1.1. AAD HAAR CO NSTI TUTI ONA LLY V ALI D
Why in news?
On September 26, 2018, a Constitution Bench of the Supreme Court, led by Chief Justice of India by a 4:1 majority upheld the validity of Aadhaar but with certain caveats.
Background
• Aadhaar sought to mandatory requirement of demographic and biometric data of an individual which was argued to be against the fundamental right to privacy.
• Aadhaar Act, 2016 was passed as Money Bill to give statutory backup to the Aadhaar and UIDAI. Its passage as
Money Bill too was contested.
• Till now no exclusive Data Privacy Law exist in India giving rise to the concerns of State surveillance and misuse of personal data by the commercial entities.
Highlights of the Verdict
• Constitutionality of Aadhaar: Aadhaar scheme, which is backed by the Aadhaar Act, passes the triple test laid down in the Puttaswamy (Privacy) judgment to determine the reasonableness of the invasion of privacy (under Art 21) i.e.
o Existence of a law - backed by the statute i.e. the Aadhaar Act, 2016
o A legitimate state interest – ensuring social benefit schemes to reach the deserving and poor
o Test of proportionality - balances benefits of Aadhaar and the potential threat it carries to the
fundamental right to privacy.
• No fear of Surveillance state: Provisions of the Aadhaar Act “do not tend to create a surveillance state”.
o Aadhaar collects minimal biometric data in the form of iris and fingerprints, and the Unique Identification
Authority of India (UIDAI) — which oversees the Aadhaar enrolment exercise — does not collect purpose, location or details of the transaction.
o To ensure non tracking, the Court ordered that Authentication logs should be deleted after six months,
instead of the five years required under the existing Regulation 27(1) of the Authentication Regulations.
• Security of the biometric data: UIDAI has mandated only registered devices to conduct biometric-based authentication transactions.
o There is an encrypted, unidirectional relationship between the host application and the UIDAI. This rules out any possibility of the use of stored biometric, or the replay of biometrics captured from another source.
o Further, as per the regulations, authentication agencies are not allowed to store the biometrics captured for Aadhaar authentication.
• Linking of Aadhaar with Financial transactions: The 2017 amendment to Rule 9 of the Prevention of Money Laundering Act (Maintenance of Records) Rules, 2005 which made linking of bank accounts and all other financial instruments such as mutual funds, credit cards, insurance policies, etc. with Aadhaar mandatory, is declared unconstitutional. Because the amendment did not stand the proportionality test in the triple test, thus violating the right to privacy of a person which extends to banking details.
• Aadhaar Act as Money Bill: Section 7 being the main provision of the Act, the Supreme Court has upheld the validity of the Aadhaar Act being passed as a Money Bill. Section 7 of the Aadhaar Act, demands for Aadhaar based authentication to receive a subsidy, benefit or service
Aadhaar: where's it required
and where's it not
• Welfare schemes (PDS, LPG, MGNREGA etc.)
• I-T returns
• Linking to PAN card
• Banks accounts
• SIM cards
• Private companies
• School admissions
• NEET, UGC, CBSE
etc. It is very clearly declared in this provision that the expenditure incurred in respect of such a subsidy, benefit or service would be from the Consolidated Fund of India.
3 www.visionias.in ©Vision IAS
• On a similar issue, the court has upheld the validity of Section 59 that also validates all Aadhaar enrolment done prior to the enactment of the Aadhaar Act, 2016. The court has said that since enrolment was voluntary in nature, those who specifically refuse to give consent would be allowed to exit the Aadhaar scheme.
Impact of the Judgement
• Striking down of Regulation 27(1) and reducing storage period of authentication data from five years to six months will ensure personal data is not misused. Amending Regulation 26 and making metabase relating to a transaction impermissible will prevent fake profiling of an Aadhaar holder.
• Striking down of Section 47 means citizens can file a complaint
in case of data theft, which earlier could be done by the government (i.e. UIDAI) alone.
• That portion of Section 57 of the Aadhaar Act which enables body corporate and individual to seek authentication is held to be unconstitutional. This makes it clear that Aadhaar may only be used by the government, and not by private parties.
• The ruling clears the ambiguity over several aspects of Aadhaar and unleashes its potential for good governance and effective distribution of social welfare services.
• The constitution bench strikes down the National security exception (Section 33(2)) under the Aadhaar Act while giving citizens the opportunity of being heard before disclosure of information under section 33(1) of the Aadhaar Act. This will indirectly ensure greater privacy of individual’s Aadhaar data while restricting the government accessibility to it.
• Aadhaar’s role in education and admissions is also restricted now. It upheld the Fundamental Right to Education (Art 21A)
Section 33 of the Aadhaar Act refers to
disclosure of information in certain cases
• Section 33(1) allows disclosure of information, including identity and authentication records, if ordered by a court not inferior to that of District Judge.
• Section 33(2) allows identity and authentication data to be disclosed in the interest of national security on direction of an officer not below the rank of Joint Secretary to the Government of India.
Section 47 of the Aadhaar Act refers to cognizance of offences. Under this section, no court is allowed to take cognizance of any offence punishable under this Act, except on a complaint made by the authority of officer or person authorised by it.
of children (6-14 yrs. age) and observed that admission is neither a service nor subsidy.
• The court has struck a delicate balance between the social welfare imperative and the citizen’s fundamental
right to privacy.
Challenges that still remain
• For the Fintech companies, where fraud and impersonation is a high risk, Aadhaar was a substantial support.
It allows online authentication of customers leading to quick issuance of financial services and improves the
service aspect. Verdict makes it like removing an enabler instead of ensuring protection of privacy of data.
• Impact of mandating Aadhaar on the poor: Rather than enabling easier access, it may end up harming them by denying them their rights due to technical authentication problems.
• Privacy: We need a strong data protection law that prevents the government and private parties from non- consensually using Aadhaar—the Justice Srikrishna Committee recommendations provide a good starting point for that.
• The issue of the right to be forgotten, in case of Aadhaar data that have been collected, remains a grey area.
The judgment does not clearly state that entities such as banks and mobile companies will have to delete the
collected information.
• Aadhaar as a single identifier: If the Aadhaar number is ‘seeded’ into every database (train travel, air travel, bank account, mobile phone, employment history, health and so on.), it integrates these data silos. Aadhaar becomes the bridge across the hitherto disconnected data silos. People in government will be able to ‘profile’ the citizens, by pulling in information from various databases using that single identifier. Just the possibility of such profiling is likely to lead to self-censorship and, is likely to stifle dissent.
• Minority Judgment: Contrary to the majority judges, Justice Chandrachud rejected all the arguments and held Aadhaar Act as unconstitutional on the basis of invasion of privacy, all-pervasive state control, and exclusion. Moreover, he held that passing the Aadhaar Act as a money bill was a “fraud on the constitution.”
Why in news?
On September 26, 2018, a Constitution Bench of the Supreme Court, led by Chief Justice of India by a 4:1 majority upheld the validity of Aadhaar but with certain caveats.
Background
• Aadhaar sought to mandatory requirement of demographic and biometric data of an individual which was argued to be against the fundamental right to privacy.
• Aadhaar Act, 2016 was passed as Money Bill to give statutory backup to the Aadhaar and UIDAI. Its passage as
Money Bill too was contested.
• Till now no exclusive Data Privacy Law exist in India giving rise to the concerns of State surveillance and misuse of personal data by the commercial entities.
Highlights of the Verdict
• Constitutionality of Aadhaar: Aadhaar scheme, which is backed by the Aadhaar Act, passes the triple test laid down in the Puttaswamy (Privacy) judgment to determine the reasonableness of the invasion of privacy (under Art 21) i.e.
o Existence of a law - backed by the statute i.e. the Aadhaar Act, 2016
o A legitimate state interest – ensuring social benefit schemes to reach the deserving and poor
o Test of proportionality - balances benefits of Aadhaar and the potential threat it carries to the
fundamental right to privacy.
• No fear of Surveillance state: Provisions of the Aadhaar Act “do not tend to create a surveillance state”.
o Aadhaar collects minimal biometric data in the form of iris and fingerprints, and the Unique Identification
Authority of India (UIDAI) — which oversees the Aadhaar enrolment exercise — does not collect purpose, location or details of the transaction.
o To ensure non tracking, the Court ordered that Authentication logs should be deleted after six months,
instead of the five years required under the existing Regulation 27(1) of the Authentication Regulations.
• Security of the biometric data: UIDAI has mandated only registered devices to conduct biometric-based authentication transactions.
o There is an encrypted, unidirectional relationship between the host application and the UIDAI. This rules out any possibility of the use of stored biometric, or the replay of biometrics captured from another source.
o Further, as per the regulations, authentication agencies are not allowed to store the biometrics captured for Aadhaar authentication.
• Linking of Aadhaar with Financial transactions: The 2017 amendment to Rule 9 of the Prevention of Money Laundering Act (Maintenance of Records) Rules, 2005 which made linking of bank accounts and all other financial instruments such as mutual funds, credit cards, insurance policies, etc. with Aadhaar mandatory, is declared unconstitutional. Because the amendment did not stand the proportionality test in the triple test, thus violating the right to privacy of a person which extends to banking details.
• Aadhaar Act as Money Bill: Section 7 being the main provision of the Act, the Supreme Court has upheld the validity of the Aadhaar Act being passed as a Money Bill. Section 7 of the Aadhaar Act, demands for Aadhaar based authentication to receive a subsidy, benefit or service
Aadhaar: where's it required
and where's it not
• Welfare schemes (PDS, LPG, MGNREGA etc.)
• I-T returns
• Linking to PAN card
• Banks accounts
• SIM cards
• Private companies
• School admissions
• NEET, UGC, CBSE
etc. It is very clearly declared in this provision that the expenditure incurred in respect of such a subsidy, benefit or service would be from the Consolidated Fund of India.
3 www.visionias.in ©Vision IAS
• On a similar issue, the court has upheld the validity of Section 59 that also validates all Aadhaar enrolment done prior to the enactment of the Aadhaar Act, 2016. The court has said that since enrolment was voluntary in nature, those who specifically refuse to give consent would be allowed to exit the Aadhaar scheme.
Impact of the Judgement
• Striking down of Regulation 27(1) and reducing storage period of authentication data from five years to six months will ensure personal data is not misused. Amending Regulation 26 and making metabase relating to a transaction impermissible will prevent fake profiling of an Aadhaar holder.
• Striking down of Section 47 means citizens can file a complaint
in case of data theft, which earlier could be done by the government (i.e. UIDAI) alone.
• That portion of Section 57 of the Aadhaar Act which enables body corporate and individual to seek authentication is held to be unconstitutional. This makes it clear that Aadhaar may only be used by the government, and not by private parties.
• The ruling clears the ambiguity over several aspects of Aadhaar and unleashes its potential for good governance and effective distribution of social welfare services.
• The constitution bench strikes down the National security exception (Section 33(2)) under the Aadhaar Act while giving citizens the opportunity of being heard before disclosure of information under section 33(1) of the Aadhaar Act. This will indirectly ensure greater privacy of individual’s Aadhaar data while restricting the government accessibility to it.
• Aadhaar’s role in education and admissions is also restricted now. It upheld the Fundamental Right to Education (Art 21A)
Section 33 of the Aadhaar Act refers to
disclosure of information in certain cases
• Section 33(1) allows disclosure of information, including identity and authentication records, if ordered by a court not inferior to that of District Judge.
• Section 33(2) allows identity and authentication data to be disclosed in the interest of national security on direction of an officer not below the rank of Joint Secretary to the Government of India.
Section 47 of the Aadhaar Act refers to cognizance of offences. Under this section, no court is allowed to take cognizance of any offence punishable under this Act, except on a complaint made by the authority of officer or person authorised by it.
of children (6-14 yrs. age) and observed that admission is neither a service nor subsidy.
• The court has struck a delicate balance between the social welfare imperative and the citizen’s fundamental
right to privacy.
Challenges that still remain
• For the Fintech companies, where fraud and impersonation is a high risk, Aadhaar was a substantial support.
It allows online authentication of customers leading to quick issuance of financial services and improves the
service aspect. Verdict makes it like removing an enabler instead of ensuring protection of privacy of data.
• Impact of mandating Aadhaar on the poor: Rather than enabling easier access, it may end up harming them by denying them their rights due to technical authentication problems.
• Privacy: We need a strong data protection law that prevents the government and private parties from non- consensually using Aadhaar—the Justice Srikrishna Committee recommendations provide a good starting point for that.
• The issue of the right to be forgotten, in case of Aadhaar data that have been collected, remains a grey area.
The judgment does not clearly state that entities such as banks and mobile companies will have to delete the
collected information.
• Aadhaar as a single identifier: If the Aadhaar number is ‘seeded’ into every database (train travel, air travel, bank account, mobile phone, employment history, health and so on.), it integrates these data silos. Aadhaar becomes the bridge across the hitherto disconnected data silos. People in government will be able to ‘profile’ the citizens, by pulling in information from various databases using that single identifier. Just the possibility of such profiling is likely to lead to self-censorship and, is likely to stifle dissent.
• Minority Judgment: Contrary to the majority judges, Justice Chandrachud rejected all the arguments and held Aadhaar Act as unconstitutional on the basis of invasion of privacy, all-pervasive state control, and exclusion. Moreover, he held that passing the Aadhaar Act as a money bill was a “fraud on the constitution.”
No comments:
Post a Comment