On 26 September 2018, a five-judge bench upheld the validity of Aadhaar Act, 2016, but struck down many provisions. The judgement authored by Justice AK Sikri, which had concurrence of Chief Justice Dipak Misra and Justice AM Khanwilkar, read down some of the provisions of the Aadhaar Act, 2016, struck down quite a few, and upheld the rest. (Where a court gives an over-inclusive statute a sufficiently narrow interpretation to bring it in line with the demands of the Constitution, it is said to have ‘read down’ the law.)
The following points from the judgement in the matter of Justice KS Puttaswamy and Another versus Union of India (Writ Petition [Civil] No. 494 of 2012) will explain which all provisions have been erased from the statute and which others will remain in a changed form:
- Section 2 (d), which pertains to authentication records, will not include metadata as mentioned in Regulation 26 (c) of Aadhaar (Authentication) Regulations, 2016. Therefore, this provision in the present form is struck down. Liberty, however, is given to reframe the regulation, keeping in view the parameters stated by the court.The Aadhaar scheme got statutory recognition through the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, in short referred to as Aadhaar Act. A unique identification number for every citizen in India envisaged by the Aadhaar scheme has resulted in many privacy-rights battles. Is the Aadhaar scheme consistent within the framework of the constitutional guarantee of right to privacy and right to life? In this regard, the 2016 legislation was subjected to judicial review by a five-judge bench of the Supreme Court of India. On 10 May 2018, the SC bench reserved the order after 38 days’ hearing in the petitions challenging the constitutional validity of the Aadhaar Act. In a marathon hearing, submissions for and against the project – which seeks to establish a database of personal identity of every Indian resident by assimilating their demographic and biometric information – were advanced before the five-judge bench comprising Chief Justice Dipak Misra and justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan.The data is allowed to be retained for an unreasonable long period of time. Regulation 27 of the Authentication Regulations requires the issuing body Unique Identification Authority of India (UIDAI) to retain the ‘authentication transaction data’ (which includes the metadata) for a period of 6 months and to archive the same for a period of 5 years thereafter. Retention of this data for a period of six months is more than sufficient, after which it needs to be deleted except when such authentication transaction data are required to be maintained by a court or in connection with any pending dispute. Therefore, Regulation 27 is to be amended accordingly.
- Section 29 imposes a restriction on sharing information and is, therefore, valid as it protects the interests of Aadhaar number holders. However, apprehension of the petitioners was that this provision entitled the government to share the information ‘for the purposes of as may be specified by regulations’. The Aadhaar (Sharing of Information) Regulations, 2016, as of now, do not contain any such provision. If a provision is made in the regulations which impinges upon the privacy rights of Aadhaar cardholders, that can always be challenged.
- Section 33 (1) of the Act prohibits disclosure of information, including identity information or authentication records, except when it is by an order of a court not inferior to that of a district judge. The court directed this provision to be read down with the clarification that an individual, whose information was sought to be released, shall be afforded an opportunity of hearing. If such an order is passed, in that eventuality, he shall also have the right to challenge such an order passed by approaching the higher court.
- Insofar as Section 33 (2) is concerned, it is held that disclosure of information in the interest of national security cannot be faulted with. However, for determination of such an eventuality, an officer higher than the rank of a joint secretary should be authorized. Further, in order to avoid any possible misuse, a judicial officer (preferably a sitting high court judge) should also be associated with the process. In view thereof, Section 33 (2) of the Act in the present form is struck down with liberty to enact a suitable provision along the lines suggested above.
- Regarding Section 47 of the Act which provides for the cognizance of offence only on a complaint made by the authority or any officer or person authorised by it, it needs a suitable amendment to include the provision for filing of such a complaint by an individual/victim as well whose right is violated.
- Insofar as Section 57 in the present form is concerned, it is susceptible to misuse as it can be used for establishing the identity of an individual ‘for any purpose’. The Supreme Court read down this provision to mean that such a purpose has to be backed by law. Even if we presume that legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of individual biometric and demographic information by private entities. Thus, this part of the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impose upon the right to privacy of such individuals. This part of the section, thus, is declared unconstitutional.
The apex court in its judgement has listed out a host of services for which linking of Aadhaar is or is not mandatory.
Services where Aadhaar linking is mandatory:
- Government services and benefits: Government can insist on identity authentication by Aadhaar for grant of subsidies and benefits that are charged from the Consolidated Fund of India.
- PAN Linking: Section 139AA of Income Tax Act, 1961, is not violative of the right to privacy as it satisfies the triple test: (i) existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’. So, Aadhaar-PAN linkage is mandatory.
Aadhaar linking is not mandatory for the following services:
- CBSE, NEET, JEE, UGC: The majority ruled that CBSE, NEET, JEE, UGC, etc., cannot make Aadhaar compulsory for school admission, exam registration, etc., as such services are not within the scope of Section 7. Requirement of Aadhaar is not compulsory for school education as it is neither a service nor a subsidy.
- Benefits for children: No child shall be denied benefit of any of the welfare schemes for want of Aadhaar, and the benefit shall be given by verifying the identity on the basis of any other document(s). Benefits to children between 6 and 14 years under Sarv Shiksha Abhiyan, and similar schemes, shall not require mandatory Aadhaar enrolment.
- Bank account: The majority struck down Rule 9 of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, which insisted that bank accounts should be linked with Aadhaar. It was held that the provision did not meet the test of proportionality and, therefore, violated the right to privacy of a person which extended to banking details.
- Mobile linking: The circular dated 23 March 2017 issued by the Department of Telecommunications mandating linking of mobile number with Aadhaar was held to be illegal and unconstitutional. The court held that the circular was not backed by any law and quashed it.
What to expect/do in future
Banks: RBI should issue new KYC guidelines to banks to avoid use of Aadhaar numbers for KYC purposes to open new bank accounts or verify existing bank accounts.
Telecom: Department of Telecom should issue new guidelines regarding the existing requirement of Aadhaar as part of KYC verification of new or existing mobile numbers.
You: In case anyone asks you to share your Aadhaar number, you can refuse to do so. If anyone forces you to share the same, you can object and legally challenge it.