With the latest ruling of Supreme Court on Aadhaar, there is a clarity on the privacy and security factors. Read on to know the of privacy and data security aspects of Aadhaar…
The Supreme Court of India upheld the constitutional validity of its Aadhaar scheme by a 4-1 majority judgement. The Supreme Court also asked the Centre to bring a robust law for data protection as soon as possible.
Supreme Court’s Judgement on Aadhaar
On 26 September, 2018, the Supreme Court of India upheld the validity of the Aadhaar Act, terming it a beneficial legislation, but negated out provisions which had the potential for its misuse. The Supreme Court said that announced that private entities cannot demand that Aadhaar be linked with various accounts. Aadhaar will no longer be mandatory for opening bank accounts, buying mobile phone SIM cards and other private services.
However, the Supreme Court also ruled that Aadhaar would be voluntary for those who do not intend to receive any subsidy, benefit or services under welfare schemes, and should only be given to Indian nationals. However, those filing income tax returns must link their Aadhaar with their PAN (Permanent Account Number).
“The portion of Section 57 of Aadhaar Act which enables corporate bodies and individuals to seek authentication is held to be unconstitutional,” the majority verdict said, agreeing with the petitioners that such a provision could lead to sharing of protected data and privacy of citizens with private bodies.
The Supreme Court raised serious issues about Aadhaar having the potential to turn India into a surveillance state. The Supreme Court turned down the contention of the petitioners, that Aadhaar was a means to convert India into a surveillance state. “The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state. This is ensured by the manner in which the Aadhaar project operates,” Justice Sikri said and detailed Aadhaar’s embedded security and safety measures narrated by UIDAI CEO Ajay Bhushan Pandey.
It also did not find evidence to suggest, as argued by petitioners, that Aadhaar was meant to create 360 degree profiles of individuals. “We are of the view that it is very difficult to create profile of a person simply on the basis of biometric and demographic information. Insofar as authentication is concerned, the Centre and the UIDAI rightly pointed out that there are sufficient safeguard mechanisms,” the SC said.
However, the bench struck down Regulation 27(1) of Aadhaar which provided that authentication records were to be stored for five years. Drastically reducing this, the SC said storing Aadhaar authentication records for six months would serve the purpose.
Appropriate Data Protection Laws
The Supreme Court struck down Section 33(1) of Aadhaar which permitted a joint secretary level officer to permit release of biometric and demographic data of a person from UIDAI for the purpose of national security. The court said non-involvement of a judicial officer, preferably a high court judge, in adjudicating the need for such data release to investigating agencies and the absence of chance to the aggrieved person to challenge such a decision made the provision bad in law.
Striking down parts of Section 57 of the Aadhaar law, the court said, “We have impressed upon the government to bring out a robust data protection regime in the form of an enactment (legislation) on the basis of Justice B N Srikrishna Committee report with necessary modifications thereto as may be deemed appropriate.”