On 26 September 2018, after marathon hearings over four months, a five judge constitution bench of the Supreme Court comprising of Hon’ble Chief Justice Deepak Mishra, Hon'ble Justice A K Sikri, Hon’ble Justice A M Khanwilkar, Hon’ble Justice D Y Chandrachud and Hon’ble Justice Ashok Bhushan upheld the Aadhaar scheme by a 4:1 majority. The majority judgment has been delivered by Justice A K Sikri (on behalf of Chief Justice Mishra, Justice Khanwilkar and himself). Justice Bhushan delivered a separate concurring judgment and Justice Chandrachud delivered the sole dissent. Despite upholding the constitutionality of the Aadhaar scheme, several provisions of the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 (Act) have been struck/read down to accommodate the apprehensions that had been raised by the Petitioners, particularly with respect to the threat to privacy and data protection.
The Aadhaar scheme was conceptualised in the year 2006 and launched in the year 2009 when the Central Government constituted the Unique Identification Authority of India (UIDAI) by way of an executive order for issuing unique identification numbers to Indian residents. From the year 2012, several petitions were filed before the Supreme Court and various high courts challenging inter alia the constitutional validity of the scheme. Even after the Aadhaar scheme received statutory backing with the passage of the Act in 2016, petitions were filed challenging the provisions of the Act, the Aadhaar (Authentication) Regulations, 2016 (Aadhaar Regulations), the Money Laundering (Amendment) Rules, 2017 (PMLA Rules) and all notifications issued under Section 7 of the Act which made Aadhaar mandatory for availing various benefits.
One of the major arguments against the Aadhaar scheme and the Act was that it violated the right to privacy. This question has been settled by a separate nine judge constitution bench of the Supreme Court in K S Puttaswamy and Another vs Union of India [2017 (10) SCC 1] (Puttaswamy) which unanimously held that the right to privacy was indeed a fundamental right guaranteed as a facet of personal liberty under Article 21 of the Constitution.
Apart from the substantive challenge based on the right to privacy, the passage of the Act as a money bill pursuant to Article 110 of the Constitution was also challenged, as this bypassed the requirement of a Rajya Sabha vote.
- No archival over 6 months: Regulation 27(1) of the Aadhaar Regulations which provided for archiving authentication records for a period of more than 5 years has been declared unconstitutional. The authentication records are not to be archived for a period of more than 6 months.
- Minimisation of storage of meta data relating to a transaction: Regulation 26 of the Aadhaar Regulations enabled the UIDAI to maintain and store a record of all authentications of the Aadhaar number of an individual. Maintenance of metadata in the present form, has been held to be impermissible and Regulation 26 will require suitable amendment.
- Opportunity of hearing where disclosure is pursuant to a court order: Section 33(1) of the Act which provides for disclosure of information in the event of a court order, has been read down with a clarification that an individual, whose information is sought to be released, shall be afforded an opportunity of hearing. If such an order is passed, she shall have right to challenge it before a higher court.
- Higher authority to decide whether disclosure in the interest of national security: Section 33(2) of the Act which provided for disclosure of Aadhaar information in the interest of national security has been struck down in its present form with liberty to enact a suitable provision. The bench has directed that determination of requirement for such disclosure should be by an officer ranking higher than a Joint Secretary and that in order to avoid any misuse, a high judicial functionary such as a sitting high court judge should be associated in the process.
- No access to private entities: Section 57 of the Act which enabled body corporate and individuals to use/seek Aadhaar numbers for establishing the identity of any individual has been held to be unconstitutional to such extent.
- Grant of power to individuals to make complaint: Section 47 of the Act which provided that no Court shall take cognizance of offence under the Act except on a complaint made by the UIDAI should be modified to provide for any individual to be able to make such complaint.
- Inapplicability to minors: The enrolment of minors under the Act can be done only with the consent of the parents and such minors would have an option to exit from the scheme if they so choose upon attaining majority. Insofar as the school admissions or benefits to children under schemes like Sarva Shiksha Abhiyan are concerned, the requirement of Aadhaar is not compulsory as it is neither a service nor subsidy.
- No mandatory linking of bank accounts: The mandatory linking of Aadhaar number with bank accounts fails the test of proportionality since the deactivation of the account upon the failure of such linkage would result in depriving a person of her property and would also violate the right to privacy of person with respect to the access to banking details.
- No mandatory linking with SIM cards: The mandatory linking of Aadhaar number to SIM cards is unconstitutional in view of the Circular dated 23 March 2017 lacking any authority of law and Section 57 being declared unconstitutional.
In a dissenting judgment, Justice D Y Chandrachud has declared the Act to be unconstitutional in its entirety as the Act did not meet the test of a money bill and substantive provisions violated fundamental rights including the right to privacy. His judgment analyses and lists the over-breadth of the Act and the Aadhaar Regulations. The judgment also illustrates the vast possibilities of authentication failures that can result in denial of benefits to deserving citizens, thus nullifying the main purpose of the Act. Interestingly, Justice Chandrachud’s judgment gives directions vis-à-vis the treatment of the data which has already been collected by private entities and calls upon the destruction of the same.
An important takeaway from the judgment is the bench’s observation that there is an imminent need for a robust data protection regime in the country. The bench has analysed the issues that were raised in the present petitions from the standpoint of the findings of the Report of the Committee of Experts under the Chairmanship of Justice B.N. Srikrishna and the Draft Personal Data Protection Bill 2018 and observed that the country is not far from a data protection regime which embeds informational and data privacy within our laws and legal system.
The striking down of Section 57 means that private companies can no longer mandate Aadhaar based eKYC as a means of identification or verification. This will have far reaching ramifications on the services sector, in particular, on fintech and telecom companies as eKYC was a quick and efficient means of customer acquisition without the requirement of physical submission of KYC documents. Many industry participants believe that reverting to the paper-based option will be costly and time consuming. Businesses that adapted early to Aadhaar based eKYC authentication now face a quandary regarding the Aadhaar based data already collected and stored and will have to await further directions and clarifications from the Government of India and other regulators.
- Ajay Bhargava (Partner), Harsh Walia (Associate Partner), Supratim Chakraborty (Associate Partner) and Abhisaar Bairagi (Principal Associate)
For any queries please contact: firstname.lastname@example.org