Logo

Defender of your Digital Freedom

All Posts | Jan 08,2019

What has been changed in the Aadhaar Amendment Bill?

On Wednesday, 02 January 2019, we got our first look at The Aadhaar and Other Laws (Amendment) Bill, 2018. On Friday, 04 January 2019, this Bill was passed by the Lok Sabha. We compared this Bill with the existing provisions under The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and the Supreme Court’s judgment in Justice K.S. Puttaswamy (Retd.) & Anr. vs Union of India & Ors. [W.P. (C) 494/2012], better known as the Aadhaar case.

The word 'Regulation' below refers to the Aadhaar (Authentication) Regulation, 2016.

 

Issue

Supreme Court’s Observations in 

Law before SC's Judgment

Change proposed in the Amendment

Our Comments

Alternate means of establishing identity

To avoid exclusion of deserving beneficiaries, the Court recommended that suitable provisions be made in concerned regulations for establishing identity by alternate means.

Section 2(a) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3;”

 

The proviso to Section 7 reads as "Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service."

Amendment to Section 2(a):

Alternative virtual identity included under definition of Aadhaar number.

 

Amendment to Section 3:

Virtual identity will be an alternative to actual Aadhar number.

"The Proviso to Section 7 has been interpreted in the past by the Executive to apply to only those people who have applied for an Aadhaar number but have not yet been assigned a number by UIDAI.

The changes to Sections 2(a) and Section 3 do not solve the issue of deserving beneficiaries being excluded. This is not an alternate means to establish identity. This method still requires the person whose identity needs to be established to be registered in the Aadhaar database. In order to comply with the Supreme Court's judgment, other forms of ID must be made acceptable as an alternative to an Aadhaar number."

Enrolment of children

1. Consent of parents/guardian is essential for enrolment of children under the Aadhaar Act.

2. Enrolled children shall be given the right to exit from Aadhar upon attaining the age of majority.

3. No Child shall be deprived of benefits if Aadhaar number is not produced. In this case verification on identity can be done on the basis of any other documents.

There was no such provision in the earlier law.

Section 3A inserted:

1. Consent of parent/ guardian of child for enrollment will be essential.

2. Application for cancellation of Aadhar number can be made by a child within a period of six months of attaining eighteen years of age.

3. No denial of subsidy or service to any child if Aadhar not produced.

Six month period for exiting the Aadhaar ecosystem is too short. In case where a person misses the six month limitation period there is no option to exit.

Authentication records

Regulation 26(c) of Aadhaar (Authentication) Regulation, 2016 has been struck down as it pertains to authentication transaction related to metadata.

Regulation 26 of 2016 Regulation requires that Authority shall store and maintain authentication transaction data, which shall inter alia contain information on meta-data related to transaction.

 

 

Residents and illegal immigrants

State directed to take suitable measures to ensure illegal immigrants do not avail benefits.

No such provision in the earlier law.

 

Action on this is awaited.

No change has been introduced by the Amendment.

Data retention

Data retention beyond six months is impermissible.

Regulation 27 of Aadhar (Authentication) Regulations, 2016 providing data retention for 5 years stuck down.

Regulation 27: Duration of storage:

(1) Authentication transaction data shall be retained by the Authority for a period of 6 months, and thereafter archived for a period of five years.

(2) Upon expiry of the period of five years specified in sub-regulation (1), the authentication transaction data shall be deleted except when such authentication transaction data are required to be maintained by a court or in connection with any pending dispute.

 

Updated regulation awaited.

Restriction on sharing of information

Presently, Aadhaar (Sharing of Information) Regulations, 2016 has no provision which impinges privacy rights of Aadhar card holders. (Section 29)

 

 

 

Disclosure of information

Read down Section 33(1):

A. Individual whose information is sought to be released to be given an opportunity of hearing.

B.Individual to be given the right to challenge disclosure of his/her information.

Sec 33(2) struck down with liberty to enact a suitable provision:

Determining if information disclosure is in the interest of national security will be done by-

a.Officer higher than rank of Joint Secretary

b.Application of judicial mind. (Judicial Officer/preferably sitting judge of High Court)

Section 33(1): Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a District Judge:

Provided that no order by the court under this sub-section shall be made without giving an opportunity of hearing to the Authority.

 

Section 33(2): Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government:

Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:

Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.

Amendments made to Section 33:

A.Under Section 33(1)(b) provides opportunity of hearing to the Aadhar holder.

B. Under Section 33B an aggrieved individual can appeal to TDSAT within a period of 45 days from the date of receipt of order.

C. Officer not below the rank of a Secretary will determine whether disclosure is in national interest.

D. Section 33A provides for civil penalties in case of in case of failure to comply with provisions of the Act/rules/regulations and directions.

E. Under Section 33B an officer not below the rank of a Joint Secretary shall be the adjudicating officer for holding inquiry.

The court had directed that a higher official in association with application of judicial mind determine the grounds of disclosure under Section 33(2).The Amendment did take cognizance of the judgment and prescribed for officer not below the rank of Joint Secretary. However as directed by the Court, the amendment finds no mention of determination by a judicial authority/officer.

Despite being criticized by the Majority judgment in the Aadhaar matter, the amendment fails to address the issue with respect to concentration of powers that lie with the Executive and lack of accountability.

The proposed amendment inserted a new provision on civil penalties. Even this change does not prescribe for application of judicial mind for the purpose of adjudication in event of failure to comply with the provision of the Act.

Thus, the amendment is not in consonance with the Aadhaar judgment.

Cognizance of complaints

Modification of Section 47: Include provision for filing complaints by an individual/victims.

Section 47:

(1) No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorised by it.

(2) No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate shall try any offence punishable under this Act.

Proviso has been inserted in Section 47. It enables the court to take cognizance of a complaint made by the Aadhar holder.

Until now, the court could take cognizance of an offence on a complaint made by only the UIDAI or an officer or a person authorised by it. The proviso also empowers an aggrieved individual to file complaints.

Establishing identity of individual for any purpose

There are two aspects to the Court's judgment on Section 57.

 

One part of the Section has been read down:

The provision is susceptible to misuse as it can be used to establish identity of an individual 'for any purpose'.

A. The 'purpose' in this Section has been read down to mean a purpose backed by law.

B. Any law made on this would need to be subjected to judicial scrutiny.

 

Another part of Section 57 has been held to be unconstitutional:

The part of this Section enabling body corporate and individuals to seek authentication is unconstitutional as:

A. Establishing identity for a purpose pursuant to any contract is impermissible as it is not backed by law and therefore does not meet test of proportionality.

B. Authentication services based on contract between individual and body corporate or person would:

B1. Enable commercial exploitation of individual biometric and demographic information by private entities.

B2. Impinge on right to privacy of individual.

Section 57:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Section 57 has been omitted.

However, the Act now provides for voluntary use of Aadhaar number for authentication or offline verification.

To enable this, Section 4 (Properties of Aadhaar number) of the Act has been amended to allow verification of the Aadhaar number on voluntary basis with informed consent of the Aadhar number holder.

To facilitate this, the Amendment Bill seeks to amend Section 4 of Telegraph Act, 1885 and insert a new section 11A under PMLA.

The Bill removes section 57 from the Aadhaar Act. This omission is in compliance with the Aadhaar judgment.

However, the prescribed amendments to the PMLA Rules and Telegraph Act are contrary to the ratio of the majority judgement in Justice K.S. Puttaswamy (Retd.) v. Union of India & Ors. [W.P. (C) 494/2012].

In the Aadhaar judgment, J.Sikri in his majority judgment stated that apart from authorising the State, even ‘any body corporate or person’ is authorised to avail authentication services. This can be on the basis of purported agreement between an individual and such body corporate or person. Even if we presume that the legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of individual biometric and demographic information by the private entities.

The part of Section 57 that allowed for people to voluntarily provide their Aadhaar number to body corporates and individuals, especially on the basis of a contract between the person providing the Aadhaar number and the person acquiring / authenticating the Aadhaar number, has been held to be unconstitutional by the Supreme Court of India. The amendment to Section 4 of the Act would re-implement a clause that has already been ruled to be unconstitutional. This would raise the likelihood of fresh litigation on an aspect of law that has already been settled.

 

 

All Posts | Sep 26,2018

Key Highlights of the Aadhaar Judgment

The Supreme Court has delivered its much awaited judgment in the Aadhaar case, wherein the majority view, comprised of - Dipak Misra CJI., AK Sikri J., AM Khanwilkar, J. and Ashok Bhushan J. (though Bhushan J. dissented with the majority on certain points) upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations. DY Chandrachud J. delivered a dissenting opinion debasing the entire Aadhaar scheme along with the Act. The full text of the judgment is available here.

A summary of the three opinions as delivered by AK Sikri J., DY Chandrachud J. and Ashok Bhushan J. are as follows:

Majority Opinion by Dipak Misra CJI., AK Sikri J. and AM Khanwilkar J.

  • ‘Benefits’ and ‘services’ as mentioned in Section 7 should be those which have the colour of some kind of subsidies etc., namely, welfare schemes of the Government whereby Government is doling out such benefits which are targeted at a particular deprived class. It would cover only those ‘benefits’ etc. The expenditure thereof has to be drawn from the Consolidated Fund of India.

  • Section 33(1) of the Act prohibits disclosure of information, including identity information or authentication records, except when it is by an order of a court not inferior to that of a District Judge. We have held that this provision is to be read down with the clarification that an individual, whose information is sought to be released, shall be afforded an opportunity of hearing. If such, an order is passed, in that eventuality, he shall also have right to challenge such an order passed by approaching the higher court. During the hearing before the concerned court, the said individual can always object to the disclosure of information on accepted grounds in law, including Article 20(3) of the Constitution or the privacy rights etc.

  • Insofar as Section 33(2) is concerned, it is held that disclosure of information in the interest of national security cannot be faulted with. However, for determination of such an eventuality, an officer higher than the rank of a Joint Secretary should be given such a power. Further, in order to avoid any possible misuse, a Judicial Officer (preferably a sitting High Court Judge) should also be associated with. We may point out that such provisions of application of judicial mind for arriving at the conclusion that disclosure of information is in the interest of national security, are prevalent in some jurisdictions. In view thereof, Section 33(2) of the Act in the present form is struck down with liberty to enact a suitable provision on the lines suggested above.

  • Insofar as Section 47 of the Act which provides for the cognizance of offence only on a complaint made by the Authority or any officer or person authorised by it is concerned, it needs a suitable amendment to include the provision for filing of such a complaint by an individual/victim as well whose right is violated.

  • In so far as Section 57 in the present form is concerned, it is susceptible to misuse inasmuch as: (a) It can be used for establishing the identity of an individual ‘for any purpose’. We read down this provision to mean that such a purpose has to be backed by law. Further, whenever any such “law” is made, it would be subject to judicial scrutiny. (b) Such purpose is not limited pursuant to any law alone but can be done pursuant to ‘any contract to this effect’ as well. This is clearly impermissible as a contractual provision is not backed by a law and, therefore, first requirement of proportionality test is not met. (c) Apart from authorising the State, even ‘any body corporate or person’ is authorised to avail authentication services which can be on the basis of purported agreement between an individual and such body corporate or person. Even if we presume that legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of an individual biometric and demographic information by the private entities. Thus, this part of the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals. This part of the section, thus, is declared unconstitutional.

  • Section 2(d) which pertains to authentication records, such records would not include metadata as mentioned in Regulation 26(c) of the Aadhaar (Authentication) Regulations, 2016. Therefore, this provision in the present form is struck down. Liberty, however, is given to reframe the regulation, keeping in view the parameters stated by the Court.

  • Retention of data beyond the period of six months is impermissible. Therefore, Regulation 27 of Aadhaar (Authentication) Regulations, 2016 which provides archiving a data for a period of five years is struck down.

  • Metabase (Metadata) relating to transaction, as provided in Regulation 26 of the aforesaid Regulations in the present form, is held to be impermissible, which needs suitable amendment.

  • On that basis, CBSE, NEET, JEE, UGC etc. cannot make the requirement of Aadhaar mandatory as they are outside the purview of Section 7 and are not backed by any law.

  • We hold that the provision in the present form does not meet the test of proportionality and, therefore, violates the right to privacy of a person which extends to banking details. This amounts to depriving a person of his property. We find that this move of mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality.

  • Circular dated March 23, 2017 mandating linking of mobile number with Aadhaar is held to be illegal and unconstitutional as it is not backed by any law and is hereby quashed.

  • When it comes to obtaining Aadhaar card, there is no possibility of obtaining duplicate card. Once the biometric information is stored and on that basis Aadhaar card is issued, it remains in the system with the UIDAI. Wherever there would be a second attempt for enrolling for Aadhaar and same person gives his biometric information, it would immediately get matched with the same biometric information already in the system and the second request would stand rejected. It is for this reason the Aadhaar card is known as a Unique Identification (UID).

  • While examining the validity of a particular law that allegedly infringes right to privacy -The question is as to whether the Court is to apply ‘strict scrutiny’ standard or the ‘just, fair and reasonableness’ standard. In the privacy judgment this Court preferred to adopt a ‘just, fair and reasonableness’ standard. Even otherwise, this is in consonance with the judicial approach adopted by this Court while construing ‘reasonable restrictions’ that the State can impose in public interest, as provided in Article 19 of the Constitution.

  • A very important feature which the present case has brought into focus is another dimension of human dignity, namely, in the form of ‘common good’ or ‘public good’. Thus, our endeavour here is to give richer and more nuanced understanding to the concept of human dignity. We, therefore, have to keep in mind humanistic concept of Human Dignity which is to be accorded to a particular segment of the society and, in fact, a large segment. Their human dignity is based on the socio-economic rights that are read in to the fundamental rights.

  • When we read socio-economic rights into human dignity, the community approach also assumes importance along with individualistic approach to human dignity. It has now been well recognised that at its core, human dignity contains three elements, namely, Intrinsic Value, Autonomy and Community Value. These are known as core values of human dignity. These three elements can assist in structuring legal reasoning and justifying judicial choices in ‘hard cases’.

  • When it comes to dignity as a community value, it emphasises the role of the community in establishing collective goals and restrictions on individual freedoms and rights on behalf of a certain idea of good life.

  • There needs to be a balancing of two facets of dignity of the same individual whereas, on the one hand, right of personal autonomy is a part of dignity (and right to privacy), another part of dignity of the same individual is to lead a dignified life as well (which is again a facet of Article 21 of the Constitution). Therefore, in a scenario where the State is coming out with welfare schemes, which strive at giving dignified life in harmony with human dignity and in the process some aspect of autonomy is sacrificed, the balancing of the two becomes an important task which is to be achieved by the Courts. For, there cannot be undue intrusion into the autonomy on the pretext of conferment of economic benefits.

  • The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state. This is ensured by the manner in which the Aadhaar project operates. During the enrolment process, minimal biometric data in the form of iris and fingerprints is collected. The UIDAI does not collect purpose, location or details of transaction. Thus, it is purpose blind. The information collected, as aforesaid, remains in silos. Merging of silos is prohibited.

  • After going through the Aadhaar structure, as demonstrated by the respondents in the powerpoint presentation (as given during the hearing by the CEO of the UIDAI – Mr. AB Pandey) from the provisions of the Aadhaar Act and the machinery which the Authority has created for data protection, we are of the view that it is very difficult to create profile of a person simply on the basis of biometric and demographic information stored in CIDR.

  • After detailed discussion, it is held that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21.

  • The Court is also of the opinion that the triple test laid down in order to adjudge the reasonableness of the invasion to privacy has been made. The Aadhaar scheme is backed by the statute, i.e. the Aadhaar Act. It also serves legitimate State aim, which can be discerned from the Introduction to the Act as well as the Statement of Objects and Reasons which reflect that the aim in passing the Act was to ensure that social benefit schemes reach

  • Right to receive these benefits, from the point of view of those who deserve the same, has now attained the status of fundamental right based on the same concept of human dignity, which the petitioners seek to bank upon.

  • The Constitution does not exist for a few or minority of the people of India, but “We the people”.

  • We again emphasise that no person rightfully entitled to the benefits shall be denied the same on such grounds. It would be appropriate if a suitable provision be made in the concerned regulations for establishing an identity by alternate means, in such situations.

  • For the enrolment of children under the Aadhaar Act, it would be essential to have the consent of their parents/guardian.

  • On attaining the age of majority, such children who are enrolled under Aadhaar with the consent of their parents, shall be given the option to exit from the Aadhaar project if they so choose in case they do not intend to avail the benefits of the scheme.

  • In so far as the school admission of children is concerned, requirement of Aadhaar would not be compulsory as it is neither a service nor subsidy. Further, having regard to the fact that a child between the age of 6 to 14 years has the fundamental right to education under Article 21A of the Constitution, school admission cannot be treated as ‘benefit’ as well.

  • In so far as Section 2(b) is concerned, which defines ‘resident’, the apprehension expressed by the petitioners was that it should not lead to giving Aadhaar card to illegal immigrants. We direct the respondent to take suitable measures to ensure that illegal immigrants are not able to take such benefits.

  • However, apprehension of the petitioners is that this provision entitles Government to share the information ‘for the purposes of as may be specified by regulations’. The Aadhaar (Sharing of Information) Regulations, 2016, as of now, do not contain any such provision. If a provision is made in the regulations which impinges upon the privacy rights of the Aadhaar card holders that can always be challenged.

  • Therefore, Section 7 is the core provision of the Aadhaar Act and this provision satisfies the conditions of Article 110 of the Constitution. Upto this stage, there is no quarrel between the parties. In any case, a part of Section 57 has already been declared unconstitutional. We, thus, hold that the Aadhaar Act is validly passed as a ‘Money Bill’.

  • Even after judging the matter in the context of permissible limits for invasion of privacy, namely: (i) the existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’, we come to the conclusion that all these tests are satisfied.

 

Dissenting Opinion by Chandrachud J.

  • The Aadhaar Act, 2016 is declared unconstitutional for failing to meet the necessary requirements to have been certified as a Money Bill under Article 110(1).

  • Adequate norms must be laid down for each step from the collection to retention of biometric data based on informed consent, along with specifying the time period for retention. Individuals must be given the right to access, correct and delete data. An opt-out option should be necessarily provided. The Aadhaar Act is bereft of these provisions.

  • Section 29(4)is over-broad as it gives wide discretionary power to UIDAI to publish, display or post core biometric information of an individual for purposes specified by the regulations.

  • Sections 2(g), (j), (k) and (t) suffer from overbreadth, as the phrase “such other biological attributes” can be expanded.

  • The proviso to Section 28(5) of the Aadhaar Act, which disallows an individual access to the biometric information that forms the core of his or her unique ID, is violative of a fundamental principle that ownership of an individual’s data must at all times vest with the individual.

  • This judgment concludes that the Aadhaar programme violates essential norms pertaining to informational privacy, self-determination and data protection.

  • The measures adopted by the respondents fail to satisfy the test of necessity and proportionality.

  • The architecture of Aadhaar enables surveillance activities through the Aadhaar database. Any leakage in the verification log poses an additional risk of an individual’s biometric data being vulnerable to unauthorised exploitation by third parties.

  • Before the enactment of the Aadhaar Act, MOUs signed between UIDAI and Registrars were not contracts within the purview of Article 299 of the Constitution, and therefore, do not cover the acts done by the private entities engaged by the Registrars for enrolment

  • The Aadhaar Act is also silent on the liability of UIDAI and its personnel in case of their non-compliance of the provisions of the Act or the regulations.

  • Section 47 of the Act violates citizens’ right to seek remedies. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. Section 47 is arbitrary as it fails to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy.

  • Making UIDAI which is administering the Aadhaar project, also responsible for providing a grievance redressal mechanism for grievances arising from the project severely compromises the independence of the grievance redressal body [ Section 23(2)(s) ]

  • In the absence of an independent regulatory and monitoring framework which provides robust safeguards for data protection, the Aadhaar Act cannot pass muster against a challenge on the ground of reasonableness under Article 14.

  • No substantive provisions, such as those providing data minimization, have been laid down as guiding principles for the oversight mechanism provided under Section 33(2), which permits disclosure of identity information and authentication records in the interest of national security

  • Section 57 violates Articles 14 and 21. it is manifestly arbitrary, it suffers from overbreadth and violates Article 14.

  • Section 7 suffers from overbreadth since the broad definitions of the expressions ‘services and ‘benefits’ enable the government to regulate almost every facet of its engagement with citizens under the Aadhaar platform. The inclusion of services and benefits in Section 7 is a pre-cursor to the kind of function creep which is inconsistent with the right to informational self-determination. Section 7 is therefore arbitrary and violative of Article 14 in relation to the inclusion of services and benefits as defined.

  • Section 59 does not validate actions of the state governments or of private entities. Section 59 fails to meet the test of a validating law since the complete absence of a regulatory framework and safeguards cannot be cured merely by validating what was done under the notifications of 2009 and 2016.

  • The judgment accepts that there is a legitimate state aim but the existence of a legitimate aim is insufficient to uphold the validity of the law, which must also meet the other parameters of proportionality spelt out in Puttaswamy.

  • Since the Aadhaar Act itself is now held to be unconstitutional for having been enacted as a Money Bill and on the touchstone of proportionality, the seeding of Aadhaar to PAN under Article 139AA does not stand independently

  • The 2017 amendments to the PMLA Rules fail to satisfy the test of proportionality. The imposition of a uniform requirement of linking Aadhaar numbers with all account based relationships proceeds on the presumption that all existing account holders as well as every individual who seeks to open an account in future is a potential money-launderer.

  • The conflation of biometric information with SIM cards poses grave threats to individual privacy, liberty and autonomy. Having due regard to the test of proportionality which has been propounded in Puttaswamy and as elaborated in this judgment, the decision to link Aadhaar numbers with mobile SIM cards is neither valid nor constitutional.

  • It is directed under Article 142 that the existing data which has been collected shall not be destroyed for a period of one year. During this period, the data shall not be used for any purpose whatsoever. At the end of one year, if no fresh legislation has been enacted by the Union government in conformity with the principles which have been enunciated in this judgment, the data shall be destroyed.

 

Partially Concurring Opinion of Ashok Bhushan J.

  • The requirement of demographic and biometric information under Aadhaar Act, 2016 does not violate fundamental right to privacy. It passes the three fold test as laid down in Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors(Privacy Judgement).

  • Moreover, safeguards are available in Aadhaar Act, 2016 and there is no architecture for pervasive surveillance.

  • There should be a balance between social benefits disbursal by state with right to privacy.

  • Sec 7 of Aadhaar Act, 2016, making Aadhaar number necessary for receipt of certain subsidies, benefits and services etc. is held as constitutional. J. Bhushan observed that some cases of authentication failure should not nullify the entire provision.

  • Sec 29 which deals with restriction on sharing information, is upheld.

  • Sec 33 which provides for the use of Aadhaar data-base for police investigation, is upheld and found not violative of Art 20(3).

  • Sec 47 which disallows an individual to file a complaint for an offence under the Act, was upheld.

  • The last part of Sec 57 which permits use of Aadhaar by the State or any body corporate or person, in pursuant to any contract is held unconstitutional.

  • Parental consent for providing biometric information under Regulation 3 & demographic information under Regulation 4 of Aadhaar (Enrolment and Update) Regulations, 2016 is made necessary.

  • Rule 9 as amended by PMLA (Second Amendment) Rules, 2017 making linkages of Aadhaar with bank accounts necessary is upheld and found not to violate Articles 14, 19(1)(g), 21 & 300A of the Constitution.

  • Circular dated 23.03.2017 by Department of Telecommunications, seeking Aadhaar-SIM linking is held unconstitutional.

  • Passing of Aadhaar Act as Money Bill is found to be valid but decision of Speaker certifying a Bill as Money Bill is not immune from Judicial Review.

  • Section 139AA of IT Act, 1961 which provides for linking of Aadhaar for filing of income tax returns is upheld and found not to violate Right to Privacy.

All Posts | Sep 26,2018

Full text of the 1448-page Aadhaar Judgement

The Supreme Court has delivered its much awaited judgment in the Aadhaar case, wherein the majoirty view, comprised of -  Dipak Misra CJI., AK Sikri J., AM Khanwilkar, J. and Ashok Bhushan J. (though Bhushan J. dissented with the majority on certain points) upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations. DY Chandrachud J. delivered a dissenting opinion debasing the entire Aadhaar scheme along with the Act. The entire text of the judgment is available here.

All Posts | May 16,2018

Aadhaar final hearing: what happens now?

On Thursday, May 10, a five-judge Constitution Bench of the Supreme Court of India finished hearing arguments from the batch of 29 petitions (led by K.S. Puttaswamy v. Union of India) that had challenged the constitutional validity of the Aadhaar scheme on various grounds. Most notably, the petitioners had argued that Aadhaar violated the fundamental right to privacy guaranteed under Article 21 of the Constituion of India, caused large scale exclusion of intended beneficiaries from various welfare schemes and benefits, and was irregularly introduced in the Parliament as a money bill to circumvent crucial oppositions. Final hearing of these petitions began on January 17, 2018 and spanned 38 days. Our detailed notes from the hearings that provide an overview of the arguments raised and addressed over the course of the proceedings are available here.

Through its order issued on May 10, the five-judge Bench has reserved judgment on the matter. Indian procedural laws do not prescribe a time limit within which the judgment must be delivered, and the actual time taken varies from case to case. Considering the time sensitive nature of this matter, a judgment is expected sooner rather than later. However, the Supreme Court will be on vacation starting May 21 and will remain closed through all of June, so we do not expect to see the judgment anytime before July 2018.

When issued, the judgment will do one of three things: (1) strike Aadhaar down as unconstitutional, forcing the Government to dismantle the project and roll-back every initiative taken in connection with it; or (2) find Aadhaar constituionally sound, allowing the Government to retain the project in its current form and expand it going forward; or (3) arrive at a middle-ground, where certain aspects of Aadhaar are struck down and others retained - for instance, Aadhaar may be found constitutionally sound overall, but specific aspects like mandatory mobile/bank account linkages may be disallowed.

Regardless of the outcome, K.S. Puttaswamy v. Union of India has been one of the most significant litigations India has seen in recent times, as it tests the world’s largest biometric ID program against fundamental human rights like the right to privacy and more. The Supreme Court’s verdict in this matter will undoubtedly have far reaching implications on how technology is integrated into governance in the years to come, and it will play a big role in shaping India’s nascent privacy and data protection landscape.

We would also like to take this opportunity to express our deepest appreciation for everyone involved in the Aadhaar litigation, whether they were lawyers, litigants, researchers or those making information available to the public by live tweeting or writing about the proceedings. We would like to make special mention of Justice K.S. Puttaswamy, Vickram Krishna, Shantha Sinha, S. G Vombatkere, and Mathew Thomas among others for moving the Courts to adjudicate on various issues surrounding Aadhaar; senior advocates Shyam Divan, Gopal Subramanium, K.V. Vishwanathan, Minakshi Arora, P. Chidambaram, Sajan Poovayya, P.V Surendranath, Kapil Sibal, Sanjay Hegde, Anand Grover, C.U. Singh and Arvind Datar for arguing the matter at the Supreme Court; advocates Gautam Bhatia, Prasanna S, Apar Gupta, and Kritika Bharadwaj among others for assisting the senior counsels and preparing arguments; Prasanna S and Gautam Bhatia for their live reportage of the proceedings; and Usha Ramanathan, Reetika Khera, and Jean Dreze among many others for building a strong discourse around Aadhaar. We are sure we have missed out many names from this list, but we extend our gratitude to everyone who played a part in building and maintianing a national narrative around the concerns with Aadhaar.

All Posts | May 16,2018

Updates on Aadhaar Final Hearing: Day 38

On the last day (day 38) of the final Aadhaar hearing, Senior Advocate, Gopal Subramanium resumed his submissions for the State. He started by asking the bench, “Is Aadhaar really affirmative action? Is the Act an enabler or is it in the guise of enabler? The Act is not an instrumentality to deliver services. It is only a means of identification.” He contended that the bench has to read the true purpose of the law and whether the impugned law seeks to achieve that purpose Mr. Subramanium was of the view that dignity and autonomy is not preserved by Section 7 of the Act. He further stated that Aadhaar does not have a true purpose and that a claim to a true purpose is not proper purpose, following which he argued that authentication is at the heart of the Aadhaar Act and failure of authentication is a ground or denial of services.

J. Chandrachud opined that an Act like Aadhaar needs a regulator which is absent, to which, Mr. Subramanium agreed and stated that the State seeks to take away our data without the backing of a strong data protection framework. He further expressed that some words used in the Act, like “grant of subsidies, benefits and services” are expressions of condescension in Section 7 and are not treated like an entitlement. The burden is on the people to authenticate and establish their identity. J. Chandrachud, in reply, said that whether a “subsidy” is a benefit or a right has to be decided.

Thereafter, Mr. Subramanium highlighted that private players have access to Aadhaar data and there is no vertical protection. Section 7 has been interpreted to be mandatory. The State cannot make citizens subservient under Section 7 and call rights, benefits, he emphasized. He, then called for the Act to be struck down completely as it fails all three tests laid down in the Puttaswamy judgment: there is no legitimate state aim as the real aim of the Act is different from the purported aim; there was no law when Aadhaar was implemented and there is no proportionality.

Next, Mr. Subramanium read out a quote of B. R Ambedkar, “Political democracy rests on four premises: They are (1) The individual is an end in himself. (2) The individual has certain inalienable rights which must be guaranteed to him by the constitution. (3) The individual shall not be required to relinquish any of his constitutional rights as a price of any privilege. (4) The state shall not delegate power to private persons to govern others.”

Concluding his arguments, Mr. Subramanium stated that this court consciously overruled ADM Jabalpur, and the doctrine of misuse does not apply here because there is actual denial of rights in the case of Aadhaar. In his prayer, he asked for the Aadhaar Act to be completely struck down and the architecture and database destroyed.

Senior Advocate, Arvind Datar began his arguments next, and stated that the Aadhaar Act could not have been passed as a money bill. At most, it can be a financial bill of category 3 under Article 117 (3) of the Constitution. He was of the view that the doctrine of severability will not apply to Aadhaar, since the doctrine is only applicable to validly enacted legislations. Mr. Datar asserted that the judgments of Mohd. Saeed Siddiqui and Yogendra Jaiswal should be overruled. Finality of speaker’s decision does not mean that the bill cannot be subject to judicial review, he remarked.

Mr. Datar submitted that under the Prevention of Money Laundering Act (PMLA), Aadhaar is not just confined to banks but has gone beyond its scope. It is now needed for mutual funds, insurance policies and credit cards, among other things. He commented that magic words like black money, national security and terrorism are being thrown around by the State. The justification of a law for proportionality cannot be a ritualistic exercise.

He further submitted that Aadhaar is not justified under Article 300A of the Constitution and seeding Aadhaar will never solve problems of money laundering and black money because the source of such money is different. Mr. Datar called the State’s action colorable exercise of power and remarked that black money and money laundering is being used as a ruse to collect people’s biometrics. He prayed to the bench that Section 57 should be struck down as anything outside Section 7 is completely violative of the Puttaswamy judgment; Section 139AA of the Income tax Act is inconsistent with the Aadhaar Act; and there should be an option to opt out of the Aadhaar ecosystem.

Next, Senior Advocate, P. Chidambaram commenced his submissions on the money bill aspect of Aadhaar. and stated that the Attorney General’s reading of the word “only” in Article 110(1)(g) is erroneous. He submitted that Section 57 travels beyond Article 110 of the Constitution. Mr. Chidambaram further submitted that Clause (g) of Article 110(1) must be read very restrictively and a particular provision has to be incidental to clauses 110(1)(a)-(f) to come under clause 110(1)(g) since clause (g) is not a substantive provision.

Mr. Chidambaram argued that the implications of passing a non money bill as a money bill are very serious: one half of the Parliament is virtually disabled from making any amendments and; it denudes the highest Constitutional Authority of the country, the President of India. Since the Aadhaar bill was passed without the effective participation of the Rajya Sabha and without assent from the President, the court cannot save it as it is a fundamentally unconstitutional legislation, he asserted.

Mr. Chidambaram was of the view that the pith and substance doctrine cannot be applied in cases where the applicability of Article 110 is being interpreted. The doctrine is only limited to entries of legislative lists. In his prayer, he requested the bench to strike down the Aadhaar Act as it is not a money bill.

Senior Advocate, K.V Vishwanathan began his submissions and stated that the respondents’ argument that the least intrusive method is not a facet of proportionality is erroneous. He further stated that harmonization of rights is being applied by the State. Balancing right to food and right to privacy is wrong.

In his next submission, he contended that Section 59 does not protect Aadhaar during the time Aadhaar was an executive scheme. Concluding his arguments, he asserted that there can be no collection and digitalization of records and that the underpinning of the Aadhaar Act is authentication of individuals. The State cannot discharge its duty by subjecting the poor and downtrodden of this country to a technological menace.

The hearing concluded with Senior Advocate, P. V Surendranath making a short submission on excessive delegation.

The matter is now reserved for judgment.

All Posts | May 15,2018

Updates on Aadhaar Final Hearing: Day 37

On day 37 of the final Aadhaar hearing, Senior Advocate Shyam Divan resumed his submissions for the petitioners by stating that banks and telecom operators were linking individuals’ Aadhaar with their bank accounts and mobile numbers without their permission. This is called inorganic seeding. He asserted that UIDAI collected biometrics of a hundred crore people which is the entire population of Europe and North America without any statutory backing.

Mr. Divan contended that from the citizens’ perspective, there is an authentication tower and enrolment tower and IP addresses, date, time and purpose of authentication can be known because of the architecture of Aadhaar. He, then highlighted that the source of Aadhaar software belongs to foreign companies. Mr. Divan remarked that it is impossible to live in contemporary India without Aadhaar and also stated that Aadhaar linking is not a one time thing as claimed by the respondents. It is a continuous process.

Mr. Divan produced a hypothetical log of an individual’s authentication activities to show how much data about her is generated over three days. He then showed a long list of agencies that are using authentication services on UIDAI’s website. Mr. Divan was of the opinion that the ID4D report relied on by the Attorney General is not impartial.

Mr. Divan contended that collecting biometrics was ultra vires the 2009 notification and even assuming that the notification was an Act of Parliament, it would have been ultra vires for collecting something as intrusive as biometrics. Further, there was no informed consent and penalties when biometrics before the Act was passed.

Mr. Divan argued that UIDAI has been flouting the interim orders of the Supreme Court that held that Aadhaar cannot be made mandatory. He further emphasized that schemes under Section 7 of the Aadhaar Act should not involve children and education. Schemes for rehabilitation of bonded labourers and women rescued from trafficking that involve stigma should also be excluded, he stated. Schemes related to food and nutrition and matters related to health should not be covered by Section, contended Mr. Divan and further remarked that there cannot be retrogression of human rights.

Mr. Divan explained that Sarva Shiksha Abhiyan and mid-day meal schemes require children to furnish Aadhaar to avail benefits of these schemes. He commented that there should be no conditions placed on children to avail any benefits as this is way beyond any reasonable limit of proportionality. Mr. Divan gave the example of tuberculosis patients requiring to disclose their Aadhaar number.

Mr. Divan urged the bench to not look into Section 7 by itself but consider the over all impact of the Act and stated that Aadhaar is an over extension of the coercive powers of the State. He reiterated that non retrogression of rights is an important principle of human rights law. Mr. Divan argued that the Constitution of India has an intricate scheme to defend Part III with the final defence lying with the Supreme Court. But before the matter even reaches the Supreme Court, there are other bulwarks to protect Part III: wisdom of the Rajya Sabha and Article 111 of the Constitution. Mr. Divan stated that the Government cannot bypass the wisdom of the Rajya Sabha and Article 111 to pass Aadhaar as a money bill.

On the point of protection of demographic information. Mr. Divan said that demographic information is important in many situations and should not be trivialised. People must have the choice to preserve and protect it.

Concluding his submissions, Mr. Divan said that Aadhaar will not survive the first five words of the Preamble, “We, the people of India.”

Next, Mr. Gopal Subramanium began his submissions for the petitioners and stated that State functionaries have a continuing constitutional obligation. If the obligation is not met, it cannot be reversed and the burden of proof cannot be on individuals to establish their identity. He asserted that Section 33 will allow sharing of authentication records and footprints of one’s activities will be known by the State. “Is there any nexus between such knowledge of the State and delivery of services?”, he asked.

Mr. Subramanium argued that an individual can ping the authentication machine three times and get rejected and then get accepted on the fourth ping. He asserted that the State cannot subject citizens to this. He submitted that the State has not been able to demonstrate any compelling interest as Aadhaar is not just for the oppressed as claimed by them. Everyone is now supposed to link it with their banks and telecoms. He highlighted that the legislation is not an enabler or a tool for empowerment. Therefore, it falls on all grounds i.e Articles 14, 19 and 21 of the Constitution. Mr. Subramanium further submitted that data of citizens cannot be used for political exercise and Aadhaar’s preponderant nature is” likely to invade. It alters the symbiotic relationship between State and citizen.

Ending his submissions, Mr. Subramanium argued that Aadhaar should be completely struck down as it steps out of the boundaries of the Constitution. He stated that there has to be a positive law if the State wants to abridge a fundamental right. Aadhaar was implemented without a law and the State cannot then retrospectively enact a law.

 

All Posts | May 15,2018

Updates on Aadhaar Final Hearing: Day 36

On day 36 of the final Aadhaar hearing, Attorney General K.K Venugopal resumed his submissions and stated that Article 110(1)(g) is a standalone provision and there can be a money bill that does not relate to Article 110(1)(a)-(f) of the Constitution but is still covered independently under Article 110(1)(g). Therefore, the Aadhaar bill did not have to be passed by the Rajya Sabha. Chief Justice of India, Dipak Misra interjected and said that Section 57 is an enabling provision that allows state legislatures to introduce Aadhaar for various services. The State legislature may or may not introduce it as a money bill. The nature of the bill will be examined if it is challenged in a court of law.

Further, Mr. K.K Venugopal cited Articles 122 (Courts not to inquire into proceedings of the Parliament) and 255 (Requirements as to recommendations and previous sanctions to be regarded as matters of procedure only) of the Constitution in support of his money bill argument.

Next, Mr. Venugopal talked about Aadhaar-telecom linking. He asserted that currently, Aadhaar is not mandatory to obtain a new mobile connection but there will be no chance of forgery and fraud if Aadhaar is linked to SIM card. He then stated that Aadhaar was made optional as per the direction of the Supreme Court but it will only remain optional till the final disposal of the matter.

Mr. Venugopal concluded his submissions for the respondents by reiterating that no core biometrics data is shared under the Aadhaar Act and read out the offences and penalties laid down under the Act. He vehemently asserted that we cannot accuse a democratic government of such conspiracy. Mr. Venugopal mentioned that the State takes offense to the fact that words such as “electronic leash” and “concentration camps” were used by the petitioners’ counsels.

Senior Advocate Shyam Divan began the rejoinder for the petitioners. He stated that this is the first time in a democracy that something like the Central Identities Data Repository (CIDR) has been implemented. He emphasized that the Supreme Court is at the vanguard of balancing human rights and new technologies.

Mr. Divan submitted that surveillance has three elements: identity of the person, date and time, and location. He referred to an affidavit filed by the State, appending an expert report by Maninder Agarwal of IIT Kanpur who is also a member of the technology and architecture review board and security review board of Aadhaar. Mr. Divan stated that the report admits that tracking the location of a person is possible with Aadhaar. He contended that Prof. Agarwal admitted that the last five years of location data can be accessed with the verification log. Even without the verification log, current data of a person can be tracked by UIDAI, according to Mr. Divan.

Mr. Divan submitted that Aadhaar is not just a privacy issue, it is also a limited government issue. The coercive power of the State cannot extend to creating an infrastructure that is capable of tracking people, he emphasized. Mr. Divan stated, “Can we have a law or system that sets up an authority that does not comport with our democracy? I'm speaking about a rudimentary level of surveillance. I'm not even talking about commercial surveillance.He also argued that UIDAI’s registered device is capable of tracking people.

On the point of balancing of rights, Mr.Divan stated that Aadhaar is an impairment of Part III of the Constitution and this was a moment in time to take a firm stance. J. Chandrachud interjected and said that there is an inexorable march of technology and the kind of safeguards we should take while balancing human rights with innovation is something we have to consider.

Concluding his submissions for the day, Mr. Divan went through a list of questions put forth by the petitioners to UIDAI and read out the answers given by the same. Mr. Divan informed the bench that UIDAI in their answer have said that they do not take responsibility for correct/incorrect identification but only provide a matching system, which in essence, is a self certification/declaration system. Further, he stated that UIDAI takes no responsibility for ensuring correct name, address, date of birth of the Aadhaar enrolee. In the end, he highlighted that UIDAI has not answered how many authentication rejections have taken place. If an individual is successful in performing five authentications a year, it is considered hundred percent successful.

All Posts | May 07,2018

Updates on Aadhaar Final Hearing: Day 35

On day 35 of the final Aadhaar hearing, Advocate Zoheb Hossain, appearing for the State of Maharashtra and UIDAI continued his submissions. He began by handing over a bunch of international charters and covenants to the bench on harmonization of socio-economic and civil-political rights. J. Chandrachud remarked that directive principles of state policy are essential for good governance and are a guarantee of reasonableness of a law and even though they are non-justiciable, they are read into Article 21. Mr. Hossain stated that enacting a data protection law is a positive obligation of the State. Reading out excerpts from the Wadhwa Committee report on public distribution system and food security, he also mentioned that Aadhaar is a project to ensure socio economic rights of the people.

Mr. Hossain cited the case of D.K Trivedi v. State of Gujarat wherein it was held that when a statute confers discretionary powers to the executive, the validity of the statute cannot be judged by assuming that the executive will act in an arbitrary manner and abuse its power. It was also held that there is a constitutional obligation on the State to ensure socio-economic welfare of the citizens which includes prevention of leakages in public distribution systems.

Next, he cited the case of J.P Unnikrishnann v. State of Andhra Pradesh wherein the court relied on UDHR and ICCPR to read in education as a social right under Article 21. Mr. Hossain then cited a UN General Assembly resolution which said that the ideal of freedom can only be achieved if conditions are created so that everyone can enjoy socio economic and civil political rights. He also mentioned that all human rights are equally important, indivisible and interconnected. Socio-economic rights are as important as civil and political rights.

On the point of proportionality, Mr. Hossain contended that to judge proportionality, reasonableness of the measure/restrictions have to be shown from the point of view of the general public and not from the point of view of one affected party. He argued that right to privacy is an individual right which can be highly subjective or objective and the state cannot be held to be vicariously liable for its infringement. He asserted that no petitioner has claimed infringement of right to privacy and questioned the fact that a violation of privacy is being heard as a PIL.

Next. Mr. Hossain submitted that a person may use her Aadhaar for obtaining SIM, opening bank account and getting PDS. Her telecom company will not have details of the bank/PDS. Similarly, her bank will not have information of her telecom and PDS subsidy. UIDAI won't have any of the three details which proves that there is no scope of conducting mass surveillance.

Further, Mr. Hossain explained the development of social security number in the US and cited a congressional report. He stated that SSN is a quasi universal personal identification number and is used for a variety of purposes such as identifying convicted criminals, obtaining a loan or insurance, among other things. He cited a US judgment that said that firing of an employee for refusal to produce her SSN was not seen as a violation of privacy.

As regards the security of Aadhaar, Mr. Hossain stated that the Aadhaar Act provides adequate safety to identity and authentication records, following which he cited section 33 (disclosure of information in certain cases) and said that that the decision made under this section is reviewed by an oversight committee as laid down in the proviso.

With respect to national security, Mr. Hossain argued that a party cannot expect strict adherence to the principles of natural justice during times of emergency. On the petitioner’s argument that a person has no right to complain before a court of law (Section 47), Mr. Hossain contended that the purpose of such a measure is discernible under the scheme of the Act. He also stated that a complaint can be filed to UIDAI which can then take cognizance of it depending on the genuineness of the complaint, therefore a person is not left remedy-less. He further highlighted that Aadhaar is technical and it is appropriate if UIDAI is given the power to complain as they best understand the matters. He gave the example of a similar provision in the Industrial Disputes Act which was upheld by the court.

In his last argument, Mr. Hossain asserted that the purpose of Aadhaar including section 139AA of the Income Tax Act is to promote re-distributive justice and ensure substantial equality along with furthering the dignity of the individual. He quoted the Puttaswamy judgement and said that rights can be curbed in the interest of prevention of tax evasion, curbing black money and prevention of money laundering. Aadhaar Act and Income Tax Act are standalone acts and it cannot be said that Parliament in its wisdom cannot make Aadhaar mandatory by way of an amendment, he argued. Mr. Hossain pointed put that if the objects of the two statutes are different, then they are said to run parallely and not intersect. There is no conflict. On why only individual tax payers are supposed to link Aadhaar with PAN, Mr. Hossain said that the rule of equality doesn't mean that the state has to strike at all evils at the same time. He further mentioned that Aadhaar for individuals also cures the evil vis-a-vis companies. Companies and individuals are treated differently in the income tax Act. That cannot be called unreasonable classification, argued Mr. Hossain.

Attorney General of India, Mr. K.K Venugopal then made his submissions on the aspect of money bill. He contended that the term “targeted delivery of services” in the preamble of the Act contemplates expenditure of funds which brings the Act into the ambit of money bill under Article 110 of the Constitution. Even though the law has ancillary provisions, the main objective of the Act is delivery of services and benefits and not a single provision in the Act is unnecessary or unrelated to the main purpose/pith and substance of the Act which is giving subsidies, he argued. To this, J. Chandrachud remarked that Section 57 of the Act snaps the link with Consolidated Fund of India. In reply, Mr. Venugopal stated that Section 57 is saved by Article 110(1)(g).

The hearing will continue on May 3, 2018

 

All Posts | Apr 30,2018

Updates on Aadhaar Final Hearing: Day 33

On day 33 of the final Aadhaar hearing, Senior Advocate, Rakesh Dwivedi appearing for the State/UIDAI resumed his submission on Aadhaar by stating that the standard of control exercised by UIDAI on requesting entities is “fair and reasonable” as laid down under Article 21. He further pointed out that the data collected by REs is segregated and there is no way to aggregate it as there are over three hundred REs. J. Chandrachud asked about misuse of data by individual REs, to which Mr. Dwivedi gave the example of Vodafone and mentioned that Vodafone can indulge in targeted advertising without Aadhaar data as it collects far more demographic data about an individual than UIDAI does. He emphasized that at least in the case of UIDAI, there are so many regulations and penal consequences that do not apply to Vodafone. Mr. Dwivedi then showed the bench a credit card statement to put across the point that banks have a record of all transactions made by an individual including information such as the place of transaction. He remarked that no one is questioning the data collection activities of banks and telecoms and that Aadhaar is the single target. Mr. Dwivedi also gave the example of the food delivery app “bigbasket” and highlighted that the app knows the food habits of the users.

On the technology of Aadhaar, Mr. Dwivedi contended that UIDAI needs to have big data, processing power and statistical knowhow to do big data analysis on the data that is colllected. He explained how companies like Google and Facebook process tremendous data on a daily basis while UIDAI does not have such algorithms. Mr. Dwivedi also mentioned that the data collected by REs does not have any value as no authentication records are stored with them. Next, he showed a list of entities that require one time authentication and those that require authentication each time there is a transaction and pointed out that most entities require authentication once, and therefore there is no way to surveil people.

With respect to exercising control over REs by UIDAI, Mr. Dwivedi submitted that an RE procures the fingerprint device from a vendor and UIDAI controls the vendor with respect to the hardware and software of the device. He explained that UIDAI puts a key in the device so that data is encrypted and sent to CIDR. The device is then taken to Standardisation Testing and Quality Certification (STQC) to check whether it meets all the requirements. The whole process of device preparation and certification happens without the knowledge of the requesting entity. An information systems operator then conducts an audit of the RE and the report is submitted to UIDAI. If the report is approved, then the particular RE gets a license from UIDAI in order to operate as an RE. In this regard, Mr. Dwivedi asserted that metadata is important for validation that the data is coming from a particular RE with which UIDAI has an agreement. Further, the metadata is important for fraud management and verification, stated Mr. Dwivedi.

As an additional security measure, Mr. Dwivedi highlighted that REs have a data vault as well which is controlled by trusted people. Apart from these procedures, there are two more audits conducted on REs: annual audit and random audits by UIDAI.

Further, Mr. Dwivedi submitted that the information held by REs is not of any commercial value. He stated that UIDAI has device control, there are double pairs of keys, encryption is immediate and time stamped, transmission of data requires a digital signature with a private key, there is complete prohibition of storing PID block and finally there are penal consequences if any provision of the Aadhaar Act or Regulations is violated. Mr. Dwivedi alsiosubmitted that the central government has no access to UIDAI’s data as UIDAI is an autonomous body. He mentioned that while examining the problem of smart cards, even the EU has said that having a centralized database is important since decentralization leads to fakes and duplicates.

Mr. Dwivedi’s next contention was on Aadhaar-SIM linking. He began by citing the Lok Niti Foundation judgment and TRAI’s recommendation to link Aadhaar with SIM card. Mr. Dwivedi next read out the DoT notification that talked about re-verification of mobile numbers using e-KYC process. On the legality of such measure, Mr. Dwivedi said that the proviso to Section 4 of the Telegraph Act gives exclusive power to the Central government to decide license conditions. As regards proportionality, he mentioned that the measure to verify one’s SIM card using Aadhaar is not excessive at all and proportional to the object sought to be achieved. At this point, J. Chandrachud remarked that the Supreme Court never directed in the Lok Niti Foundation order to carry out e-KYC of mobile numbers using Aadhaar. In reply, Mr. Dwivedi stated that Aadhaar-SIM linking was done on the recommendation of TRAI before the Lok Niti order had even come out. Further, he said that the measure is reasonable in the interest of national security.

Mr. Dwivedi contended that the entire architecture of Aadhaar is such that there is no aggregation of data. The system stands the test of Article 21 on its own and there is no infringement of privacy.

Additional Solicitor General, Tushar Mehta, intervened to make a short submission on whether Aadhaar passes the muster of Article 300A of the Constitution and whether Article 300A encompassed ‘Rules’ also. The phrase “authority of law” gives power to the legislature to link Aadhaar with bank account under the Prevention of Money Laundering Act (PMLA) and the PMLA Rules have the backing of the PMLA. He stated that a statutory rule is akin to law under Article 300A of the Constitution. The parliament cannot every time amend the law (PMLA) for example in respect of money laundering. Therefore a wide statutory network is provided and power is given to the rule making authority.

Senior Advocate, Jayant Bhushan then commenced his submission on the master circular issued by the Reserve Bank of India on April 20, 2018 and stated that RBI issued the master circular by virtue of its power under the Banking Regulation Act and Rule 9 of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 that provides that Aadhaar has to be submitted to a reporting entity. He also highlighted Rule 9(14) which provides that the regulator (RBI in this case) shall provide guidelines incorporating the requirements of sub rules (1) to (13) above and may prescribe enhanced or simplified measures to verify identity. Requirements under Rule 9(1)-(130 is made mandatory under Rule 9(14). Mr. Bhushan asserted that the RBI master circular is now in conformity with PMLA rules and RBI had no option but to amend the master circular.

Next, Advocate Gopal Sankarnarayanan began his submissions. He stated that he is going to argue the following contentions:

  1. Aadhaar Act is valid subject to three specific provisions that have to be wither read down or struck down
  2. Conflict between Aadhaar Act and Right to Information Act, 2005
  3. Manifest arbitrariness with respect to Section 139AA of the Income Tax Act and its relation with Article 21

Mr. Sanakarnarayanan will continue his submissions tomorrow (April 26, 2018).