Defender of your Digital Freedom

All Posts | Oct 29,2020

Letter to Telangana Government Against Mandatory Aadhaar Data for Non-Agricultural Land Records

Letter to Telangana Government Against Mandatory Aadhaar Data for Non-Agricultural Land Records

As Telangana's Dharani Portal goes live today, we wrote to Government of Telangana against mandatory Aadhaar requirement and caste details for updating non-agricultural property records. These details have to be updated on Telangana State Non Agricultural Property Book mobile application. The manual for this application also provides for mandatory updation of Aadhaar and caste details of persons. The said steps have been undertaken under the newly passed Revenue Bill, 2020 by the Telangana Assembly which is yet to receive Governor's assent.

We wrote to Government to Telangana that they are in violation of the judgment of the Supreme Court in Justice Puttaswamy v. Union of India (2019 (1) SCC 1)wherein it was held that Aadhaar is mandatory only for:

a. filing IT returns; and

b.for availing government subsidies from the Consolidated Fund of India.

The Supreme Court also struck down S. 57 of the Aadhaar Act which permitted use of Aadhaar by the State or any body corporate or person, in pursuance to any contract. The Supreme Court categorically recognized certain data protection principles such as data minimization, purpose limitation , data retention and data security as relevant factors in determining whether the provisions of particular legislation are in conformance with an individual's right to privacy. The State of Telangana has not justified this in the terms of any of these principles.

It is also unclear as to why and how caste data, even though required in broad categories, is relevant in the context of digitisation of non-agricultural property records. 

Through this letter, we have urged the government of Telangana to reconsider these steps and to follow principles of data proportionality and minimisation. 

[pdfjs-viewer viewer_width=0 viewer_height=800 url=undefined download=true print=true fullscreen=true fullscreen_target=false fullscreen_text="View%20Fullscreen" zoom=auto ]

All Posts | Apr 12,2019

A ‘Digital Rights Reform Agenda’ for India – What Have Political Parties Missed Out this Election Season?

Yesterday, India entered 7-phases of national elections spanning a little over a month. This election season, we bring to you a ‘Digital Rights Reform Agenda’ which is missing from most political parties’ promises and manifestos. We believe that these topics should be on the agenda list of all political outfits in India claiming a stake on parliament seats. A list of key digital rights issues worthy of political importance are (more…)

All Posts | Apr 04,2019

A Look at Party Manifestos for the 17th Lok Sabha Elections- Will Political Parties Defend Our Digital Freedom?

The 7-phase, 17th Lok Sabha elections will begin on April 11, 2019 and continue until May 19, 2019. Five major national parties – Indian National Congress, Bharatiya Janta Party, Communist Party of India (Marxist), Communist Party of India and All India Trinamool Congress have released their manifestos[fn]CPI (M) Election Manifesto, https://cpim.org/pressbriefs/cpim-election-manifesto-17th-lok-sabha;

CPI Election Manifesto, https://www.communistparty.in/blog/election-manifesto-of-the-communist-party-of-india-for-the-17th-lok-sabha-elections-2019;

TMC Election Manifesto, http://aitcofficial.org/wp-content/uploads/2019/03/TMC-MANIFESTO-Eng.pdf;

INC Election Manifesto, https://manifesto.inc.in/en/index.html

BJP Election Manifesto, http://www.documentcloud.org/documents/5798075-Bjp-Election-2019-Manifesto-English.html[/fn], outlining party priorities and future course of action the parties promise to take if voted to power. At of the time of publication of this post, Aam Aadmi Party has not released its manifesto. We will update this blog as and when it is published. Acknowledging the indispensable role of digital technology in society and its capacity to impact our human rights, most party manifestos have touched upon digital rights.

We studied these manifestos and have captured promises made by these five national parties on digital rights. Kindly refer to the following table for a comparison:

All Posts | Jan 08,2019

What has been changed in the Aadhaar Amendment Bill?

On Wednesday, 02 January 2019, we got our first look at The Aadhaar and Other Laws (Amendment) Bill, 2018. On Friday, 04 January 2019, this Bill was passed by the Lok Sabha. We compared this Bill with the existing provisions under The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and the Supreme Court’s judgment in Justice K.S. Puttaswamy (Retd.) & Anr. vs Union of India & Ors. [W.P. (C) 494/2012], better known as the Aadhaar case.

The word 'Regulation' below refers to the Aadhaar (Authentication) Regulation, 2016.



Supreme Court’s Observations in 

Law before SC's Judgment

Change proposed in the Amendment

Our Comments

Alternate means of establishing identity

To avoid exclusion of deserving beneficiaries, the Court recommended that suitable provisions be made in concerned regulations for establishing identity by alternate means.

Section 2(a) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3;”


The proviso to Section 7 reads as "Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service."

Amendment to Section 2(a):

Alternative virtual identity included under definition of Aadhaar number.


Amendment to Section 3:

Virtual identity will be an alternative to actual Aadhar number.

"The Proviso to Section 7 has been interpreted in the past by the Executive to apply to only those people who have applied for an Aadhaar number but have not yet been assigned a number by UIDAI.

The changes to Sections 2(a) and Section 3 do not solve the issue of deserving beneficiaries being excluded. This is not an alternate means to establish identity. This method still requires the person whose identity needs to be established to be registered in the Aadhaar database. In order to comply with the Supreme Court's judgment, other forms of ID must be made acceptable as an alternative to an Aadhaar number."

Enrolment of children

1. Consent of parents/guardian is essential for enrolment of children under the Aadhaar Act.

2. Enrolled children shall be given the right to exit from Aadhar upon attaining the age of majority.

3. No Child shall be deprived of benefits if Aadhaar number is not produced. In this case verification on identity can be done on the basis of any other documents.

There was no such provision in the earlier law.

Section 3A inserted:

1. Consent of parent/ guardian of child for enrollment will be essential.

2. Application for cancellation of Aadhar number can be made by a child within a period of six months of attaining eighteen years of age.

3. No denial of subsidy or service to any child if Aadhar not produced.

Six month period for exiting the Aadhaar ecosystem is too short. In case where a person misses the six month limitation period there is no option to exit.

Authentication records

Regulation 26(c) of Aadhaar (Authentication) Regulation, 2016 has been struck down as it pertains to authentication transaction related to metadata.

Regulation 26 of 2016 Regulation requires that Authority shall store and maintain authentication transaction data, which shall inter alia contain information on meta-data related to transaction.



Residents and illegal immigrants

State directed to take suitable measures to ensure illegal immigrants do not avail benefits.

No such provision in the earlier law.


Action on this is awaited.

No change has been introduced by the Amendment.

Data retention

Data retention beyond six months is impermissible.

Regulation 27 of Aadhar (Authentication) Regulations, 2016 providing data retention for 5 years stuck down.

Regulation 27: Duration of storage:

(1) Authentication transaction data shall be retained by the Authority for a period of 6 months, and thereafter archived for a period of five years.

(2) Upon expiry of the period of five years specified in sub-regulation (1), the authentication transaction data shall be deleted except when such authentication transaction data are required to be maintained by a court or in connection with any pending dispute.


Updated regulation awaited.

Restriction on sharing of information

Presently, Aadhaar (Sharing of Information) Regulations, 2016 has no provision which impinges privacy rights of Aadhar card holders. (Section 29)




Disclosure of information

Read down Section 33(1):

A. Individual whose information is sought to be released to be given an opportunity of hearing.

B.Individual to be given the right to challenge disclosure of his/her information.

Sec 33(2) struck down with liberty to enact a suitable provision:

Determining if information disclosure is in the interest of national security will be done by-

a.Officer higher than rank of Joint Secretary

b.Application of judicial mind. (Judicial Officer/preferably sitting judge of High Court)

Section 33(1): Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a District Judge:

Provided that no order by the court under this sub-section shall be made without giving an opportunity of hearing to the Authority.


Section 33(2): Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government:

Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:

Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.

Amendments made to Section 33:

A.Under Section 33(1)(b) provides opportunity of hearing to the Aadhar holder.

B. Under Section 33B an aggrieved individual can appeal to TDSAT within a period of 45 days from the date of receipt of order.

C. Officer not below the rank of a Secretary will determine whether disclosure is in national interest.

D. Section 33A provides for civil penalties in case of in case of failure to comply with provisions of the Act/rules/regulations and directions.

E. Under Section 33B an officer not below the rank of a Joint Secretary shall be the adjudicating officer for holding inquiry.

The court had directed that a higher official in association with application of judicial mind determine the grounds of disclosure under Section 33(2).The Amendment did take cognizance of the judgment and prescribed for officer not below the rank of Joint Secretary. However as directed by the Court, the amendment finds no mention of determination by a judicial authority/officer.

Despite being criticized by the Majority judgment in the Aadhaar matter, the amendment fails to address the issue with respect to concentration of powers that lie with the Executive and lack of accountability.

The proposed amendment inserted a new provision on civil penalties. Even this change does not prescribe for application of judicial mind for the purpose of adjudication in event of failure to comply with the provision of the Act.

Thus, the amendment is not in consonance with the Aadhaar judgment.

Cognizance of complaints

Modification of Section 47: Include provision for filing complaints by an individual/victims.

Section 47:

(1) No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorised by it.

(2) No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate shall try any offence punishable under this Act.

Proviso has been inserted in Section 47. It enables the court to take cognizance of a complaint made by the Aadhar holder.

Until now, the court could take cognizance of an offence on a complaint made by only the UIDAI or an officer or a person authorised by it. The proviso also empowers an aggrieved individual to file complaints.

Establishing identity of individual for any purpose

There are two aspects to the Court's judgment on Section 57.


One part of the Section has been read down:

The provision is susceptible to misuse as it can be used to establish identity of an individual 'for any purpose'.

A. The 'purpose' in this Section has been read down to mean a purpose backed by law.

B. Any law made on this would need to be subjected to judicial scrutiny.


Another part of Section 57 has been held to be unconstitutional:

The part of this Section enabling body corporate and individuals to seek authentication is unconstitutional as:

A. Establishing identity for a purpose pursuant to any contract is impermissible as it is not backed by law and therefore does not meet test of proportionality.

B. Authentication services based on contract between individual and body corporate or person would:

B1. Enable commercial exploitation of individual biometric and demographic information by private entities.

B2. Impinge on right to privacy of individual.

Section 57:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Section 57 has been omitted.

However, the Act now provides for voluntary use of Aadhaar number for authentication or offline verification.

To enable this, Section 4 (Properties of Aadhaar number) of the Act has been amended to allow verification of the Aadhaar number on voluntary basis with informed consent of the Aadhar number holder.

To facilitate this, the Amendment Bill seeks to amend Section 4 of Telegraph Act, 1885 and insert a new section 11A under PMLA.

The Bill removes section 57 from the Aadhaar Act. This omission is in compliance with the Aadhaar judgment.

However, the prescribed amendments to the PMLA Rules and Telegraph Act are contrary to the ratio of the majority judgement in Justice K.S. Puttaswamy (Retd.) v. Union of India & Ors. [W.P. (C) 494/2012].

In the Aadhaar judgment, J.Sikri in his majority judgment stated that apart from authorising the State, even ‘any body corporate or person’ is authorised to avail authentication services. This can be on the basis of purported agreement between an individual and such body corporate or person. Even if we presume that the legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of individual biometric and demographic information by the private entities.

The part of Section 57 that allowed for people to voluntarily provide their Aadhaar number to body corporates and individuals, especially on the basis of a contract between the person providing the Aadhaar number and the person acquiring / authenticating the Aadhaar number, has been held to be unconstitutional by the Supreme Court of India. The amendment to Section 4 of the Act would re-implement a clause that has already been ruled to be unconstitutional. This would raise the likelihood of fresh litigation on an aspect of law that has already been settled.



All Posts | Jan 02,2019

The Aadhaar and Other Laws (Amendment) Bill, 2018


Today, the Central Government introduced, The Aadhaar and Other Laws (Amendment) Bill, 2018 in the Lok Sabha. The Bill seeks to amend the Aadhaar Act, 2016 to comply with the conditions as set out in the Aadhaar judgment of the Supreme Court (Justice KS Puttaswamy v. UOI) [WP (Civil) No. 494 of 2012] and amend the Indian Telegraph Act, 1885 and the Prevention of Money-Laundering Act, 2002 to introduce voluntary linking of Aadhaar details with mobile connections and bank accounts.

For key highlights of the Aadhaar judgment, you may click - here and for reporting unwarranted requests of linking Aadhaar, you may click - here.

A copy of the Aadhaar and Other Laws (Amendment) Bill, 2018 may be accessed here:

All Posts | Dec 24,2018

Technology Policy Developments in India: 2018

As we tread towards the end of the year, 2018. SFLC.in brings you a summary of Tech-Policy developments for the year. We at SFLC.in, participated in some interesting technology policy initiatives in 2018. After the Right to Privacy judgment and EU GDPR, India this year saw extensive activity on the tech-policy front, TRAI submitted its recommendation on privacy, B.N Srikrishna Committee presented the draft of the first Personal Data Protection Bill and the much awaited Aadhaar verdict was delivered by the Constitutional bench. Apart from these, the sphere saw various initiatives, they can be summarized as follows:

Item No.


Policy Initiative/ Document



April 25, 2018

Social Media Communications Hub (SMCH)

The Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”) stating its intent to establish a Social Media Communication Hub, which would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications etc.

The proposal was challenged in the Supreme Court by Trinamool Congress MP, Mahua Moitra.

The project was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018.

SFLC.in live tweeted the developments in the matter. There were multiple points of concern regarding the SMCH Bid Document, a few of the issues are highlighted here: https://sflc.in/social-media-communications-hub-privacy-nightmare


May 1, 2018

Draft National Digital Communications Policy.

The Department of Telecommunication released the draft with an objective of inviting public comments/ inputs to make the National Digital Communications Policy-2018 a robust document and an enabler for achieving the desired goals. Stakeholders comments were invited until 1st June 2018.

The Draft policy has been quite broad in terms of recognizing and outlining various issues that have an impact on communications network in India. A few significant issues that were highlighted: access to Internet, net neutrality, data protection and privacy, to name a few.

SFLC.in analysed the policy and submitted it’s comments based on its extensive research on issues of access and open source softwares.


May 22, 2018

Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018

Salient Features:

  1. All organisations having “Protected System”(U/s 2(k); primary covers government organisations) shall constitute an Information Security Steering Committee(ISSC) under the chairmanship of CEO/MD/Secretary.

  2. Mandate of ISSC includes approving information security policies of Protected Systems; setting mechanisms for timely communication of cyber incidents; sharing information security audits etc.

  3. Nominate Chief Information Security Officer (CISO) as provided in “Guidelines for Protection of Critical Information Infrastructure”

  4. Establish, monitor and continually improve Information Security Management System (ISMS) of the Protected System.


June 4, 2018

NITI Aayog published India’s strategy document on Artificial Intelligence

It was published by NITI Aayog on June 4, 2018 by NITI Aayog. It identified 5 priority sectors for leveraging AI: Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. Besides, it deliberated on challenges, ethical, privacy, security issues related to AI and skill development.

SFLC.in analysis can be found here - https://sflc.in/welcome-ai-indian-governments-ambitious-policy-proposal

CEO Amitabh Kant informed that a task force would be setup for speedy implementation of the suggestions; setting up COREs (centres of research excellence) and ICTAIs (international centers of transformational AI).


July 16, 2018

Telecom Regulatory Authority of India (TRAI) issued: Recommendations on "Privacy, . Security and Ownership of Data in the Telecom Sector".

TRAI had suo-moto issued recommendation on "Privacy,

Security and Ownership of Data in the Telecom Sector". The recommendations analyses if the current data protection framework is adequate. The recommendations dealt with certain important issues such as: control over data, data security, cross border data transfers among others, consent, data minimization and encryption among others.

The DoT stated that they would currently not take up these recommendations, and they referred the same to B.N Srikrishna Committee.

SFLC.in actively participated both rounds of consultation process. Comments and counter-comments to TRAI consultation may be accessed at:https://privacy.sflc.in/our-comments-on-the-trai/ & https://privacy.sflc.in/our-counter-comments-on-the-trai-consultation-paper-on-privacy-security-and-ownership-of-data-in-the-telecom-sector/


July 27, 2018

The Personal Data Protection Bill, 2018

The Bill has recognized the right to privacy as a fundamental right and protection of personal data as an essential facet of informational privacy. It provides for data protection obligations such as purpose and collection limitation, notice and consent regime; provides stricter consent requirements for sensitive personal data and personal data of children; sets up enforcement and grievance redressal mechanism and various other provisions related to data protection. However, there are certain issues with the bill as well. These include data localisation, lack of independence in Data Protection Authority of India, wide exemptions, online surveillance, independence of data protection officers among others.

SFLC.in’s contribution: Team submitted comments on the draft bill, which may be accessed: https://privacy.sflc.in/our-comments-draft-data-protection-bill/.


July 27, 2018

Justice BN Srikrishna Committee Report

The Personal Data Protection Bill, 2018 came along with the J. BN Srikrishna Committee Report. Its key focus areas include consent and notice; data ownership and user rights, data processing, data protection officers/authority, jurisdiction and data localisation, protection against surveillance etc. The committee elicited public consultations, comments until Jan., 2018.

SFLC.in’s Contribution: SFLC.in was at the forefront of public consultations and submitted comments. Prior to submitting the comments, team organized series of round-table discussions in Delhi, Mumbai, Bangalore and Kochi to understand the perspective of various stakeholders. Report of these events is located at: https://sflc.in/summary-report-series-discussion-personal-data-protection-bill-2018.


July 31, 2018

DoT’s approval of TRAI’s recommendations on Net Neutrality

TRAI released its recommendations on Net Neutrality in November, 2017 These included:

  1. Prohibiting discriminatory treatment of content, updating license agreements for ISP to incorporated principles of non discriminatory treatment of content

  2. Setting up a multistakeholder watchdog under DoT for enforcing net neutrality, website blocking by government/court orders kept outside the ambit; IoT kept within the ambit of net neutrality.

In July, 2018, the Telecom Commission approved these recommendations.


Sept 26, 2018

Justice K.S. Puttaswamy (Retd) & And vs. UOI & Ots (CWP 494 (2012))

(Aadhaar Judgment)

The Supreme Court delivered its much awaited judgment in the Aadhaar case, wherein it upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations.

Major Features of the judgment can be accessed here: https://sflc.in/key-highlights-aadhaar-judgment, FAQ on the Aadhaar judgement: https://sflc.in/faqs-aadhaar-judgment


November 28, 2018

State of Rajasthan Government: No more Internet Shutdowns for prevention of cheating in examinations.

A Public Interest Litigation challenging orders that were promulgated to impose Internet Shutdowns in Rajasthan to prevent cheating in examinations was filed at the Jodhpur High Court, located in the State of Rajasthan on 25th July 2018.

Home Department of Rajasthan submitted an additional affidavit stating that the suspension of Internet Services for conducting examinations does not fall in the ambit of ‘public safety’ or ‘public emergency’ as provided under the Temporary Suspension of Telecom Services Rules, 2017. In the light of the said affidavit filed by the State of Rajasthan, a division bench comprising of Justice Sangeeta Lodha and Justice Dinesh Mehta disposed off the matter, on Wednesday, 28th November 2018.

Read more at: https://sflc.in/home-department-state-rajasthan-no-more-internet-shutdowns-prevention-cheating-examinations


December 20, 2018

Ministry of Home Affairs notified certain competent authorities under sub-section (1) of Section 69 of IT Act 2000.

In the exercise of powers conferred upon sub-section (1) of Section 69 of IT Act 2000 read with rule 4 of the IT Rules 2009, Ministry of Home Affairs notified the following authorities as competent authority:

Intelligence Bureau, Narcotics Central Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate  of Revenue Intelligence, CBI, NIA, RAW, Directorate of Signal Intelligence, & Commissioner of Police, Delhi.


All Posts | Nov 28,2018

SFLC.in at IGF 2018, Paris: Overview of Panel Disucssion by Mozilla on Privacy and the Luxury to Disconnect

The 13th Internet Governance Forum (“IGF”) was hosted by the Government of France at the headquarters of UNESCO in Paris from 12 to 14 November 2018. The overarching theme for the event was ‘Internet of Trust’.

The IGF is a global multi-stakeholder platform to exchange information and share good policies and practices relating to the Internet and related technologies. The IGF also gives stakeholders from all countries, including developing countries, the opportunity to engage in the debate on Internet governance and it contributes to capacity building, allowing these stakeholders to build knowledge and skills that will facilitate their participation in existing Internet governance institutions and arrangements.

This year, at IGF, SFLC.in was part of a panel organized by Mozilla on - ‘Has it become a luxury to disconnect?’ and also gave a lightning talk on ‘Internet Shutdowns in India’. SFLC.in was represented by Shashank Mohan on both sessions at the IGF.

We wish to bring you summaries of these sessions at the IGF, as two posts.

(For a summary of our lightning talk on Internet Shutdowns in India at the IGF in Paris, please click here)

Summary of the panel discussion by Mozilla - ‘Has it become a luxury to disconnect?’

Panel: Cathleen Berger, Mozilla (Organizer and Moderator); Solana Larsen, Mozilla (Speaker); Ephraim Percy Kenyanito, Article 19 (Speaker); and Shashank Mohan, SFLC.in (Speaker).

Key issues discussed by the panel:

  • Has it become a luxury to disconnect? With technology occupying each and every strata of human society and with the push to bring everyone online, do we risk the permanent loss of choice?

  • In a world where convenience and social norms hold high currency in human society, where does privacy stand and is there a global socio-economic divide on access to privacy?

  • How does privacy, or the lack of it, affect the rights of different sections of society, such as – child rights, LGBTQ+ rights, free speech, mobile finance etc.?


The discussion started with the moderator (Cathleen Berger, Mozilla) requesting each member to discuss a personal story on how they protect their privacy and what have been some challenges associated with such protection. Has it become expensive nowadays to get better protection, both security and privacy wise?

Solana Larsen (Mozilla) narrated her story about how she is navigating the world of technology with her 6-year old daughter. She stated that children are vulnerable whether online or offline and how we choose to connect our children is something that determines how much they are at risk from bad actors. We might not know the extent of the risk of sharing extensive personal data about our children until they're older, she said. Solana also pointed out to the reverse digital divide, where people who are less affluent and have less access to education and resources, let their kids spend more time with video games and cell phones as compared to more affluent people.

Shashank Mohan (SFLC.in) shared his story on Aadhaar and how after a government mandate, he had to enter the Aadhaar program to link his tax filings with the Aadhaar ID. He further went on to talk about the Indian Supreme Court’s privacy judgment, wherein the court recognized privacy to be a fundamental right under the right to life and liberty. He also pointed out that a couple of months back the Supreme Court of India upheld the constitutionality of the Aadhaar program by allowing the Indian government to mandatorily ask citizens to link their Aadhaar Ids with subsidies and benefits. With benefits, subsidies and tax filings linked to the Aadhaar, most Indians have been forced into the government’s Aadhaar scheme, without an option of opting out, he said.

Ephraim Percy Kenyanito (Article 19) talked about his experience in Kenya and how in 2010-11 citizens were being asked by political parties to be registered with them. Political parties were often getting personal data from telecom companies, as most citizens were registered with telecom companies to get access to mobile money. He said that this debate gave an insight into how financial inclusion was deeply linked with privacy and data protection. Similarly in 2014, in Kenya the government issued a contract for surveillance cameras to increase police protection and that time he tried to talk to the government to ensure that such data was secure and was not used to identify other common citizens.

Subsequently, the moderator (Mozilla) raised the question about the definition of privacy around the world. Shashank (SFLC.in) pointed out that according to the Supreme Court of India, privacy is defined to be strongly linked with the dignity and integrity of people and is declared to be a fundamental human right integral to the right to life and liberty. The moderator (Mozilla) pointed out that in Germany privacy was deeply entrenched in the social fabric of the larger community. Solana (Mozilla) added that as per her, currently, people are extremely confused about how much privacy they want and whether privacy is a good thing or a bad thing. Every year people’s perceptions are changing – some people value security more than privacy and the others wish for stronger anonymity and encryption norms. She stated that, we want connectivity and we want people to be connected, but at same time, we're also trying to find a balance and help decision makers navigate the space without falling into the trap of over reliance or censoring and limiting movement and freedom of thought and speech.

Shashank (SFLC.in) also pointed out that in the Aadhaar case, the Supreme Court of India has stated that under the scheme only minimal data was collected. With finger prints, iris scans and demographic information – how is the collection of data minimal, he questioned. With concepts like data localization and social media monitoring hubs, the Indian government was pushing for increasing access to the personal data of Indian citizens.

Key takeaways:

  • Privacy is a concern across the world, but different countries have varying outlooks of its importance. In parts of the world like Kenya and India, it can be said that disconnecting is a luxury.

  • People with lesser access to education and resources form part of a reverse digital divide, wherein children from such families may be at a greater risk as they tend to spend more hour interacting with video games or cell phones.

  • We need to encourage the adoption of social norms around data sharing and raise awareness about privacy concerns.

  • Governments and corporations need to be challenged and held accountable for adoption of policies which are not privacy friendly. Collection of data and intrusions to privacy need to be necessary and proportionate.

For our post on the key highlights of the Aadhaar judgment, you may click here and for our press release on the privacy judgment of the Supreme Court of India, you may click here.

All Posts | Nov 27,2018

Someone still asking for Aadhaar? Let us know!

Contrary to the Supreme Court’s judgment, some entities are still asking for Aadhaar

A nine judge bench of the Supreme Court delivered its verdict on Aadhaar on September 26, 2018 wherein the majority view, comprised of - Dipak Misra CJI., AK Sikri J., AM Khanwilkar, J. and Ashok Bhushan J. (though Bhushan J. dissented with the majority on certain points) upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations. DY Chandrachud J. delivered a dissenting opinion declaring the entire Aadhaar scheme along with the Act to be unconstitutional.

“Benefits” and “services” as mentioned in Section 7 of the Aadhaar Act, the expenditure for which is derived from the Consolidated fund of India will require mandatory furnishing of Aadhaar, the judgment noted.

The Supreme Court also upheld Section 139AA of the Income Tax Act, under which every citizen who is eligible to obtain Aadhaar must quote either their Aadhaar Number or the Enrolment ID while filing Income Tax Returns or applying for PAN. However, we have come across instances wherein Aadhaar is being asked for, for the purpose of availing banking services and for recording attendance in colleges.

Apart from the above mentioned, Aadhaar is NOT mandatory for availing any other services like banking and telecom. Please refer to our FAQs for further information on this.

We have curated a list that contains instances of violations of the Supreme Court’s judgment, the data for which has been gathered from secondary sources mainly.

A lot of times, violations of the judgment are not reported by the media, and therefore we are creating a citizen reporting mechanism. Write to us at mail@sflc.in or send us a DM on our twitter handle (@SFLCin) if you come across any violation of the Supreme Court judgment and we shall help you by drafting contempt letters that can be sent to the violating entity.



Violating entity

Kind of violation

1. 16/11/18


Jawaharlal Nehru Technological University, Hyderabad and all affiliate colleges

Aadhaar based Biometric attendance made mandatory for B.Tech students

2. As of Nov.27, 2018


Canara Bank

Aadhaar based e-KYC

3. As of Nov.27, 2018


Syndicate Bank

Aadhaar based e-KYC

4. As of Nov. 29, 2018


LazyPay (Android app)


Aadhaar based KYC

5. As of Dec. 2, 2018



The website requires Aadhaar for withdrawal of PF;

Process life certificate for EPFO

6. As of Dec 3, 2018


Darpan ID


Aadhaar of board members necessary for getting the Darpan ID for NGOs.

7. As of Dec 3, 2018

HDFC Payzapp wallet


Aadhaar based KYC


8. Not known

Air Force Common Admission Test


Online Registration





All Posts | Oct 18,2018

FAQs on the Aadhaar Judgment

1. Can Aadhaar be required for getting a new mobile connection? Is linking Aadhaar with mobile number mandatory?

No. The Supreme Court of India in Justice K. S. Puttaswamy (Retd.) and Anr. v. Union Of India And Ors. (CWP 494 of 2012) has held that mobile service companies cannot ask for Aadhaar from subscribers. The majority opinion held that the circular dated March 23, 2017 mandating linking of mobile number with Aadhaar is illegal and unconstitutional as it is not backed by any law.

2. I enrolled for Aadhaar when I was a minor. Can I opt out of it now as I have turned a major?

For the enrolment of children under the Aadhaar Act, it would be essential to have the consent of their parents/guardian. On attaining the age of majority, such children who are enrolled under Aadhaar with the consent of their parents shall be given the option to exit from the Aadhaar project if they so choose in case they do not intend to avail welfare benefits or services.

3. Is Aadhaar mandatory for children under the age of 14 for enrolment in schools?

No. The Supreme Court has held that Aadhaar cannot be made mandatory for securing admission in schools as it is neither a subsidy nor a service. Moreover, Right to Education is a fundamental right under Art 21A and thus cannot be subjected to procedural handicaps.

4. Is Aadhaar mandatory for children under the age of 14 for availing social benefits and schemes?

The Court has held that for the scheme- Sarv Shiksha Abhiyaan, Aadhaar cannot be made mandatory. However, for other social benefits, Aadhaar may be insisted. But, it would be subject to the consent of the parent.

The court has reiterated that no child can be denied social sector benefits for want of Aadhaar.

5. Is Aadhaar mandatory for enrolment in colleges and sitting in competitive entrance exams?

The Court while defining ambit of ‘benefits’ and ‘services’ under section 7 of the Aadhaar Act, held that these would cover only those instances where expenditure has been drawn from the Consolidated Fund of India. On that basis, CBSE, NEET, JEE, UGC, among others cannot mandatorily ask for Aadhaar as they are outside the purview of Section 7 and are not backed by any law.

6. Can private companies demand Aadhaar as a means to verify identity?

The Court has struck down Section 57 of the Aadhaar Act which provided for ‘use of Aadhaar number for establishing the identity of an individual for any purpose’. So, private entities cannot ask for Aadhaar to verify identity.

7. Is linking Aadhaar with bank account mandatory?

No, the Supreme Court has held that Aadhaar cannot be demanded by banks while opening a bank account. Aadhaar linking is not necessary for existing bank accounts as well.

8. Is Aadhaar mandatory for filing Income Tax Returns and allotment of Permanent Account Number (PAN)?

Yes. The Supreme Court has upheld Section 139AA of the Income Tax Act, under which every citizen who is eligible to obtain Aadhaar must quote either their Aadhaar Number or the Enrollment ID while filing ITR or applying for PAN.

9. Is Aadhaar mandatory for insurance policies?

The Insurance Regulatory and Development Authority of India (IRDA) in 2017 had made linkage of Aadhaar number to insurance policies mandatory requirement under the Prevention Of Money Laundering (Maintenance of Records) Second Amendment Rules, 2017. However, since the said rules have been set aside by Supreme Court, linking of Aadhaar for insurance policies is not mandatory.

10. Is Aadhaar mandatory for employment provident fund?

Aadhaar is not mandatory for EPFO since it does not constitute a charge on the Consolidated Fund of India. The court held that the Government cannot take umbrage under Section 7 of the Aadhaar Act to enlarge the scope of subsidies, services and benefits. ‘Benefits’ should be such which are in the nature of welfare schemes for which resources are to be drawn from the Consolidated Fund of India.

11. Can I delete my Aadhaar data?

No, as of now there is no mechanism to delete Aadhaar. However, UIDAI provides a mechanism to lock the biometric information and prevent any misuse. Once the biometric is locked, the Aadhaar holder will not be able to use their Biometrics (fingerprints/iris) for authentications and neither can anyone else.