. Whether state data linkage systems violate constitutional freedoms.

Judgment

A nine-judge bench unanimously held:

• privacy is a fundamental right under Article 21,
• informational privacy deserves constitutional protection,
• excessive state profiling is dangerous.

The Court recognized that data linkage can:

• create surveillance architectures,
• chill freedoms,
• undermine dignity.

Importance

This is one of the world’s most influential digital privacy judgments.

The Court introduced:

• proportionality doctrine,
• informational self-determination,
• constitutional data protection principles.

Principle Established

Large-scale data linkage requires:

• legality,
• necessity,
• proportionality,
• procedural safeguards.

2. Aadhaar Judgment (K.S. Puttaswamy v. Union of India, 2018)

Aadhaar Constitution Bench Judgment

Facts

The Aadhaar scheme linked biometric identity with:

• welfare services,
• banking,
• telecom,
• taxation,
• education.

Critics argued:

• mandatory linkage created surveillance,
• centralized identity systems endangered privacy,
• exclusion risks harmed vulnerable citizens.

Legal Issues

Whether mandatory linkage of Aadhaar with services violated:

• privacy,
• dignity,
• equality,
• autonomy.

Judgment

The Supreme Court:

• upheld Aadhaar for limited welfare purposes,
• struck down mandatory linkage with bank accounts and telecom SIMs,
• emphasized proportionality and data minimization.

The Court warned against:

• “electronic profiling,”
• aggregation of personal data,
• excessive state control.

Importance

The judgment became globally important in digital identity law.

Principle Established

Data linkage must remain limited to lawful and necessary objectives.

3. S. and Marper v. United Kingdom (2008)

S. and Marper v. United Kingdom

Court

European Court of Human Rights

Facts

UK authorities retained:

• fingerprints,
• DNA profiles,
• biometric records

of individuals who were never convicted.

The data was linked with criminal databases.

Legal Issue

Whether indefinite retention and linkage of biometric databases violated privacy rights.

Judgment

The Court held:

• blanket retention was disproportionate,
• biometric linkage systems deeply interfere with privacy,
• democratic societies require limits on state databases.

Importance

The case significantly influenced:

• biometric laws,
• forensic database regulation,
• police surveillance limits.

Principle Established

Biometric linkage systems require strict proportionality safeguards.

4. Digital Rights Ireland Ltd. v. Minister for Communications (2014)

Digital Rights Ireland Data Retention Judgment

Court

Court of Justice of the European Union (CJEU)

Facts

EU law required telecom companies to retain metadata:

• calls,
• location data,
• internet records.

Governments could later link these datasets for investigations.

Legal Issue

Whether mass retention and possible linkage of metadata violated privacy rights.

Judgment

The CJEU invalidated the Data Retention Directive.

The Court held:

• indiscriminate retention enables detailed profiling,
• metadata linkage reveals intimate aspects of life,
• blanket surveillance violates fundamental rights.

Importance

The judgment transformed global surveillance law.

Principle Established

Mass metadata linkage without individualized suspicion is unconstitutional.

5. Carpenter v. United States (2018)

Carpenter v. United States

Facts

Police accessed historical cell-site location information (CSLI) from telecom providers.

By linking location records, authorities reconstructed:

• movements,
• associations,
• behavioral patterns.

Legal Issue

Whether warrantless collection and linkage of location metadata violated constitutional protections.

Judgment

The U.S. Supreme Court held:

• extensive location tracking invades reasonable expectations of privacy,
• digital linkage enables near-perfect surveillance,
• warrants are generally required.

Importance

This became a landmark digital surveillance decision.

Principle Established

Location data linkage can reveal the “privacies of life.”

6. Google Spain SL v. Agencia Española de Protección de Datos (2014)

Google Spain Right to Be Forgotten Judgment

Facts

Search engines linked scattered online information about individuals into unified searchable profiles.

Mario Costeja argued:

• old debt information remained searchable,
• aggregation magnified reputational harm.

Legal Issue

Whether search engine indexing and linkage violate privacy rights.

Judgment

The Court recognized:

• search engines intensify privacy intrusion through aggregation,
• linked searchability changes the nature of information exposure.

Google was ordered to remove certain links.

Importance

This established:

• right to erasure,
• limitations on digital aggregation,
• accountability of data intermediaries.

Principle Established

Data linkage can amplify privacy harms even where original data is lawful.

7. Schrems v. Data Protection Commissioner (Schrems I & II)

Schrems Data Transfer Judgments

Facts

Max Schrems challenged transfer of Facebook user data to the United States.

Concerns included:

• intelligence agency access,
• large-scale data integration,
• surveillance linkage systems.

Legal Issues

Whether cross-border linked processing exposed individuals to disproportionate surveillance.

Judgments

The CJEU invalidated:

• Safe Harbor framework,
• later Privacy Shield mechanism.

The Court found:

• surveillance access lacked proportionality,
• linked intelligence databases endangered privacy rights.

Importance

These judgments reshaped international data transfer law.

Principle Established

Cross-border data linkage must satisfy strict human rights protections.

8. United States v. Jones (2012)

United States v. Jones GPS Surveillance Case

Facts

Police installed a GPS tracker on a suspect’s vehicle and monitored movements continuously.

Data linkage created comprehensive movement profiles.

Legal Issue

Whether prolonged tracking and aggregation violated constitutional protections.

Judgment

The Supreme Court held:

• prolonged surveillance creates intrusive personal profiles,
• aggregated data changes privacy analysis.

Several judges emphasized:
“mosaic theory” — small pieces of linked information create extensive surveillance power.

Importance

The case influenced modern debates on:

• AI surveillance,
• predictive policing,
• behavioral analytics.

Principle Established

Aggregated linked data creates greater constitutional concerns than isolated data points.

9. NHS England and DeepMind Royal Free Hospital Controversy

DeepMind

Facts

Royal Free Hospital transferred patient data to DeepMind for healthcare analytics.

The linkage included:

• medical histories,
• patient identifiers,
• treatment records.

Millions of records were shared.

Legal Issue

Whether large-scale health data linkage occurred without proper legal basis or informed consent.

Findings

UK regulators found:

• transparency failures existed,
• patients were insufficiently informed,
• lawful processing standards were not fully satisfied.

Importance

The case became globally significant in:

• AI ethics,
• healthcare analytics,
• linked medical datasets.

Principle Established

Public-interest innovation does not eliminate privacy obligations.

10. Cambridge Analytica–Facebook Data Scandal

Cambridge Analytica Facebook Data Scandal

Facts

Facebook user data was harvested and linked with:

• psychographic profiling,
• voter databases,
• behavioral analytics.

The linked datasets enabled targeted political influence campaigns.

Legal Issues

1. Whether users validly consented.
2. Whether linked profiling undermined democratic processes.

Consequences

Investigations revealed:

• weak consent systems,
• misuse of linked behavioral data,
• manipulative profiling practices.

Massive regulatory scrutiny followed globally.

Importance

This scandal transformed global understanding of:

• algorithmic profiling,
• political microtargeting,
• surveillance capitalism.

Principle Established

Data linkage can threaten not only privacy but democracy itself.

Ethical Theories Relevant to Data Linkage

A. Utilitarian Approach

Supports linkage if:

• social benefits outweigh harms.

Example:
Disease surveillance systems.

B. Rights-Based Approach

Emphasizes:

• consent,
• dignity,
• autonomy,
• privacy.

C. Justice-Based Ethics

Focuses on:

• fairness,
• non-discrimination,
• equitable treatment.

D. Deontological Ethics

Certain forms of surveillance may be inherently unethical regardless of utility.

Major Regulatory Approaches

GDPR (European Union)

Requires:

• lawful basis,
• purpose limitation,
• data minimization,
• DPIAs for high-risk linkage.

Indian DPDP Act, 2023

Emphasizes:

• consent,
• lawful processing,
• purpose-specific use,
• safeguards.

OECD Privacy Principles

Promote:

• transparency,
• accountability,
• collection limitation.

Best Practices for Ethical Data Linkage

1. Privacy by Design

Embed safeguards from the beginning.

2. Data Minimization

Link only necessary information.

3. Independent Oversight

Ethics boards and audits.

4. Encryption and Security

Protect linked databases.

5. Transparency Notices

Inform individuals clearly.

6. Anonymization Controls

Reduce re-identification risks.

7. Algorithmic Accountability

Audit profiling systems for bias.

Conclusion

Data linkage is among the most powerful tools in the digital age. It can:

• improve healthcare,
• enhance governance,
• support research,
• enable innovation.

At the same time, it can:

• create surveillance infrastructures,
• erode privacy,
• facilitate discrimination,
• undermine democracy.

The major principles emerging from global case law are:

1. Privacy is a fundamental right.
2. Aggregated linked data creates greater risks than isolated data.
3. Proportionality and necessity are essential safeguards.
4. Consent and transparency are critical.
5. Mass surveillance through linkage threatens constitutional freedoms.
6. Ethical governance must accompany technological capability.