| Headnote |
Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether the Aadhaar Actviolates right to privacy and is unconstitutional on this ground andwhether invasion into right to privacy meets the three fold test aslaid down in Puttaswamy case – Held: Enrolment in Aadhaarassumes the character of compulsory enrolment for those who wantto avail the benefits under s.7 – Likewise, authentication, asmentioned in s.8, also becomes imperative – The Parliament hasnow passed Aadhaar Act, 2016 – Therefore, law on the subject inthe form of a statute very much governs the field and, thus, firstrequirement laid down in Puttaswamy case i.e. requirement of lawstands satisfied – Aadhaar Act serves legitimate state aim and thusfulfills the second requirement also – In the Statement of Objectsand Reasons, it is inter alia mentioned that though number of socialbenefits schemes have been floated by the Government, the failureto establish identity of an individual has proved to be a majorhindrance for successful implementation of those programmes as itwas becoming difficult to ensure that subsidies, benefits and servicesreach the intended beneficiaries in the absence of a credible systemto authenticate identity of beneficiaries – The rationale behind s.7lies in ensuring targeted delivery of services, benefits and subsidieswhich are funded from the Consolidated Fund of India – In dischargeof its solemn Constitutional obligation to enliven the FundamentalRights of life and personal liberty (Art.21) to ensure Justice, Social,Political and Economic and to eliminate inequality (Art.14) with aview to ameliorate the lot of the poor and the Dalits, the CentralGovernment has launched several welfare schemes – These schemesinvolved 3% of the GDP and a huge amount of public money –Right to receive these benefits, from the point of view of those who deserve the same, has now attained the status of fundamental rightbased on the same concept of human dignity – The Constitutiondoes not exist for a few or minority of the people of India, but “Wethe people” – The goals set out in the Preamble of the Constitutionare predominantly or at least equally geared to “secure to all itscitizens”, especially, to the downtrodden, poor and exploited,justice, liberty, equality and “to promote” fraternity assuring dignity– Aadhaar Act meets the test of proportionality as the followingcomponents of proportionality stand satisfied – A measure restrictinga right must have a legitimate goal (legitimate goal stage) – It mustbe a suitable means of furthering this goal (suitability or rationaleconnection stage) – There must not be any less restrictive but equallyeffective alternative (necessity stage) – The measure must not havea disproportionate impact on the right holder (balancing stage).(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether Aadhaar Act strikes afair balance between the two fundamental rights, right to privacyon the one hand and right to food, shelter and employment on theother hand – Held: Axiomatically both the rights are founded onhuman dignity – At the same time, in the given context, two facetsare in conflict with each other – As the information collected at thetime of enrolment as well as authentication is minimal, balancing atthe first level is met – Insofar as second level, namely, balancing oftwo competing fundamental rights is concerned, namely, dignity inthe form of autonomy (informational privacy) and dignity in theform of assuring better living standards of the same individual,balancing at the second level is also met – Enrolment in Aadhaar ofthe unprivileged and marginalised section of the society, in order toavail the fruits of welfare schemes of the Government, actuallyamounts to empowering these persons – On the one hand, it givessuch individuals their unique identity and, on the other hand, italso enables such individuals to avail the fruits of welfare schemesof the Government which are floated as socio-economic welfaremeasures to uplift such classes – In that sense, the scheme ensuresdignity to such individuals – Jurisprudence. (Majority Opinion) Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Architecture and structure of theAct – The UIDAI is established as a statutory body which is giventhe task of developing the policy, procedure and system for issuingAadhaar numbers to individuals and also to perform authenticationthereof as per the provisions of the Act – For the purpose ofenrolment and assigning Aadhaar numbers, enrolling agencies arerecruited by the Authority, which may be a private body/person– Toenable a resident to get Aadhaar number, he is required to submitdemographic as well as biometric information i.e., apart from givinginformation relating to name, date of birth and address, biometricinformation in the form of photograph, fingerprint, iris scan is alsoto be provided – Aadhaar number given to a particular person istreated as unique number as it cannot be reassigned to any otherindividual – Insofar as subsidies, benefits or services to be givenby the government, the government can mandate that receipt ofthese subsidies, benefits and services would be given only onfurnishing proof of possession of Aadhaar number (or proof ofmaking an application for enrolment, where Aadhaar number isnot assigned) – Such individual would undergo authentication atthe time of receiving such benefits etc. – A particular institution/body from which the said subsidy, benefit or service is to be claimedby such an individual, the intended recipient would submit hisAadhaar number and is also required to give her biometricinformation to that agency – On receiving this information and forthe purpose of its authentication, the said agency, known asRequesting Entity (RE), would send the request to the Authority whichshall perform the job of authentication of Aadhaar number – Onconfirming the identity of a person, the individual is entitled to receivesubsidy, benefit or service – Aadhaar number is permitted to beused by the holder for other purposes as well. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether the Aadhaar Projectcreates or has tendency to create surveillance state and is, thus,unconstitutional on this ground – Held: The architecture of Aadhaaras well as the provisions of the Aadhaar Act do not tend to create asurveillance state – This is ensured by the manner in which theAadhaar project operates – Authentication is a process by which Aadhaar number along with demographic information or biometricinformation of an individual is submitted to the CIDR for itsveri fication – On submission thereof, the CIDR verif ies thecorrectness or lack of it – While seeking authentication, neither thelocation of the person whose identity is to be verified nor the purposefor which authentication of such identity is required, comes to theknowledge of the Authority. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Salient features of Aadhaar Scheme– Aadhaar authentication service – Whether there is risk of misuseof vital information pertaining to an individual – Held: During theenrolment process, minimal biometric data in the form of iris andfingerprints is collected – The Authority does not collect purpose,location or details of transaction – Thus, it is purpose blind – Theinformation collected remains in silos – Merging of silos is prohibited– The requesting agency is provided answer only in ‘Yes’ or ‘No’about the authentication of the person concerned – Theauthentication process is not exposed to the Internet world – Securitymeasures, as per the provisions of s.29(3) r/w s.38(g) as well asRegn 17(1)(d) of the Authentication Regulations, are strictly followedand adhered to – During authentication, no information about thenature of transaction etc. is obtained – The Authority has mandateduse of Registered Devices (RD) for all authentication requests –With these, biometric data is signed within the device/RD serviceusing the provider key to ensure it is indeed captured live – Thedevice provider RD service encrypts the PID block before returningto the host application – This RD service encapsulates the biometriccapture, signing and encryption of biometrics all within it –Therefore, introduction of RD in Aadhaar authentication system rulesout any possibility of use of stored biometric and replay of biometricscaptured from other source – Requesting entities are not legallyallowed to store biometrics captured for Aadhaar authenticationunder Regn 17(1)(a) of the Authentication Regulations – TheAuthority gets the AUA code, ASA code, unique device code,registered device code used for authentication – It does not get anyinformation related to the IP address or the GPS location from whereauthentication is performed as these parameters are not part ofauthentication (v2.0) and e-KYC (v2.1) API – The Authority would only know from which device the authentication has happened,through which AUA/ASA etc. – It does not receive any informationabout at what location the authentication device is deployed, its IPaddress and its operator and the purpose of authentication – Further,the authority or any entity under its control is statutorily barredfrom collecting, keeping or maintaining any information about thepurpose of authenticat ion under s.32(3) of the Aadhaar Act.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether enrolment in Aadhaaris voluntary or mandatory – Held: As per s.7 of the Aadhaar Act incase an individual wants to avail any subsidy, benefit or services,she is required to produce the Aadhaar number and, therefore, itvirtually becomes compulsory for such a person – Therefore, evenif enrolment in Aadhaar is voluntary, it assumes the character ofcompulsory enrolment for those who want to avail the benefits unders.7. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Invalidation of the Act on argumentbased on probabilistic system of Aadhaar, leading to ‘exclusion’ –Correctness of – Held: The Authority has claimed that biometricaccuracy is 99.76% – If the Aadhaar project is shelved, 99.76%beneficiaries are going to suffer – The entire aim behind launchingthis programme is the ‘inclusion’ of the deserving persons who needto get such benefits – When it is serving much larger purpose byreaching hundreds of millions of deserving persons, it cannot becrucified on the unproven plea of exclusion of some. (MajorityOpinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Scope of – Subsidies, servicesand benefits – Held: The Government cannot enlarge the scope ofsubsidies, services and benefits – ‘Benefits’ should be such whichare in the nature of welfare schemes for which resources are to bedrawn from the Consolidated Fund of India – A benefit which isearned by an individual (e.g. pension by a government employee)cannot be covered under s.7 of the Act, as it is the right of theindividual to receive such benefit – Notifications which are issued under s.7 of the Aadhaar Act pertain to various welfare schemesunder which benefits, subsidies or services are provided to theintending recipients – Moreover, in order to avail the benefits, onlyone time verification is required except for few services where annualverification is needed – The ‘benefits’ and ‘services’ as mentionedin s.7 should be those which have the colour of some kind ofsubsidies etc., namely, welfare schemes of the Government wherebyGovernment is doling out such benefits which are targeted at aparticular deprived class. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: ss.7 and 8 – Enrolment of children– Whether children can be brought within the sweep of ss.7 and 8of the Act – On attaining the age of majority, such children who areenrolled under Aadhaar with the consent of their parents, shall begiven the option to exit from the Aadhaar project if they so choosein case they do not intend to avail the benefits of the scheme –Insofar as the school admission of children is concerned,requirement of Aadhaar would not be compulsory as it is neither aservice nor subsidy – Further, having regard to the fact that a childbetween the age of 6 to 14 years has the fundamental right toeducation under Art.21A of the Constitution, school admissioncannot be treated as ‘benefit’ as well – Benefits to children between6 to 14 years under Sarv Shiksha Abhiyan, likewise, shall not requiremandatory Aadhaar enrolment – For availing the benefits of otherwelfare schemes which are covered by s.7 of the Aadhaar Act, thoughenrolment number can be insisted, it would be subject to the consentof the parents – No child shall be denied benefit of any of theseschemes if, for some reasons, she is not able to produce the Aadhaarnumber and the benefit shall be given by verifying the identity onthe basis of any other documents – Constitution of India – Art.21A.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(d) – Constitutionality of – Held:s.2(d) pertains to authentication records, such records would notinclude metadata as mentioned in Regn 26(c) of the Aadhaar(Authentication) Regulations, 2016 – Therefore, this provision inthe present form is struck down. (Majority Opinion) Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(b) – Definition of resident –Apprehension expressed by the petitioners was that it should notlead to giving Aadhaar card to illegal immigrants – Respondent aredirected to take suitable measures to ensure that illegal immigrantsare not able to take such benefits. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(l) – Enrolling agency – s.2(l)challenged on the ground that the work of an enrolment could nothave been given to a private entity as private entity cannot beentrusted with the crucial task of explaining the nature of Aadhaarenrolment and securing informed consent – Held: Having regard tothe nature of process that has been explained by the Authority, whichensures that immediately on enrolment, the concerned data collectedby the private entity is beyond its control; it gets encrypted; andstands transmitted to CIDR, there is no basis of the apprehensionexpressed by the petitioners. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.29 – Constitutionality of – Held:s.29 imposes a restriction on sharing information and is, therefore,valid as it protects the interests of Aadhaar number holders.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.33 – Constitutionality of – Held:s.33(1) of the Act prohibits disclosure of information, includingidentity information or authentication records, except when it is byan order of a court not inferior to that of a District Judge – Thisprovision is to be read down with the clarification that an individual,whose information is sought to be released, shall be afforded anopportunity of hearing – If such an order is passed, in thateventuality, he shall also have right to challenge such an orderpassed by approaching the higher court – During the hearing beforethe concerned court, the said individual can always object to thedisclosure of information on accepted grounds in law, includingArt.20(3) of the Constitution or the privacy rights etc. – Insofar ass.33(2) is concerned, it is held that disclosure of information in theinterest of national security cannot be faulted with – However, fordetermination of such an eventuality, an officer higher than the rank of a Joint Secretary should be given such a power – There hasto be a higher ranking officer along with, preferably, a JudicialOfficer – The provisions contained in s.33(2) of the Act to the extentit gives power to Joint Secretary is, therefore, struck down givingliberty to the respondents to suitably enact a provision on theselines, which would adequately protect the interest of individuals.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.47 – Constitutionality of – s.47provides that the cognizance would be taken only on a complaintmade by the Authority or any officer or person authorised by it –Petitioners feel aggrieved by this provision as it does not permit anindividual citizen whose rights are violated, to initiate the criminalprocess – Held: It would be in the fitness of things if s.47 is amendedby allowing individual/victim whose right is violated, to file acomplaint and initiate the proceedings.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.57 – Constitutionality of – s.57mentions that Aadhaar Act would not prevent use of Aadhaar numberfor other purposes under the law – Held: Insofar as s.57 in thepresent form is concerned, it is susceptible to misuse inasmuch as:It can be used for establishing the identity of an individual ‘for anypurpose’ – Therefore, the provision is read down to mean that sucha purpose has to be backed by law – Further, whenever any such“law” is made, it would be subject to judicial scrutiny – Suchpurpose is not limited pursuant to any law alone but can be donepursuant to ‘any contract to this effect’ as well – This is clearlyimpermissible as a contractual provision is not backed by a lawand, therefore, first requirement of proportionality test is not met –Apart from authorising the State, even ‘any body corporate or person’is authorised to avail authentication services which can be on thebasis of purported agreement between an individual and such bodycorporate or person – Even if it is presumed that legislature did notintend so, the impact of the said features would be to enablecommercial exploitation of an individual biometric and demographicinformation by the private entities – Thus, this part of the provisionwhich enables body corporate and individuals also to seekauthentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge uponthe right to privacy of such individuals – This part of the section,thus, is declared unconstitutional. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.59 – Constitutionality of – Whenthe Aadhaar scheme/project under the Act has been saved from thechallenge to its constitutionality, there is no reason to invalidate theenrolments which were made prior to the passing of this Act as itwould lead to unnecessary burden and exercise of enrolling thesepersons all over again – Instead the problem can be solved byeliciting ‘consent’ of all those persons who were enrolled prior tothe passing of the Act – Since, enrolment is voluntary in nature,those who specifically refuse to give the consent, they would beallowed to exit from Aadhaar scheme – After all, by getting Aadhaarcard, an individual so enrolled is getting a form of identity card – Itwould still be open to such an individual to make use of the saidAadhaar number or not – Those persons who need to avail anysubsidy, benefit or service would need Aadhaar in any case. Itwould not be proper to cancel their Aadhaar cards – If direction isgiven to invalidate all those enrolments which were made prior to2016 then such persons will have to undergo the rigours of gettingthemselves enrolled all over again – On the other hand, those whodo not get any benefit of the nature prescribed under s.7 of the Act,it would always be open for them not to make use of Aadhaar cardor to make use of this card in a limited sense, namely, showing it asa proof of their identity, without undergoing any authenticationprocess – Therefore, to a large extent, it does not harm this latercategory as well – The validity of s.59 is upheld – As a corollary,Aadhaar for the period from 2009 to 2016 also stands validated.(Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.7 – Whether the Aadhaar Actcould be passed as ‘Money Bill’ within the meaning of Art.110 ofthe Constitution – Held: The importance of Rajya Sabha (UpperHouse) in a bicameral system of the Parliament – The Rajya Sabhais an important institution signifying constitutional fedaralism – Toenact any statute, the Bill has to be passed by both the Houses,namely, Lok Sabha as well as Rajya Sabha – It is the constitutional mandate – The only exception to this Parliamentary norm is Art.110– Having regard to this overall scheme of bicameralism enshrinedin our Constitution, strict interpretation has to be accorded toArt.110 – Insofar as s.7 is concerned, it makes receipt of subsidy,benefit or service subject to establishing identity by the process ofauthentication under Aadhaar or furnish proof of Aadhaar etc. –The expenditure incurred in respect of such a subsidy, benefit orservice is from the Consolidated Fund of India – s.7 is the mainprovision of the Act – Introduction to the Act as well as Statement ofObjects and Reasons very categorically record that the main purposeof Aadhaar Act is to ensure that such subsidies, benefits and servicesreach those categories of persons, for whom they are actually meant– As all these three kinds of welfare measures are sought to beextended to the marginalised section of society, a collective readingthereof would show that the purpose is to expand the coverage ofall kinds of aid, support, grant, advantage, relief provisions, facility,utility or assistance which may be extended with the support of theConsolidated Fund of India with the objective of targeted delivery– Various schemes contemplated by these provisions, relate tovulnerable and weaker section of the society – That is the mainfunction behind the Aadhaar Act and for this purpose, enrolmentfor Aadhaar number is prescribed – Such an enrolment is ofvoluntary nature – However, it becomes compulsory for those whoseek to receive any subsidy, benefit or service under the welfarescheme of the Government expenditure whereof is to be met fromthe Consolidated Fund of India – It follows that authentication unders.7 would be required as a condition for receipt of a subsidy, benefitor service only when such a subsidy, benefit or service is takencare of by Consolidated Fund of India – Therefore, s.7 is the coreprovision of the Aadhaar Act and this provision satisfies theconditions of Art.110 of the Constitution – Constitution of India –Art.110. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: Data minimisation – Demographicinformation is readily provided by individuals globally for disclosingidentity while relating with others and while seeking benefits whetherprovided by government or by private entities, be it registration forcit izenship, elections, passports, marriage or enrolment in educational institutions – Email IDs and phone numbers are alsoavailable in public domain – s.2(k) specifically provides thatRegulations cannot include race, religion, caste, tribe, ethnicity,language, records of entitlement, income or medical history – Thus,sensitive information specifically stand excluded – s.32(3) of theAadhaar Act specifically prohibits the authority from collecting,storing or maintaining, either directly or indirectly any informationabout the purpose of authentication – The proviso to Regn 26 ofAuthentication Regulations is also to the same effect – Thus, theprinciple of data minimization is largely followed. (MajorityOpinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(k) – Requirement under theAadhaar Act to give one’s demographic information – Whetherviolative of fundamental right of privacy – Held: Regn.4 indicatesthat information which shall be collected from individual are hisname, date of birth, gender and residential address – The additionalinformation which can be collected at the option of the individualis mobile number and e-mail address – Thus, informationcontemplated under Regn 4 is nothing but information relating toidentity of the person – The identity of person from the time of takingbirth is an identity well known and generally every person describeshimself or herself to be son or daughter of such and such person –People who take admissions in schools/colleges/ university, whoseek employment and those who engage in various trade andcommerce are all required to provide demographic information –Therefore, there cannot be a reasonable expectation of privacy withregard to such information – Thus, demographic informationrequired to be given in the process of enrolment does not violateany right of privacy – Aadhaar (Enrolment and Update) Regulations,2016 – Regn 4. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(g) – Requirement under theAadhaar Act to give one’s biometric information – Whether violativeof fundamental right of privacy – Held: Biometric information meansphotographs, fingerprints, iris scan and other such biometricattributes of an individual as may be specified by the regulations Biometric information is of physical characteristics of a person – Aperson has full bodily autonomy and any intrusion in the bodilyautonomy of a person can be readily accepted as breach of hisprivacy – The biometric data as referred to in s.2(g) may containbiological attributes of an individual with regard to which a personcan very well claim a reasonable expectation of privacy but whetherprivacy rights have been breached or not needs to be examined inthe subject context under which the information was obtained. (PerAshok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(g) – Whether obtainingbiometric information in context of enrolment breaches the right ofprivacy of individual or not – Held: The provisions of Aadhaar Actare to be tested in light of three-fold test laid in Puttaswamy case –The First requirement to be fulfilled is existence of law – Admittedly,Aadhaar Act is a Parliamentary law, hence the existence of law issatisfied – The Aadhaar Act has been enacted with an object ofproviding Aadhaar number to individuals for identifying anindividual for delivery of benefits, subsidies and services – AadhaarAct, which was enacted to provide for unique identity for deliveryof subsidies, benefits or services was a dire necessity, which decisionwas arrived at after several reports and studies – Aadhaar Actwas, thus, enacted for a legitimate State aim and fulfills the criteriaof a law being fair and reasonable – While examining the thirdrequirement, that is, proportionality of the statute, it has to be keptin mind that the state is neither arbitrary nor of an excessive naturebeyond what is required in the interest of public – The object of theAadhaar Act was to provide for unique identity for purposes ofdelivery of benefi ts, subsidies and services to the eligiblebeneficiaries and to ward of misappropriation of benefits andsubsidies, ward of deprivation of eligible beneficiaries – Biometricinformation, thus, which is to be obtained for enrolment is notdisproportionate nor the provisions of Aadhaar Act requiringdemographic and biometric information can be said to be notpassing three-fold test as laid down in Puttaswamy case – Thus,requirement under Aadhaar Act to give one’s demographic andbiometric information does not violate fundamental right of privacyand, therefore, is not unconstitutional – Constitution of India Biometric information – Right to privacy. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether proportionality test asenvisaged in Puttaswamy case is not fulfilled in the instant casesince State did not adopt an alternative and more suitable and leastintrusive method of identification – Held: The biometric informationwhich are obtained for Aadhaar enrolment are photographs,fingerprints and iris scan, which are least intrusion in physicalautonomy of an individual – The physical process by which thefingerprints are taken does not require information beyond theobject and purpose – Therefore, it does not readily offend thoseprinciples of dignity and privacy, which are fundamental to eachlegislation of due process. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: ss.29, 30, 33 – Whether collectionof data of residents, its storage, retention and use violatesfundamental right of privacy – Held: The Act contains specificprovision providing that no core biometric information collectedunder the Act is shared to anyone for any reason whatsoever or usefor any purpose other than generation of Aadhaar number orauthentication under this Act – The statute creates injunction forrequesting entity to use identity information data for any purposeother than that specified to the individual at the time for submittingany identification – Statute also provides for offences and penaltiesfor impersonation at the time of enrolment and penalty for disclosingidentity information – An overview of the entire scheme of functionsunder the Aadhaar Act and Regulations made thereunder indicatethat after enrolment of resident, his informations including biometricinformation are retained in CIDR though in encrypted form – Themajor function of the authority under Aadhaar Act is authenticationof identity of Aadhaar number holder as and when requests aremade by requesting agency, retention of authentication data ofrequesting agencies are retained for limited period – Requestingentity as well as authority are required to retain authentication datafor a particular period and thereafter it will be archived for fiveyears and thereafter authentication data transaction shall be deletedexcept such data which is required by the Court in connection withany pending dispute – The data which is retained by the entity and authority for certain period is minimal information pertaining toidentity authentication only no other personal data is retained –Thus, provisions of Aadhaar Act and Regulations made thereunderfulfill three fold test as laid down in Puttaswamy case, hence, thestorage and retention of data does not violate fundamental right ofprivacy. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether s.7 is unconstitutional– Whether exclusion makes s.7 arbitrary and volative of Arts.14and 21 – Held: s.7 is an enabling provision which empowers theState Government to require that such individual undergoauthentication for receipt of a subsidy, benefit or service but neithers.7 nor orders issued by the Central Government and StateGovernment can be read that in the event authentication of a personor beneficiary fails, he is not to be provided the subsidies andbenefits or services – No doubt, there has been denial to few personsdue to failure of authentication – Functioning of scheme formulatedby the Government for delivery of benefi ts and subsidies todeserving persons is a large scale scheme running into every nookand corner of the country – When such scheme of Government isimplemented, it is not uncommon that there may be shortcomingsand some denial – There is no material on record to indicate thatthere is increase of failure to receive the benefits after theimplementation of the Act –Therefore, few cases of exclusion wouldnot make s.7 itself arbitrary and violative of Arts.14 and 21 –Constitution of India – Arts.14, 21. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.29 – Constitutionality of ,challenged on the ground that it permits sharing of identityinformation which amount to breach of Right of Privacy – Held:The provision of s.29 and the Sharing Regulations contain arestriction and cannot be in any manner be held to violate any ofthe constitutional rights of a person – Objective of the Act is to putrestrictions on sharing information, which also is a legitimate Stateaim – The provision under s.29 which permits sharing of identityinformation except core biometric information in accordance withthe Act and Regulations cannot be said to be disproportionate norunreasonable – The provisions of s.29 is constitutional and does not deserves to be struck down – Aadhaar (Sharing of Information)Regulations, 2016. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.33 – Constitutionality of –Whether s.33 is unconstitutional since it provides for the use of theAadhaar data base for Police verification which violates theprotection against self-incrimination as enshrined under Art.20(3)of the Constitution of India – Held: Sub-section (1) of s.33 containsan ample restriction in respect of any disclosure information whichcan be done only in pursuance of an order of the court not inferiorto that of a District Judge – The restriction in disclosure ofinformation is reasonable and has valid justification – s.33 subsection(2) contains two safeguards – Firstly, disclosure ofinformation is to be made in the interest of national security andsecondly, in pursuance of a direction of an officer not below therank of Joint Secretary to the Government, who is speciallyauthorised in this behalf by an order of the Central Government –National security, thus, is determined by a higher officer who isspecifically authorised in this behalf – The power given under s.33to disclose information cannot be said to be disproportionate – Thebasic information which are with the UIDAI are demographic andbiometric information – The use of information retained by the UIDAIgiven by the order of the Court under s.33 cannot be said to beviolating the protection as contained under Art.20(3) – Thus,Art.20(3) is not violated by disclosure of information under s.33 –In view of this, s.33 is constitutional – Constitution of India –Art.20(3). (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.47 – Constitutionality of,challenged on the ground that it does not allow an individual whois victim of violation of Aadhaar Act to initiate a criminal process –Held: Special Acts are enacted for serving special objects towardsoffences under the Act – The initiation and prosecution of offencesunder the Special Act are kept by the specified authority to keepthe initiation and prosecution in the hands of the authorities underthe Special Act which acts as deterrent and prosecutions are broughtto its logical end – Objective of such provisions is to discouragefrivolous and vexatious complaints – s.47 can be invoked by the authority on its own motion or when it receives a complaint from avictim – With regard to an offence which falls within the definitionof ‘offences’ a victim can always file complaint or lodge an F.I.R. –s.46 clearly provides that the penalties under the Aadhaar Act shallnot interfere with other punishments – The limitation as containedin s.47 in permitting taking cognizance of any offence punishableunder Aadhaar Act only on a complaint made by the authority orany officer or person authorised by it, has legislative purpose andobjective – Thus, there is no unconstitutionality in s.47 of theAadhaar Act. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.57 – Constitutionality of,challenged on the ground that broad and unlimited scope of activitiescovered under s.57 and kinds of private entities permitted to useAadhaar is entirely disproportionate beyond the means andobjectives of the Act and without any compelling state interests –Held: s.57 makes use of Aadhaar on two basis – Firstly, “pursuantto any law, for the time being in force” and secondly “any contractto this effect” – When the legislature uses the phrase “pursuant toany law, for the time being in force”, obviously the word law usedin s.57 is a law other than s.57 of Aadhaar Act and the Regulationsframed thereunder – When any law permits user of Aadhaar, itsvalidity is to be tested on the anvil of three-fold test as laid down inPuttaswamy case, but permitting use of Aadhaar on any contract tothis effect, is clearly in violation of Right of Privacy – A contractentered between two parties, even if one party is a State, cannot besaid to be a law – Thus, s.57 in so far as it permits use of Aadhaaron “any contract to this effect” is clearly unconstitutional and isstruck down. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.59 – Whether s.59 is void orunconstitutional – s.59 seeks to save and continue under the Actwhat was done under the executive scheme – Legislature often createslegal fiction to save several actions which had happened prior toenactment – Parliamentary legislative intent of s.59 is to save allactions taken by Central Government under the notification dtd.28.01.2009 and notification dtd. 12.09.2015 deeming the same tohave been validly done under the Aadhaar Act by creating a legal fiction – The intention to save all actions taken under these twonotifications and treat them to have done under that Act is thepurpose and object of s.59 – Legislature by legislative device cancover actions taken earlier while creating any legal fiction whichhas actually been done by s.59 – Interpretation of statutes – Legalfiction. (Per Ashok Bhushan, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Circular dated 23.03.2017 issuedby Ministry of Communications, Department of Telecommunications– Constitutionality of – Held: By circular dated 23.03.2017, alllicensees were directed to re-verify all existing mobile subscribers(prepaid and postpaid) through Aadhaar based e- KYC process –The circular directing the licensees to mandatorily verify existingsim subscribers in turn resulted in mobile telephone service licenseesdirecting the subscribers to get their sim seeded with Aadhaar –Compulsory seeding of Aadhaar with mobile numbers would be anintrusion in Privacy Right of a person – Any invasion on the PrivacyRight of a person has to be backed by law as per the three-fold testenumerated in Puttaswamy case – Existence of a law is the foremostcondition to be fulfilled for restricting any Privacy Right – The lawas explained in Art.13(3) has to be applied for finding out as towhat is law – Art.13(3)(a) gives an inclusive definition of law infollowing words:- (a) “law” includes any ordinance, order, byelaw,rule, regulation, notification, custom or usage having in theterritory of India the force of law – The circular at best is only anexecutive instruction and cannot be held to be a law and directionto re-verification of all existing mobile subscribers through Aadhaarbased e-KYC cannot be held to be backed by law, therefore, cannotbe upheld – Administrative law – Executive instruction – Circulardated 23.03.2017 issued by Ministry of Communications, Departmentof Telecommunications. (Per Ashok Bhushan, J.)Aadhaar (Enrolment and Update) Regulations, 2016: Regn 5– Whether collecting the identity information of children between 5to 18 years is unconstitutional – Held: Regn 5 provides forinformation required for enrolment of children below five years ofage – For children below five, no core biometric informations arecaptured and only biometric information of any one parent/guardianis captured – For enrolment of a children between 5 and 18 years, there has to be consent of their parents or guardian because theythemselves are unable to give any valid consent for enrolment –Thus, parental consent have to be read in Regn 4 in so far as childrenof 5 to 18 years are concerned so that the provision in reference tochildren between 5 to 18 years may not become unconstitutional –Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016 – s.5 – Interpretation of statutes.(Per Ashok Bhushan, J.)Aadhaar (Authentication) Regulations, 2016: Regn.27 – TimePeriod for Data Retention – Grievance of petitioners was that thedata is allowed to be retained for an unreasonable long period oftime – Held: Regn 27 of the Authentication Regulations requires theUIDAI to retain the “authentication transaction data” (whichincludes the meta data) for a period of 6 months and to archive thesame for a period of 5 years thereafter – Requesting entities (RE)and Authentication Service Agencies are then allowed to retainthe authentication logs for a period of 2 years and then archivethem for 5 years – It is required to be deleted only after 7 yearsunless retained by a court – There is is no reason for archiving theauthentication transaction data for a period of five years –Retention of this data for a period of six months is more thansufficient after which it needs to be deleted except when suchauthentication transaction data are required to be maintained by aCourt or in connection with any pending dispute – Retention ofdata beyond the period of six months is impermissible – Therefore,Regn.27 which provides archiving a data for a period of five yearsis struck down. (Majority Opinion)Aadhaar Scheme: Whether Circular dtd. March 23, 2017issued by the Department of Telecommunications mandating linkingof mobile number with Aadhaar is illegal and unconstitutional –Held: The circular is illegal and unconstitutional as it is not backedby any law – The same is, therefore, quashed. (Majority Opinion)Constitutionalism: Aadhaar Act meets the concept of LimitedGovernment, Good Governance and Constitutional Trust. (MajorityOpinion) Constitution of India: Art.14 and 21 – Whether right to food,shelter etc. envisaged under Art.21 shall take precedence on theright to privacy of the beneficiaries – Held: It cannot be acceptedthat while balancing the fundamental rights one right has to begiven preference – State while enlivening right to food, right toshelter etc. envisaged under Art.21 cannot encroach upon the rightof privacy of beneficiaries nor former can be given precedenceover the latter. (Per Ashok Bhushan, J.)Constitution of India: Reasonable expectation of privacy –Held: It is well settled that breach of privacy right can be claimedonly when claimant on the facts of the particular case andcircumstances have “reasonable expectation of privacy”.(Per Ashok Bhushan, J.)Constitution of India: Art.243G – Whether Aadhaar schemeand its authentication for benefits, subsidies and services militateagainst Art.243G and hence are ultra vires to the Constitution –Held: Art.243G is an enabling provision, which enable the StateLegislature, by law, to endow the Panchayats with such powers andauthorities as may be necessary to enable them to function asinstitutions of self-government – State is fully competent to makelaws to authorise the Panchayats to take over all the mattersenumerated in Eleventh Schedule – The Aadhaar Act is an Actenacted by Parliament, which is referable to Entry 97 of List I – TheAadhaar Act has been enacted to provide for efficient, transparent,and targeted delivery of subsidies, benefits and services, theexpenditure for which is incurred from the Consolidated Fund ofIndia, to individuals residing in India through assigning of uniqueidentity numbers to such individuals and for matters connectedtherewi th – The Act, thus, has been enacted to regulate theexpenditure, which is incurred from the Consolidated Fund of India– No conflict between the Aadhaar Act and any law, which may beenacted by State under List II is seen – Even if any conflict issupposed, the Doctrine of Pith and Substance has to be applied tofind out nature of two legislations – In Pith and Substance, theAadhaar Act cannot be said to be entrenching upon any law, whichmay be made by the State under Item No.5 of List II – Aadhaar Actis not ultra vires to Art.243G and Eleventh Schedule to the Constitution – Aadhaar (Targeted Delivery of Financial and otherSubsidies, benefits and services) Act, 2016 – Doctrines/Principles.(Per Ashok Bhushan, J.)Constitution of India: Art.110 – Whether Speaker’s decisioncertifying the Aadhaar Bill as Money Bill contravenes any of theConstitutional provisions – A condition for receipt of a subsidy,benefit or service for which the expenditure is incurred from, or thereceipt therefrom forms part of, the Consolidated Fund of India,has been provided by s.7 – The Preamble of the Act as well as objectsand reasons also indicate that the Act has been enacted to providefor, as a good governance, efficient, transparent, and targeteddelivery of subsidies, benefits and services, the expenditure for whichis incurred from the Consolidated Fund of India, to individualsresiding in India through assigning of unique identity numbers tosuch individuals and for matters connected therewith or incidentalthereto – Thus, the theme of the Act or main purpose and object ofthe Act is to bring in place efficient, transparent and targeteddeliveries of subsidies, benefits and services, which expenditure isout from the Consolidated Fund of India – Thus, the above provisionsof the Act is clearly covered by Art.110(1)(c) and (e) – Aadhaar(Targeted Delivery of Financial and other Subsidies, benefits andservices) Act, 2016. (Per Ashok Bhushan, J.)Constitution of India: Art.110 – Whether Aadhaar Act is aMoney Bill and decision of Speaker certifying it as Money Bill isnot subject to Judicial Review of Supreme Court – Held: AadhaarBill has rightly been certified as the Money Bill by the Speaker,which decision does not violate any constitutional provision, hencedoes not call for any interference in this proceeding – The decisionof Speaker certifying the Aadhaar Bill, 2016 as Money Bill is notimmuned from Judicial Review. (Per Ashok Bhushan, J.)Doctrines/Principles: Doctrine of Proportionality – State’saction – When challenged on the ground that it violates the right toprivacy – Held: The action of the State is to be tested on the followingparameters: (a) the action must be sanctioned by law; (b) theproposed action must be necessary in a democratic society for alegitimate aim; and (c) the extent of such interference must beproportionate to the need for such interference – Constitution ofIndia – Right to privacy. (Majority Opinion) Income Tax Act, 1961: s.139AA – Constitutionality of –Whether s.139AA is violative of right to privacy and is, therefore,unconstitutional – Held: In Puttaswamy, the court laid down thetriple test to be satisfied for judging the permissible limits forinvasion of privacy while testing the validity of any legislation –These are: (a) existence of a law; (b) A legitimate State interest; and(c) Such law should pass the “test of proportionality” – There is nodispute that the first requirement stood satisfied as s.139AA is astatutory provision and, there is a backing of law – Insofar asrequirement of ‘legitimate State interest’ is concerned, s.139AA isenacted to link PAN number with Aadhaar number which is issuedunder the Act for the purpose of eliminating duplicate PANs fromthe system with the help of robust technology solution – Therefore,those who have PAN number and have already provided theinformation required to get PAN number cannot claim to have anylegitimate expectation of withholding any data required for Aadhaarunder the ground of privacy – Also, there was justifiable reasonwith the State for collection and storage of data in the form ofAadhaar and linking it with PAN insofar as s.139AA of the 1961Act is concerned – The provisions of s.139AA meet the triple test ofright to privacy, contained in Puttaswamy. (Majority Opinion)Income Tax Act, 1961: s.139AA – Whether s.139-AA of theIT Act, 1961 is unconstitutional in view of the Privacy judgment inPuttaswamy case – Held: s.139-A provide for Permanent AccountNumber (PAN) and the provision also provided that statutorymandatory provisions as to when “every person” shall quote suchnumber (PAN number) for various purposes as enumerated in s.139A– Introduction of s.139-AA is an extension and implication of s.139A– The introduction of s.139-AA was for the purpose of eliminatingduplicate PANs from the system with the help of a robust technologysolution – s.139-AA seeks to remove bogus PAN cards by linkingwith Aadhaar, expose shell companies and thereby curb the menaceof black money, money laundering and tax evasion – Linking ofPAN with Aadhaar will at least ensure that duplicate and fake PANcards which are used for the purpose of tax evasion will be eliminatedand is one of the many fiscal measures to eliminate black moneyfrom the system – s.139-AA also cannot be said to be disproportionate– The section has been enacted to achieve the legitimate State aim s.139-AA is a law framed by Parliament, which require linking ofthe Aadhaar with PAN – s.139-AA is a required first step to weedout fake PANs for individuals; it is perfectly acceptable for thelegislature to weed out fake PANs for other tax-paying entities at alater stage – Inclusion of Aadhaar into PAN eliminates the inequalitybetween honest tax payers and non-compliant, dishonest ones whoget away without paying taxes – Inclusion of Aadhaar into PANbolsters equality and is consistent with Art.14 – In result, s.139-AAis fully compliant of three-fold test as laid down in Puttaswamy’scase – s.139-AA, thus does not breach fundamental Right of Privacyof an individual and cannot be struck down.(Per Ashok Bhushan, J.)Interim Orders: As per the petitioners, the CentralGovernment and the State Government have issued certainnotifications requiring Aadhaar authentication for benefits, subsidiesand schemes mandatory and, therefore, the respondents haveviolated the orders of this court – Held: The said interim orderswere passed by the court when the Aadhaar Act had not come intoforce – After the enactment, s.7 had altered the position statutorily– The notifications and circulars are issued under this provision –Therefore, it cannot be held that these circulars are issued incontravention of the orders passed by this court – Aadhaar (TargetedDelivery of Financial and other subsidies, benefits and services)Act, 2016. (Majority Opinion)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: The entire Aadhaar programme,since 2009, suffers from constitutional infirmities and violations offundamental rights – The enactment of the Aadhaar Act does notsave the Aadhaar project – The Aadhaar Act, the Rules andRegulations framed under it, and the framework prior to theenactment of the Act are held unconstitutional.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Aadhaar Act challenged onthe ground that it could not have been passed as a Money Bill –Held: To be certified a Money Bill, a Bill must contain “onlyprovisions” dealing with every or any one of the matters set out insub-clauses (a) to (g) of Art.110(1) – A Bill, which has both provisions which fall within sub-clauses (a) to (g) of Art.110(1) andprovisions which fall outside their scope, will not qualify to be aMoney Bill – Thus, when a Bill which has been passed as a MoneyBill has certain provisions which fall beyond the scope of sub-clauses(a) to (g) of Art.110(1), these provisions cannot be severed – TheAadhaar Act creates a statutory framework for obtaining a uniqueidentity number, which is capable of being used for “any” purpose,among which availing benefits, subsidies and services, for whichexpenses are incurred from the Consolidated Fund of India, is justone purpose provided under s.7 – Clause (e) of Art.110(1) requiresthat a Money Bill must deal with the declaring of any expenditureto be expenditure charged on the Consolidated Fund of India (orincreasing the amount of the expenditure) – s.7 fails to fulfil thisrequirement – s.7 does not declare the expenditure incurred to be acharge on the Consolidated Fund – It only provides that in the caseof such services, benefits or subsidies, Aadhaar can be mademandatory to avail them – Moreover, provisions other than s.7 ofthe Act deal with several aspects relating to the Aadhaar numbers:enrolment on the basis of demographic and biometric information,generation of Aadhaar numbers, obtaining the consent ofindividuals before collecting their individual information, creationof a statutory authority to implement and supervise the process,protection of information collected during the process, disclosureof information in certain circumstances, creation of offences andpenalties for disclosure or loss of information, and the use of theAadhaar number for “any purpose” – All these provisions of theAadhaar Act do not lie within the scope of sub-clauses (a) to (g) ofArt.110(1) – Thus, the Aadhaar Act is declared unconstitutional forfailing to meet the necessary requirements to have been certified asa Money Bill under Art.110(1) – Constitution of India – Art.110.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Legitimate State aim, insufficientto hold validity of law – Held: The architecture of the Aadhaar Actseeks to create a unique identity for residents on the basis of theirdemographic and biometric information – The Act sets up a processof identification by which the unique identity assigned to eachindividual is verified with the demographic and biometric information pertaining to that individual which is stored in acentralised repository of data – Identification of beneficiaries isintegral and essential to the fulfilment of social welfare schemesand programmes, which are a part of the State’s attempts to ensurethat its citizens have access to basic human facilities – Thecontention of the Union of India that there is a legitimate state aimin maintaining a system of identification to ensure that the welfarebenefits provided by the State reach the beneficiaries who areentitled, without diversion, is accepted – The decision in Puttaswamyrecognised that revenue constitutes a legitimate state aim in the threeprongedtest of proportionality – However, the existence of alegitimate aim is insufficient to uphold the validity of the law, whichmust also meet the other parameters of proportionality spelt out inPuttaswamy. (Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Collection of biometric data andits retention – The Aadhaar programme involves application ofbiometric technology, which uses an individual’s biometric data asthe basis of authentication or identification and is thereforeintimately connected to the individual – While citizens have privacyinterests in personal or private information collected about them,the unique nature of biometric data distinguishes it from otherpersonal data, compounding concerns regarding privacy protectionssafeguarding biometric information – Once a biometric system iscompromised, it is compromised forever – Therefore, it is imperativethat concerns about protecting privacy must be addressed whiledeveloping a biometric system – Adequate norms must be laid downfor each step from the collection to retention of biometric data – Atthe time of collection, individuals must be informed about thecollection procedure, the intended purpose of the collection, thereason why the particular data set is requested and who will haveaccess to their data – Additionally, the retention period must bejustified and individuals must be given the right to access, correctand delete their data at any point in time, a procedure familiar toan opt-out option.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: The Aadhaar Act and Regulationsare bereft of the procedure through which an individual can access information related to his or her authentication record – TheAadhaar Act clearly has no defined options that should be madeavailable to the Aadhaar number holders in case they do not wishto submit identity information during authentication, nor do theregulations specify the procedure to be followed in case the Aadhaarnumber holder does not provide consent for authentication – Toenable the government to initiate steps for ensuring conformity withthis judgment, it is directed under Art.142 that the existing datawhich has been collected shall not be destroyed for a period of oneyear – During this period, the data shall not be used for any purposewhatsoever – At the end of one year, if no fresh legislation has beenenacted by the Union government in conformity with the principleswhich have been enunciated in this judgment, the data shall bedestroyed – Constitut ion of India – Art.142.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: ss.2(g), (j), (k) and (t), 29(1) and(2) – Constitutionality of – Invasion in privacy of an individual –ss.29(1) and (2) of the Act create a distinction between two classesof information (core biometric information and identity information),which are integral to individual identity and require equal protection– s.29(4) suffers from overbreadth as it gives wide discretionarypower to UIDAI to publish, display or post core biometricinformation of an individual for purposes speci fied by theregulations – ss.2(g), (j), (k) and (t) suffer from overbreadth, asthese can lead to an invasive collection of biological attributes –These provisions give discretionary power to UIDAI to define thescope of biometric and demographic information and empower itto expand on the nature of information already collected at the timeof enrollment, to the extent of also collecting any “such otherbiological attributes” that i t may deem fit.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.28(5) – Violation of informationalprivacy – The proviso to s.28(5) of the Aadhaar Act, which disallowsan individual access to the biometric information that forms thecore of his or her unique ID, is violative of a fundamental principlethat ownership of an individual’s data must at all times vest with the individual – UIDAI is also provided wide powers in relation toremoving the biometric locking of residents – The analysis of themeasures taken by the Government of India prior to the enactmentof the Aadhaar Act as well as a detailed analysis of the provisionsunder the Aadhaar Act, 2016 and supporting Regulations madeunder it clearly show that the Aadhaar programme violates essentialnorms pertaining to informational privacy, self-determination anddata protection. (Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Dignity of an individual – Biometrictechnology which is the core of the Aadhaar programme isprobabilistic in nature, leading to authentication failures – TheAadhaar project has failed to account for and remedy the flaws inits framework and design which has led to serious instances ofexclusion of eligible beneficiaries as demonstrated by the officialfigures from Government records including the Economic Survey ofIndia 2016-17 and research studies – Dignity and the rights ofindividuals cannot be made to depend on algorithms or probabilities– Constitutional guarantees cannot be subject to the vicissitudes oftechnology – Denial of benefits arising out of any social securityscheme which promotes socio-economic rights of citizens is violativeof human dignity and impermissible under our constitutional scheme.(Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Test of necessi ty andproportionality – Violation of data minimisation principles – Underthe Aadhaar project, requesting entities can hold the identityinformation of individuals, for a temporary period – It was admittedby UIDAI that AUAs may store additional information according totheir requirement to secure their system – ASAs have also beenpermitted to store logs of authentication transactions for a specifictime period – It has been admitted by UIDAI that it gets the AUAcode, ASA code, unique device code and the registered device codeused for authentication, and that UIDAI would know from whichdevice the authentication took place and through which AUA/ASA– Under the Regulations, UIDAI further stores the authenticationtransaction data – This is in violation of widely recognized dataminimisation principles which mandate that data collectors and processors delete personal data records when the purpose for whichit has been collected is fulfilled – Moreover, using the meta-datarelated to the transaction, the location of the authentication caneasily be traced using the IP address, which impacts upon theprivacy of the individual. (Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Risk of potential surveillance –When Aadhaar is seeded into every database, it becomes a bridgeacross discreet data silos, which allows anyone with access to thisinformation to re-construct a profile of an individual’s life – This iscontrary to the right to privacy and poses severe threats due topotential surveillance – From the verification log, it is possible tolocate the places of transactions by an individual in the past fiveyears – It is also possible through the Aadhaar database to trackthe current location of an individual, even without the verificationlog – The architecture of Aadhaar poses a risk of potentialsurveillance activities through the Aadhaar database – Any leakagein the verification log poses an additional risk of an individual’sbiometric data being vulnerable to unauthorised exploitation bythird parties – The biometric database in the CIDR is accessible tothird-party vendors providing biometric search and de-duplicationalgorithms, since neither the Central Government nor UIDAI havethe source code for the de-duplication technology which is at theheart of the programme – The source code belongs to a foreigncorporation – UIDAI is merely a licensee – Prior to the enactmentof the Aadhaar Act, without the consent of individual citizens, UIDAIcontracted with L-1 Identity Solutions (the foreign entity whichprovided the source code for biometric storage) to provide to it anypersonal information related to any resident of India – This iscontrary to the basic requirement that an individual has the right toprotect herself by maintaining control over personal information –The protection of the data of 1.2 billion citizens is a question ofnational security and cannot be subjected to the mere terms andconditions of a normal contract. (Per Dr. D Y Chandrachud, J.)Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Enrolment by private parties –Before the enactment of the Aadhaar Act, MOUs between UIDI andRegistrars were not contracts within the purview of Art.299 of the Constitution, and therefore, do not cover the acts done by the privateentities engaged by the Registrars for enrolment – Since there is noprivity of contract between UIDAI and the Enrolling agencies, theactivities of the private parties engaged in the process of enrolmentbefore the enactment of the Aadhaar Act have no statutory or legalbacking – Constitution of India – Art.299.(Per Dr. D Y Chandrachud, J.) Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Aadhaar Act silent on the liabilityof UIDAI – Under the Aadhaar architecture, UIDAI is the soleauthority which carries out all administrative, adjudicatory,investigative, and monitoring functions of the project – While theAct confers these functions on UIDAI, it do |
