Here's what the Aadhaar Verdict means for your data privacy

By Subhrojit Mallick | Published on 26 Sep 2018
  • The Supreme Court, in a landmark judgement, has upheld the constitutional validity of Aadhaar, but struck down major provisions that allowed private entities to ask for Aadhaar authentications.

Here's what the Aadhaar Verdict means for your data privacy

In a landmark verdict, the Supreme Court of India has ruled in favour of Aadhaar stating that the system of having a unique identification number is valid but cannot be made mandatory. The five-judge bench led by Chief Justice of India Dipak Mishra has upheld the constitutional validity of the Aadhaar scheme and even upheld most of the provisions of the Aadhaar act, barring a few. The verdict states that sufficient measures are taken to protect Aadhaar data and it is difficult to launch a mass surveillance program on the citizens on the basis of the unique identity number. However, the bench also asked more security measures including reducing the period of storage of data and to form a robust law for data protection as soon as possible.

The constitutional validity of Aadhaar was challenged by 31 petitioners on the grounds that it violated the privacy of citizens. The hearings for the case went on for 38 days and the final verdict defended the need for Aadhaar primarily on the fact that the programme ensured proper distribution of benefits of millions and plug the looting of government resources.

However, the petitioners had argued that Aadhaar was built on a single, mammoth database that links to an individual's face, fingerprints and iris scans — All of which are permanent. The government had made Aadhaar compulsory for bank accounts, telecom services, driving licenses and the likes, making the identity scheme an overarching proof of identity for almost all public and private services.

Aadhaar is constitutionally valid, but cannot be made mandatory

Now, in a 4-1 judgement, the Supreme Court struck down Section 57 of the Aadhaar act and ruled that private companies cannot make Aadhaar compulsory for providing services. This means private banks and telecom companies like Airtel and Reliance Jio cannot force users to link their phone numbers to Aadhaar. Even e-commerce and fintech platforms like Amazon and Paytm cannot enfornce Aadhaar-based authentication. This means that not linking the Aadhaar card to their phone numbers will no longer lead to services being stopped.

It's not clear whether the companies that accessed the Aadhaar data of users as part of the mandatory exercise previously will be required to delete the data. Although Justice Chandrachud stated that those who had collected Aadhaar data previously have to delete their databases, but it's not clear whether that is part of the judgement.

According to the UIDAI, Reliance Jio has performed the most number of fingerprint authentication with 62 million this month. Airtel comes second with 44 million while Vodafone and Idea follow close after. Among others, Paytm has conducted 98 million Aadhaar-based authentications.

The provision of storing transaction logs for five years has been struck down along with storage of metadata.

It’s still mandatory to link your PAN card to Aadhaar though and your Aadhaar number will be required when filing income tax returns.

The Supreme Court also struck down section 33(2) of the Aadhaar act which gave the government legal precedence to allow sharing of data with security agencies on the grounds of national security. A judicial warrant is now required to share data with security agencies.

Finally, the Supreme Court revoked Section 47 of the Aadhaar act that allowed only the government to complain and file for redressal in case of theft of Aadhaar data. Now, the individual too can file a complaint. This is especially important after it was demonstrated how easily Aadhaar data was being misused, with reported leak of the database and fraudulent Aadhaar cards.

Justice Chandrachud — Only voice of dissent

Only Justice Chandrachud dissented against the verdict saying that the Respondent’s (government of India and UIDAI) claims on security and safeguards have not been convincing enough and falls short of the standards required to protect privacy. He also agreed that potential surveillance is possible through Aadhaar. He said algorithms by foreign companies like Accenture are not approved by him and the rights of citizens and national security cannot be protected by a mere contract between the UIDAI and private organisations. Justice Chandrachud also said telecom providers must immediately delete and destroy the Aadhaar data they have collected, although it's not clear whether that's part of the verdict.

A long fought battle

The programme was envisioned by Infosys co-founder Nandan Nilekani during the UPA rule and was then adopted and given legal precedence by the current NDA government by passing the Aadhaar act as a money bill. Since then, the government had mandated time and again to compulsorily link Aadhaar to essential services. As a result, over one billion citizens signed up to the programme. Reports of exclusion, breaches in the mammoth database, and more reports on how Aadhaar numbers are being misused, resulted in a petition by 31 activists to strike down Aadhaar as constitutionally invalid. The verdict by the Supreme Court today takes all that into account and makes Aadhaar valid, but not mandatory.

Subhrojit Mallick

Eats smartphones for breakfast.

email Protection Status