advertisement
(The following is the summation in the Aadhaar case hearing in the Supreme Court on Tuesday, 20 March.)
There are four broad arguments advanced by the petitioners:
1. The Aadhaar Project and the Aadhaar Act as a whole are unconstitutional (and even voluntary use may not be permitted):
a. Surveillance (Article 21, privacy): By creating a system of centralised data storage, and tracking of citizens’ transactions over the course of a lifetime, the Act creates an architecture of surveillance that violates the right to privacy under Article 21 (and in State Data Hubs, as demonstrated by Mr Shyam Divan, surveillance is actually taking place);
b. Illusory Consent (Article 21, privacy): The consent provisions under the Act and the Rules are illusory, because Aadhaar has expanded far beyond what it was initially conceptualised to be, and Section 57 of the Aadhaar Act authorises its continued expansion, while Section 2 allows for the State to bring in other personal information (such as DNA) at an unspecified future date;
c. Arbitrariness (Article 14): Biometrics are proven to be unreliable and probabilistic, and their unreliability increases as the size of the database increases. The use of biometrics as a primary form of identification is therefore arbitrary and violates Article 14.
2. Alternatively, voluntary use of Aadhaar may be permitted, provided there are added safeguards (such as not allowing extension under S. 57 and S. 2 without fresh consent, providing opt-out clauses, no data sharing or sale, and so on) but it cannot be made mandatory:
a. Compulsion and bodily integrity (Article 21): The State must show overwhelmingly strong justifications for infringing upon the citizens’ bodies. The State’s justification, across the board, is the prevention of identity fraud. This fails the proportionality standard, because on the grounds that some people are committing identity fraud, the State has forced every individual to get an Aadhaar without showing probable cause or reason to believe.
b. Choice (Article 21): In a democracy, every citizen ought to have a choice to (i) identify herself in a reasonable manner to the State, and (ii) to decide whether or not to participate in an entire system of information collection, storage, control, and use devised by the State (the Aadhaar Act and framework). Mandatory Aadhaar violates both these elements of choice, autonomy and self-determination under Article 21, and the State’s justifications fail the proportionality standard.
c. Exclusion under Section 7 of the Aadhaar Act (Article 21): Making an individual’s basic right to entitlements (such as rations), which form part of the right under Article 21, dependent upon biometric authentication, enables exclusion in a country like India. Petitioners have demonstrated evidence of exclusion; the State’s justification of saving welfare leakages has been demonstrated to be overstated, and the State’s provision of administrative fixes such as notifications that allow for other forms of ID to be displayed if biometric authentication fails, cannot cure the unconstitutionality in Section 7 itself.
3. In any event, if the broader argument is not accepted, the court must examine each specific domain in which Aadhaar has been effectively made mandatory, and subject it to a proportionality analysis. This includes making Aadhaar mandatory for subsidies and 139 government programs (S. 7 of the Aadhaar Act), for bank accounts (the PMLA Rules), for income tax (S. 139AA), for mobile phones etc. The court must conduct a rigorous proportionality analysis for each separate use, and keep in mind that if the Petitioners have discharged their initial onus, the burden shifts to the State.
4. Alternatively, the court may at least consider striking down or reading down specific sections of the Aadhaar Act and specific regulations that violate constitutional rights, and reading in other requirements. These include:
a. Section 57 of the Aadhaar Act, which authorises the expanded use of Aadhaar even by private parties, and through contracts;
b. S. 2, which provides an open-ended definition of personal information, allowing for future expanded use, such as that of DNA;
c. Section 59 of the Aadhaar Act, which validates all acts prior to the statute being passed;
d. S. 47, which allows only the UIDAI to file an FIR in case of a data breach, thereby creating back-door nationalisation and transfer of ownership of personal data from the citizen to the State;
e. Regulations that authorise the storage of metadata;
f. Regulations that allow the deactivation of Aadhaar without a judicial decision, a pre-decisional hearing, and for widely worded reasons such as “any other reason the Authority may consider appropriate”;
g. Regulations that allow for storage of data in the CIDR for long periods of time, by ordering periodic deletion;
h. The court may consider reading in a right to “opt-out”.
B. This case is not just about Aadhaar, but personal data jurisprudence as a whole:
a. Aadhaar is not simply an authentication and verification mechanism. It provides an entire architecture dealing with personal data – from the point of collection, through the point of storage, and to the point of use.
b. Personal data belongs to the individual citizen and not to the State. Personal data cannot be nationalised and held in quasi-ownership by the State. Data is not the new oil. It is not a national resource to be monetised or exploited. Citizens are not squatters on their own personal data.
C. When considering each of these arguments, the court must apply the proportionality framework, as developed in Puttaswamy. This test requires the court to consider:
1. That a law must exist.
2. That the law must serve a legitimate State aim.
3. That the law must be necessary – that is, it must be the least invasive way of achieving the State goal.
a. As a corollary, the State must show that it has considered less invasive alternatives that would achieve the same goal, and has found them to be wanting
4. That the law must be proportionate – that is, there must be a balance between the intensity of the right, the degree of invasion, and the importance of the goal
5. That there must exist adequate procedural safeguards.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)