It's a missed opportunity

The recent Aadhaar verdict has only rekindled the debate on the complex web of techno-legal and welfare issues involved in the world’s largest unique identification project. In this case, the Supreme Court was confronted with questions of deciding the constitutional validity of a specific design, its efficacy and the choice of a particular technology governing the Aadhaar project. The entire controversy revolved around issues related to technological governance of Aadhaar, its linkages to various social welfare schemes and safeguarding the personal data collected by the UIDAI.

Though the project was conceived and executed during the UPA-II regime without any statutory backing, to cover such deficiencies of the mammoth project, the Modi government resorted to the flawed method of passing the Aadhaar Bill via the Money Bill route to hastily secure its legitimacy. The lone dissenter on the Supreme Court bench, Justice DY Chandrachud, called it a “fraud on the Constitution”.

Surveillance State

We live in a complex world where the private players, regulators and stakeholders are constantly battling over privacy-related issues. The Supreme Court’s majority judgement call held the Aadhaar Act to be beneficial legislation but put a stop to all-pervasive mandatory requirement of Aadhaar linking for all kinds of purposes, limited such requirement only to government schemes and benefits and for filing income tax returns.

The judgement has only cursorily tread on the issue of privacy breach and the apprehensions that a surveillance state was sought to be built using Aadhaar. The court accepted the contentions of UIDAI regarding data safeguards at face value. The UIDAI’s contentions regarding the so-called “sufficiently secured” and “strongly regulated” regime escaped deeper scrutiny and examination in the majority judgement. This, despite reports pointing out that as many as 49,000 Aadhaar enrolment agencies have been blacklisted due to fraud and malpractices, which goes contrary to the tall claims made by the UIDAI over the so-called robust Aadhaar architecture.

But the dissenting voice of Justice Chandrachud has raised concerns over this false fait accompli and has held the Aadhaar project to be unconstitutional. He strongly doubted the methodologies adopted by the UIDAI with respect to biometric data and its linkage to the distinct database that has the potential to alter the power relationship between citizens and the State. He has rightly cautioned us over the risk of abuse of data and its blow to individual liberty and privacy.

The digital age has reinvigorated ancient models of human interaction on a global scale. India has more than 1.22 billion on the Aadhaar rolls and many of them don’t get to know about data breaches and don’t realise the value of their personal data.

There is no mention of the word “privacy” in the Constitution, but the seminal judgement in the Justice Puttaswamy case held the right to privacy to be a fundamental right. The value of privacy is dependent on a host of influences including our history, culture and social norms.

The majority judgement has toed the line of the government and thus underscored the apprehension of violation of the right to privacy. The majority judgement mildly and hesitatingly accepted some degree of State intrusion into the privacy of citizens and differed with the principle of proportionality of data-breach, which smacks of a flawed legal reasoning. The project is not immune to risks associated with the collection of sensitive information like biometric information and personal data, which are prone to exposure, linking to build profiles and thus misuse.

Sadly, the majority judgement creates an impression that common citizens do not require any privacy, hence intrusion is not a big deal. On the other hand, the minority views have rightly held that denial of social welfare measures (like subsidised ration under PDS scheme) for lack of Aadhaar was a clear violation of fundamental rights of citizens.

Unanswered questions

The Aadhaar judgement has left us with some important questions requiring answers: how much privacy can be given up? How transparent do we want to be? To what extent do we want our government to watch us? How much risk, in terms of internal and external security, are we willing to accept as the price of our right to privacy? How do we measure that risk, and how do we know that by giving up a certain level of privacy, we are safer?

In the welfare state regime, most beneficiaries of welfare schemes are not bothered about their privacy and their personal data, they are concerned mainly about receiving government benefits and services.

The apex court has frowned upon the use of Aadhaar by private companies since the biometric information is likely to be misused. The striking down of Section 57 of the Aadhaar Act, which provided access to Aadhaar authentication to private companies, is welcome. However, policymakers are grappling with the issue of data protection, as it happens in every evolving situation.

The Aadhaar project may be the “largest technology-driven project in the world” linking people to so many utility services, but the common citizens have been subjected to coercion in many ways to achieve those linkages. The social-politico-economic motivations behind the project, as lauded by the government, should have been passed through intense parliamentary scrutiny. The accountability aspect of the project is still under a cloud, especially in the aftermath of the Cambridge Analytica episode. It is imperative that the judiciary and the executive shift the focus from merely gathering data to protecting it. The judgement seeks massive changes in the Aadhaar Act and hopes that legislative efforts will be expedited to create a new legal regime for data protection.

(The writer is a Supreme Court advocate)