On Day 32 of the Aadhaar final hearing, senior counsel Rakesh Dwivedi resumed his submissions on behalf of the state of Gujarat and the UIDAI before the Supreme Court five-judge bench, reiterating that there is no reasonable expectation of privacy in respect of the demographic information and the facial photographs collected under the Aadhaar scheme.
He continued that in view of there being no aggregation of data at the end of the ‘requesting entities’, the same level of protection as accorded to the CIDR is not needed.
Justice DY Chandrachud pointed out that the aforesaid submission could not apply in respect of the ‘core biometric information’. Dwivedi advanced that over 100 countries issue biometric-based e-passports and several European countries have adopted the biometric regime of identification and that the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) have not expressed serious privacy concerns in regard to the same.
In context of the test of proportionality, he cited the 1952 constitution bench judgment of the apex court in State of Madras v. V. G. Row Union of India & State, wherein it was observed that in considering the reasonableness of laws imposing restrictions on fundamental rights, the nature of the right alleged to have been infringed, the underlying purpose of the restrictions imposed, the extent and urgency of the evil sought to be remedied thereby, the disproportion of the imposition, the prevailing conditions at the time should all enter into the judicial verdict.
Further, in evaluating such factors, the judgment envisaged that the judges remember that the Constitution is meant not only for people of their way of thinking but for all, and that the majority of the elected representatives of the people have, in authorizing the imposition of the restrictions, considered them to be reasonable.
Dwivedi on Tuesday also discussed several American judgments on the reasonableness of laws abridging constitutional rights:Ohio v. Akron Center (1990)
As enacted, Ohio's Amended Substitute House Bill 319 made it a crime for a physician or other person to perform an abortion on an unmarried, unemancipated, minor woman, unless, inter alia, the physician provides timely notice to one of the minor's parents or a juvenile court issues an order authorizing the minor to consent. To obtain a judicial bypass of the notice requirement, the minor must present clear and convincing proof that she has sufficient maturity and information to make the abortion decision herself, that one of her parents has engaged in a pattern of physical, emotional, or sexual abuse against her, or that notice is not in her best interests.The US Supreme Court held that the judicial bypass, the physician notification and the burden of proof requirements mandated by the bill did not violate a minor’s Fourteenth Amendment due process rights.
The US Supreme Court held that the disclosure of referendum petitions did not violate the First Amendment in view of a sufficiently relevant governmental interest.
He also relied on the UK case of Wood v. Commissioner of Police for the Metropolis (2009).
Thereupon, Dwivedi drew the attention of the bench to the 2008 judgment of the ECHR in S and Marper v. The United Kingdom, which was repeatedly cited by the petitioners, wherein the court had observed that “the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences fails to strike a fair balance between the competing public and private interests and that the State has overstepped any acceptable margin of appreciation in this regard...”
Advancing that the said case backs the submissions of the respondents, he stressed that the judgment obligates that the domestic law must provide only “appropriate safeguards” to prevent the misuse of personal data and not absolute protection. Further, in so far as the judgment operates in the context of identification of criminals and it holds that the intrinsically private character of the information, including DNA and fingerprints, calls for the court to exercise careful scrutiny of any state measure authorizing its retention and use by the authorities without the consent of the person concerned, he submitted that the said observation does not apply to Aadhaar project.
Similarly, he also distinguished the 2012 American case of United States v Jones relied on by the petitioners, where it was held unanimously that installing a Global Positioning System (GPS) tracking device on a vehicle and using the device to monitor the vehicle's movements constitutes a government’s physical intrusion onto the defendant's car for the purpose of obtaining information and therefore a “search”. It was reiterated that there is no concept of GPS under the Aadhaar scheme.
Further, in respect of the safeguards for data protection, Dwivedi cited the 2013 Supreme Court judgment in G. Sunderrajan v. UOI, in so far as it was held therein, “Apprehension, however, legitimate it may be, cannot override the justification of the (Kudankulam nuclear power plant) project. Nobody on this earth can predict what would happen in future and to a larger extent we have to leave it to the destiny”.
When he submitted that the data protection law shall be introduced in May, Justice Chandrachud pointed to the need for incorporating therein remedies for breaches.
Juxtaposing the EU General Data Protection Regulation (GDPR) with data protection under the Aadhaar scheme, Dwivedi said that the former seeks to reconcile free flow of data with the protection of data, while the latter does not envisage any transfer of data.
When Justice Chandrachud remarked that the EU GDPR restrains any processing of biometric information, the senior counsel indicated that the directive enables states to make exceptions by enacting laws for, inter alia, the pursuit of legitimate state interests coupled with adequate safeguards. Justice Chandrachud noted that even such laws must clear the proportionality test.
When Justice Chandrachud inquired about the need for the collection and storage of metadata, Dwivedi explained that the same is required to audit and monitor and ‘requesting entities’. In response to a clarification sought by Justice AK Sikri in this behalf, he asserted that the metadata relates only to the machine and not to the purpose of authentication. Justice Chandrachud also pointed to the Proviso to Regulation 26 of the Aadhaar (Authentication) Regulations of 2016 which bans storage for purpose of authentication.
The hearing shall resume on Wednesday.