Aadhaar scheme has been one of the most ambitious projects of the Government of India. Initiated in 2009, the Aadhar scheme got statutory recognition through The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”). A unique identification number for every citizen in India envisaged by the Aadhar scheme has resulted in many privacy rights battles. The question of dignity, informational self-determination and consent forms the basis for the privacy rights claims surrounding the Aadhar scheme. On 26th September 2018, the five-judge bench upheld the validity of Aadhaar Act but has struck down many provisions leading to severe reduction in the functional character of law.
The right to privacy declared as a fundamental right by the Supreme Court of India in the Justice K.S. Puttaswamy case [K.S. Puttaswamy v. Union of India (2017) 10 SCC 1] forms a major victory for the privacy debate in India. The data protection and privacy rights based legislative framework is also witnessing major progress with the B N Srikrishna committee tabling the report as well as the draft data protection bill.
The evolving recognition of right to privacy warrants for a clear answer to the question: Whether the Aadhar scheme is in consistent within the framework of constitutional guarantee of right to privacy and right to life? In this regard, the 2016 legislation was subjected to judicial review by the five-judge bench.
Concerns regarding majority judgment
The majority judgment written by Justice A K Sikri, while declaring the Aadhaar Act to be constitutional, has struck down provisions such as section 33(2) [allowing for disclosure of information in case of national security exception] as well as section 57 [which allows the private entities to use Aadhaar for identification]. The majority judgment relied on the important judicial review principle of proportionality of government action in evaluating the Aadhaar Act. The three –factor test as provided in the right to privacy case, Puttuswamy v. Union of India (2017) was also relied in the majority judgment. Justice Chandrachud in the right to privacy case mentions about three-fold requirement for any reasonable assessment for discounting the privacy rights:
But a factor that requires pertinent attention was the heavy reliance of majority decision in the submission made by UIDAI before the Supreme Court. The question of possible state surveillance as well as possibility of data breach and exclusion of citizen from government services and schemes was mitigated on the basis of that fact that UIDAI has claimed the system to be largely foolproof. Threshold of right to privacy and constitutional principles of proportionality as well as dignity requirements were attenuated while upholding the constitutional validity of the Aadhaar Act as reasonable restriction.
On the concept of dignity, the majority decision states that “In Common Cause v. Union of India, the concept of human dignity has been explained in much detail. The concept of human dignity developed in the said judgment was general in nature, which is based on right to autonomy, and right of choice and it has become a constitutional value'. But in the majority decision the requirement of right of autonomy and right of choice is not protected by upholding the Aadhaar Act. The requirement of Aadhaar for availing government schemes and benefits as well as linking of Aadhaar to the PAN card allowed by the Supreme Court majority decision does not provide any convincing constitutional rationale. Even the minimal exclusion of beneficiaries of government schemes, due to lack of Aadhaar or authentication problem could lead to violation of dignity protection as required by the constitution.
Eventhough the majority has struck down the Section 33 (2) as well as the Section 57, the larger rationale of upholding the Aadhaar Act to be constitutional fails to meet the test of reasonable objective and reasonable means to impinge upon the right to privacy.
Clarity Regarding Striking Down of Section 57
Section 57 of Aadhar Act reads as follows:
Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or anybody, corporate or person, pursuant to any law, for the time being in force, or any contract to this effect.
This provision enabled the private entities including corporate organizations to use the Aadhaar as a means for authentication and identification. The pertinent use of Aadhaar based authentication for Know Your Customer (KYC) led to many financial companies, including banks, e-wallets to adopt it. But with the Section 57 of Aadhaar Act being struck down, can private entities still use the Aadhar is a question at large? The business community is interested to push for the use of Aadhaar on voluntary basis. Further, there is an interpretation that the business community is trying to carve out of the judgment that enactment of an enabling legislative framework would allow the private entities to continue using the Aadhar. But the striking down of Section 57 of the Aadhaar Act by the majority judgment clearly is unconditional and there is no room for private entities to use Aadhaar. The Aadhaar decision clearly rules out the possibility of private entities using the authentication mechanism.
The decision in Aadhaar case sends a clear message that the right to privacy is now an important factor that government should consider in the legislative and executive action. But the concerns regarding how the threshold of right to privacy and dignity was discounted by the majority decision still looms large.
Dr. Deva Prasad M (Faculty, Indian Institute of Management Kozhikode)
Suchithra Menon C (Assistant Professor National Law School of India University, Bangalore)