Mumbai: Private entities cannot demand Aadhaar data to authenticate identity. Individuals must be allowed to file complaints against the use of their data. Information can be accessed for matters of national security only when a judicial officer such as a sitting High Court judge has sanctioned it.

These were the highlights in a series of landmark rulings by India’s Supreme Court as it ruled against the use of an Aadhaar number for opening bank accounts, mobile connections and school admissions, calling access to the national identity database by private companies wishing to authenticate identities “unconstitutional”.

Though the court upheld the overall validity of the government’s Unique Identification (UID) programme, and the linking of Aadhaar to permanent account number (PAN) and welfare schemes, it prohibited many organisations and services--such as banks, insurance firms and mobile phone companies--from demanding Aadhaar data.

After one of the longest Supreme Court (SC) hearings in history, prompted by petitions from 27 organisations and individuals--heard for 38 days over four-and-a-half months and second only after the 1973 Kesavanda Bharati case--four out of five judges ruled in favour of the programme, deciding its validity on the basis that “minimal demographic and biometric data is collected”.

Justice Dhananjaya Y. Chandrachud was the voice of dissent on the five-judge bench, pointing to several flaws with the programme’s content and execution. He offered particularly strong criticism for the government’s March 2016 decision to pass the Aadhaar Act as a money bill, which can be introduced and passed by Parliament’s lower house, the Lok Sabha. The upper house or Rajya Sabha can suggest amendments, but it cannot make any changes to the Bill.

"The passing of Aadhaar Act as a money bill is a fraud on the Constitution,” said Justice Chandrachud. “If a Constitution has to survive political aggrandizement, notions of power and authority must give compliance to rule of law.”

The Aadhaar judgement was pronounced by a five-judge bench of Chief Justice Dipak Misra, Justices A K Sikri, A M Khanwilkar, Chandrachud and Ashok Bhushan. Justice Chandrachud dissented from the majority.

What changes does the verdict include?

The five-judge bench struck down sections 33(2), 47 and 57 relating to Aadhaar as a mandatory form of identification, noting that these provisions related to a citizen’s right to privacy.

Section 47 relates to allowing individuals to file complaints against the use of their data and section 57 to private entities demanding Aadhaar data to authenticate identity. Section 33(2), related to information disclosure for matters of national security has been struck down in its present form, but exceptions can be made, and to prevent misuse, a judicial officer such as a sitting High Court Judge must sanction it.

“Allowing private enterprise to use Aadhaar numbers will lead to exploitation of data,” said Justice Chandrachud in a dissent that focussed on the protection of individual rights; he went on to say that Aadhaar “violates informational privacy and data protection”.

A ban on linking or using Aadhaar to open bank accounts and purchase SIM cards for mobile-phone connections is seen as a victory for those concerned about the safety and proliferation of citizen data amongst a host of private companies and organisations.

To enroll biometric data of children under 18 years, parental consent is required, the judgement ruled. No child can be denied access to any schools or schemes for lack of Aadhaar, and the University Grants Commission (UGC), Central Board of Secondary Education (CBSE), and the National Eligibility cum Entrance Test (NEET) can no longer demand the UID for examinations or admissions.

However, quoting the 12-digit unique identification number attached to an Aadhaar profile will be mandatory for filing income returns and making PAN-card applications, the majority judgement said, upholding 139AA of the Income Tax Act.

Individuals will still be required to provide their Aadhaar number, or proof of application for enrollment in order to receive benefits under 530 welfare schemes--such as supplementary nutrition programme, maternity benefit programme and employees pension scheme--funded by the main repository for government revenues called the Consolidated Fund of India.

‘Collection of data, its storage and use does not violate privacy’

The SC has ruled that the there is no violation of privacy by Aadhaar and that the Aadhaar Act “passes the three fold test in the Right To Privacy Judgement”.

“The requirement under Aadhaar Act to give one's demographic and biometric information does not violate fundamental right of privacy,” said the judgment.

Petitioners had attacked the validity of the UID and its linking with key government and private services by centring on violations of privacy rights, enshrined by Article 21 of the Constitution.

An August 2017 SC ruling that the right to privacy is an "intrinsic part of life and [matter of] personal liberty” for every citizen, was an oft-cited legal precedent, as the court urged that citizens’ data be protected from private organisations.

The petitioners had questioned the safety of allowing phone operators, financial services institutions and multiple government departments and contractors access to citizen data, without adequate assurances.

More than 1.2 billion people--92% of the population--have already registered their biometric data with UIDAI, the organisation mandated to manage the roll-out of Aadhaar for government services.

In the six years since the launch of the Aadhaar programme in September 2011, 164 cases of forged or fake Aadhaar numbers and Aadhaar-related banking frauds were reported. These include 123 cases of fake or forged Aadhaar numbers or cards and 41 cases of Aadhaar-related banking fraud.

In 2018, misuse of UIDAI data averaged nearly four incidents each week, according to a database created by independent researchers Anmol Somanchi and Vipul Paikra.

A draft Personal Data Protection Bill, 2018, was submitted to the government in July, as India scrambled to build a framework for how organisations should collect, process and store basic personal data. Currently there are no clear guidelines on how long organisations can hold personal details, on the sale of data or “the right to be forgotten”--requesting a company to delete data, as is accepted practice in the European Union.

‘Protecting marginalised groups outweighs the harm’

Justice Sikri declared: “It is better to be unique than to be best”, as he argued that extending a form of identity to marginalised sections of society would outweigh other issues.

The Aadhaar Act of 2016 made the 12-digit unique identification number mandatory for citizens to receive benefits under 530 welfare schemes, fill income-tax forms, receiving college degrees and obtain driving licenses and PAN cards, IndiaSpend reported in March 2017.

This was despite a 2015 Supreme Court interim order that held Aadhaar enrollment voluntary.

Since then, there were reports of ration cards and pension payments denied to tribal groups and the illiterate poor because they had either not enrolled or if they had, failed to link Aadhar to these social-security accounts.

This happened despite the government having initially described Aadhaar as an “enabler” and “soft identity infrastructure” to ensure “equitable, efficient and better delivery” of social welfare schemes and programmes for the poor and marginalised, who may lack other identity documents.

“Mandating Aadhaar for benefits and services under Section 7 would lead to a situation in which citizens will not be able to live without Aadhaar,” Justice Chandrachud said.

Section 7 of the Aadhaar Act, 2016 (Targeted Delivery of the Financial and Other Subsidies, Benefits and Services), mandates Aadhaar authentication for any government service that requires transfer of benefits or where any expenditure is incurred. This would include payments distributed under government pension schemes and the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS).

The benefits of Aadhaar on direct benefit transfers delivered to the poor is not studied enough, a paper published by an arm of the Reserve Bank of India concluded in its October 2017 edition, IndiaSpend reported on January 9, 2018.

The paper flagged issues related to Aadhaar, such as problems of last-mile access, the quality of authentication, unclear financial benefits and security concerns; it urged caution as the government linked more economic programmes and activities with Aadhaar.

The Centre has defended Aadhaar and its ability to distribute government transfers more efficiently. During the 2018 Karnataka state elections, critics of the programme were labelled by Prime Minister Narendra Modi as those who “cannot understand or are purposely spreading lies”.

(Sanghera is a writer and researcher with IndiaSpend. Mallapur is a policy analyst with IndiaSpend.)

We welcome feedback. Please write to respond@indiaspend.org. We reserve the right to edit responses for language and grammar.

Tish Sanghera

    Tish is an independent journalist based in Mumbai. She primarily reports on issues relating to the economy, the environment and the society at large. Tish studied at King’s College, London and the Sorbonne.