SC Constitution Bench on Aadhaar – Final Hearing (Day IX)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found here.

The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.

Mr. Sibal commenced the proceedings by remarking on the exclusion Aadhaar could lead to, referring to old age pension schemes and biometric failure.

Justice Chandrachud stated that exclusion could be caused due to several factors, including infrastructural issues.

The respondents interjected, stating that government documents proved that there were no exclusions taking place due to the infrastructure of the programme. The discussion then went on to alternate identity documents under the Aadhaar Act. The respondents, referring to Section 4,7 and 31 of the Act, stated that alternative means of authentication could be used, which proved that the infrastructure was not problematic.

Mr. Sibal then stated that a mere reading of the statute would not be enough, and that there were serious issues at stake. He also stated that the respondents’ interpretation of the provisions mentioned above was incorrect.

Following from which, the possibility of alternative authentication under Section 4(3) and 7 was discussed. Justice Chandrachud stated that Section 7 could be interpreted in 3 ways – as pertaining to authentication, proof of application and proof of possession. The Bench agreed with the respondents, stating that alternative of presenting an Aadhaar card would be sufficient for authentication. Mr. Sibal stated that this interpretation would only hold if the word ‘or’ was included.

The Bench also stated that the issue here did not relate to interpretation, but was relevant for the purpose of exclusion.

Mr. Sibal then went on to discuss the UK Identity Cards Act of 2006. He discussed the conservative parties’ arguments against the bill and the regulatory impact assessment conducted, which claimed that the Act would reduce identity fraud and effectively deal with illegal migrants. He stated that these arguments were similar to the points raised by the Indian state.

The discussion then moved on to social security cards and Aadhaar. Mr. Sibal stated that biometric information in several other jurisdictions was stored on a card and not a central depository. He stated that with a centralised system, Aadhaar functioned as ‘identity+’.

He then went on to discuss Section 7 and 57 of the Aadhaar Act, stating that in the absence of the former, the state could still use the latter to link other services to Aadhaar.

He also remarked on the fact that under the Act, alternate forms of identity were acceptable for enrolment but not for authentication.

The petitioners went on to discuss constitutionalism in the context of national identity. Justice Chandrachud stated that the Constitution allowed for multiple identities, in the form of gender, religion, etc.

He questioned whether there was parity in the way the Constitution envisaged identity, and the way in which Aadhaar did. Mr. Sibal stated that under Article 21, the Constitution would give a citizen the choice to establish their identity in multiple ways, which the Aadhaar programme would abrogate by mandating one form of identity.

Mr. Sibal reiterated that Israel had an optional identification system, through which citizens could choose to identify themselves for services.

The hearing will continue on Tuesday (13/2).

 

Advertisements

SC Constitution Bench on Aadhaar – Final Hearing (Day VIII)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found here.

The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.

Mr. Sibal started off the proceedings by clarifying his interpretation of Section 8(3)(c) of the Aadhaar Act. He also read out the definition of authentication as under Section 2 (c) of the Act.

He stated that authentication pertains to either democratic or biometric information. Referring to the previous day’s proceedings, he stated that these were the only forms of information acceptable and that there were no alternatives available. He stated that the provision was wrongly drafted.

Justice Bhushan stated that if Mr. Sibal’s interpretation was accurate, there would no need for this provision.

Mr. Sibal agreed, stating that the Aadhaar Act would evidently only pertain to Aadhaar and not other forms of identification. He read out the definition of demographic information, stating that it was broadly worded. He reiterated that there were no true alternatives and that the only alternatives were under the 3 heads that have already been mentioned.

The Bench stated that the mention of ‘alternatives’ could be for the purpose of double-checking, Mr. Sibal agreed.

Justice Chandrachud stated that identity information under Section 2(n) is defined in an inclusive sense and that it is not exhaustive. Mr. Sibal disagreed, stating that this would not be relevant in the context of Section 8(3)(c).

Moving on, Mr. Sibal stated that there was no centralised database of this nature in other jurisdictions. He also stated that Israel had a similar system, however, furnishing identity to avail of benefits was not mandatory under this system.

He then went on to discuss the Authentication Regulations, specifically Regulation 4.  He then discussed the different forms of authentication, including multi-factor authentication. He referred back to Section 8(3)(c), stating that these were the only forms of authentication available and that there were no alternatives available.

Further, he discussed the storage of fingerprints on centralised depositories, stating that in other jurisdictions, the fingerprint would be stored on the identity card itself and not in a database. He stated that the UK system which was discarded functioned similarly.

He then discussed Section 57 of the Aadhaar Act, and offered an alternative interpretation.

He stated that no one could question the use of a citizens Aadhaar because it is their identity, neither the state nor any body corporate or person.

The Bench implied that in this context, Aadhaar could be used for other purposes.

Justice Chandrachud questioned this interpretation. He also stated that the government seems to imply that private parties could also use Aadhaar. He clarified that Section 57, as per Mr. Sibal, was an option not a compulsion.

Mr. Sibal reiterated that the possible misuse could result in its validity. He clarified that he was not referring to the misuse by the state but was focussing on the nature of the digital world.

The focus then shifted to metadata, Mr. Sibal read out excerpts on the difference between data and metadata. He mentioned what metadata entails and referred to instances of civil rights organizations detailing possible human rights abuses.

Mr. Sibal then stated that the issue was not misuse by the state, rather that a citizen was being made vulnerable. He stated that vulnerability was the violation of Aadhaar.

He then referred to a document by the RBI, detailing issues with UIDAI system.

Justice Chandrachud clarified that the document was a staff paper, not a policy document.

Further on the issue of the safety of biometric information, Justice Chandrachud stated that any such system would be vulnerable to attacks and leakages.

Mr. Sibal stated that in the digital realm, a loss of data would be permanent.

He concluded the proceedings for the day by referring to the degree of control the retaining agency obtains over biometric information and the relevant legal safeguards. He also referred to the exclusionary nature of Aadhaar.

 

SC Constitution Bench on Aadhaar – Final Hearing (Day VII)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found here.

The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.

Senior Counsel Shyam Divan started off the day’s hearing by referring to the Shanti Devi case and other instances of exclusion caused by the Aadhaar programme. He stated that apart from exclusion, these were also relevant from the perspective of dignity and Article 21.

Justice Chandrachud referred back to fingerprints being an unsustainable form of biometric identification, stating that citizens suffering from leprosy, for instance, would not be able to avail of benefits.

Mr. Divan stated that similarly, there were several other people for whom biometric identification would not be suitable. He also stated that it was an aspect of bodily integrity.

In addition, he stated that exclusion, death and dignity were also relevant aspects.

Referring to the biometric system, he stated that beyond a certain point cannot detect duplication. He stated that its best use would be for identification purposes.

Justice Chandrachud stated that notwithstanding the Aadhaar programme, misuse cannot not be stopped even with the PDS system.

Mr. Divan stated that a person’s body for whatever reason could not be used as a marker against them and that Section 7 of the Aadhaar Act contained a coercive element.

Referring to an affidavit, he read out reports of citizens who had been adversely affected by the programme or were not familiar with what it entailed.

One such citizen did not know of the Aadhaar matter being sub-judice at the time of enrolment, and stated that he would not have enrolled otherwise. He stated that he wanted all his data to be deleted from the UIDAI system.

Mr. Divan further stated that requesting entities were retaining biometrics. Referring to another affidavit he stated that it was effortless to pick up biometrics from the system. He further stated that leakages could happen at any time without the UIDAI gaining knowledge of the same. In addition, he stated that private entities were not contractually obligated and had no fiduciary relationship with the UIDAI either.

Justice Chandrachud enquired if, for the purpose of authentication, the instrument in use had to be state machinery. He also questioned if there was any assurance when giving over biometric information to a private entity, that it would not be stored.

Mr. Divan agreed, stating that there should be implicit assurance that biometric information will not be stored.

He then went on to discuss the various methods in which biometric data could be hacked.

He then discussed fingerprints as a form of biometric identification and referred to instances of artificial fingerprints of operators being used.

He stated that fingerprints were easy to clone, and that it has reportedly been done before. In addition, authentication is done on a probabilistic system, which makes the system more problematic. For instance, cloned fingerprints could be used to uphold a bogus Aadhaar card. There have been reports of false fingerprint moulds being used to clone fingerprints of genuine operators. There were certain patches that could be used to bypass iris scan requirements too.

Moving on, he referred to instances where biometric information was rejected because of duplication. He referred to the figure of 6.23 crores, stating that it was highly unlikely that these citizens were trying to defraud the government. He also stated that as the database increases, there is a higher chance of duplication. This is not uncommon for a probabilistic system. He also stated that this was indicative of exclusion.

Moving on, he referred to school children being affected because of faulty biometric attendance systems. He stated that Aadhaar was not registering several students and that there was no statutory sanction for it.

Mr. Divan went on to discuss Salmond on bodily integrity. He stated that this went to the core of Article 21 and the relationship between citizens and the state.

He then went on to read out the pleadings.

He stated that the state could not compel an individual to pass his or her biometrics. He stated that it should be mandatory to get free and informed consent before collecting biometric information. He also stated that the above instances impinged on Article 21.

He then referred to the issue regarding personal autonomy of the body, questioning if one had to seek control of biometrics presented before the UIDAI at every juncture. He stated that in a digital world personal autonomy should also extend to biometric information.

He stated that the Aadhar programme essentially criminalizes the citizenry at large.

He concluded his arguments by discussing surveillance and the dominion of the state, referring to the domination the Indian state would have if the Aadhaar programme was allowed to roll out unimpeded.

Senior Counsel Kapil Sibal commenced his arguments.

He started off by referring to the matter as one with far reaching implications, stating that if this Act was to be upheld, every child would be born with an Aadhaar number. He also stated that there were several implications on the polity of this number.

He also stated that information was a powerful tool and that there was no tool more powerful than information.

He also stated that Aadhaar was tantamount to a Right to Information Act for the state, by which individuals were being made transparent and accountable, rather than the state.

He questioned how a choice of this nature could be imposed on someone, stating that members of Scheduled Tribes or Scheduled Castes for instance, could be severely disadvantaged if a point of service was not functional.

Further, he stated that the Aadhaar programme was procedurally unreasonable and lacked safeguards.

He moved on to discuss entitlements, and their relation to a status of an individual. Referring to a widower’s pension, he stated that an entitlement should only be related to the status of an individual and not their identity. He stated that identity was just a mode of proof and had nothing to do with one’s status. He questioned if there could be a condition imposed on a citizen to deny them an entitlement on the ground that they don’t have an Aadhaar card.

Further, he stated that any conditional approach with affiliation was not ideal.

He also mentioned that biometrics was a western concept, and is suitable for countries with fewer religious identities.

He moved on to discuss the issue of savings, stating that there were far more pressing issues to consider. He further stated that:

1) The digital world is far more susceptible to manipulation than the physical world.

2) No legislation can or should allow an individual’s personal data to be put at risk in the absence of a technology assured and safe environment.

3) Such endeavours of assurance would be impossible to obtain in the digital space.

4) Core biometric and demographic info of an individual once part of the digital world is irretrievable.

5) The digital world is a vehicle to benefit the information economy

6) The move from an information economy to creating an architecture or an information polity has far reaching consequences.

Mr. Sibal then read out sections of the Aadhaar Act, referring to the relevant provisions.

He also referred to Section 7 and 8 of the Act, stating that the difference between the two was that biometric information was not taken in every instance under Section 8.

He stated the Aadhaar programme would enable the creation of a monolith, which would lead to a system of no choices or preferences.

Mr. Sibal then went on to discuss the infrastructure of the Central Identities Data Repository (CDIR), stating that it was controlled by a foreign entity. He stated that the software was created by a foreign entity as well.

The discussion then moved on to requesting entities, Justice Chandrachud posed a question to Mr. Sibal, asking him who he considers to be requesting entities. Mr. Sibal read out the relevant provisions from the Authentication Regulations.

Mr. Sibal and the Bench then discussed Section 8(3)(c) of the Aadhaar Act and whether the ‘alternatives to submission of identity information’ affected the mandatory nature of Aadhar. Section 3(c) was also discussed in this context.

Moving on, Mr. Sibal focussed on the intended use of the Aadhaar programme, questioning how an Aadhaar number could determine if someone was a terrorist or a money launderer. He also discussed metadata, while comparing it to data.

Mr. Sibal also questioned why Aadhaar was passed as a money bill.

Justice Chandrachud mentioned that money bills may pertain to the consolidated fund of India, which could explain its nexus with Aadhaar. Mr. Chidambaram stated that this would be taken up later.

Mr. Sibal then went on to discuss the ill-effects that the programme could have, and the power that one would have to give up to the state.

Justice Chandrachud stated that a possibility of misuse of power could be no ground for unconstitutionality.

Mr. Sibal responded, stating that it wasn’t a question and that misuse was a certainty in the field of information technology.

 

SC Constitution Bench on Aadhaar – Final Hearing (Day VI – Part II)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found on the following links – IIIIIIIV and V.

The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.

Mr. Divan went on to discuss extracts on constitutionalism and the rule of law. Referring to the landmark judgment of Keshavnanda Bharati vs. State of Kerala, he stated that the rule of law cannot be abrogated.

He discussed the concept of fundamental rights being inalienable natural rights, which wouldn’t just amount to ornamental rights.

He then went on to discuss the concept of limited government qua the citizenry as a whole.

Referring to the Preamble of the Constitution, he stated that it was enough to prove that one cannot store, track and keep away information and any such initiative would be out of line with the preamble.

Justice Chandrachud interjected stating that moving beyond privacy, financial exclusion as an issue should also be focussed on. Mr. Divan stated that the other counsel would address that issue.

He then handed over an affidavit, referring to the lack of internet access in most parts of the country and how that would be inconvenient for the Aadhaar programme.

Mr. Divan then went on to discuss the quality of the centralised, drawing attention to the fact that 49,000 enrollers have been blacklisted.

He then went on to read excerpts on constitutionalism from Justice Puttaswamy vs. Union of India and from Nandini Sundar vs. State of Chhattisgarh.

Further, he discussed the issue of constitutional governance, reading out a statement published by the President of India. The excerpt focussed on trust as a necessary component of constitutional governance.

Following from which, he stated that the state seemingly had no trust in the citizenry, and believed that unless biometric information was given over we would be a ‘nation of scoundrels’.

He stated that several aspects of the Aadhaar programme were less than ideal from a ‘rule of law’ perspective. First, there was no mention of biometrics in the administrative notification. Second, they did not assume any responsibility with regard to the biometric data collection process. Third, they foisted responsibility on to registrars who did not have any administrative power.

Mr. Divan then stated that the UIDAI had ignored the Parliamentary Standing Committee Report’s recommendations.

He also stated that by creating an aura of impending necessity, enrollers were incentivised to increase the number of enrolments. In addition, he referred to how the system enabled the profiling of citizens.

He reiterated the point that a series of orders have been passed by the Supreme Court, which would invalidate the mandating of Aadhaar and questioned whether these could be overridden.

He then went on to discuss the preamble of the Constitution and how a centralized database with sensitive information would not be supported, and how an electronic registry of this nature would be ultra vires Part III of the Constitution.

Further, he suggested that the Indian judiciary make efforts to be in line with the ECHRs judgments.

He stated that in a liberal democracy, an individual was entitled to fully develop his or her personality. Scholarships, pensions and statutory rations were all services that would enhance the development of a citizen’s identity. He further stated these services could not be made conditional or bartered away.

Further, on the point of democracy and constitutionalism, Mr. Divan stated that democracy depends on faith in the people and faith in people’s decision. The fact that a citizen could do something in their space without the state knowing is a part of constitutional values.

On the issue of good governance, he stated that people must be given the choice to identify themselves with regard to the private and the state.

Referring to an affidavit, he detailed the justifications for Aadhaar.

First, Aadhaar was believed to give millions of Indians an identity and second, it would also lead to savings, by plugging leakages and avoiding de-duplications.

He stated that these claims were not valid.

Mr. Divan stated that the Aadhaar system requires furnishing existing proof of address and proof of identity – in the form of either a voted ID card, NREGS or PDS, amongst others. In the absence of such proof, a 3rd party would have to introduce a citizen to the system.

Referring to statistics, he stated that roughly 2 lakhs (0.03%) enrolments were made through the introducer system. Following from which he stated that 0.03% of enrolments could not be a justification for rolling out a large identification system.

On the point of savings and welfare programmes, Mr. Divan referred to an affidavit, stating that the World Bank has claimed that Aadhaar has led to a savings of 11 billion dollars per annum. Following from which he mentioned that Paul Romer, the Chief Economist of the World Bank stepped down from his position stating that the data of the World Bank had no integrity.

He further stated that these specific World Bank references were proven incorrect, since the figure cited referred to the total transfer or total disbursal which amounted to Rs. 70,000 crores and did not refer to the total savings, as claimed.

Further, he cited statistics on savings under the MNREGA scheme, establishing that they were either inflated or incorrect.

Referring to an RTI response, Mr. Divan stated that there was no specific methodology utilised by the state to detect fraud.

The Chief Justice clarified whether Mr. Divan was stating that smaller public interest should give way to a larger public interest. Mr. Divan agreed, stating that the individual would become diminished otherwise, which should not be allowed for the sake of the larger public interest.

Lastly, he discussed to the LPG linking scheme and the savings accrued. He stated that the savings implied from Aadhaar linking were not accurate as there was a previous initiative to eliminate duplicates from the LPG scheme.

 

SC Constitution Bench on Aadhaar – Final Hearing (Day VI – Part I)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found on the following links – I, II, III, IV and V.

The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.

Mr. Divan continued discussing the example of the Kerala Dairy Farmers Welfare Fund, and clarified the issue of client IP’s and client IDs. A one-page note was submitted by Mr. Divan to clarify certain related concepts.

He revisited the discussion on tracking and the accuracy with which a citizen could be tracked by the UIDAI.

Justice Sikri stated that our phones could track our location regardless.

Mr. Divan responded, stating that there were certain apps that may have access to geographic location like maps or a weather app, however, it would not be the same as the state having such information.

Justice Chandrachud posed a hypothetical question, asking whether a PAN card could be used for authentication instead of Aadhaar. He stated that a citizen has several interfaces with the state which may include property tax, electricity bills, paying income tax online, receiving pension etc. He stated that all these services would create numerous interfaces with the state which could allow the tracking of their location.

He then went on to refer to the PAN card. He enquired if the situation would be any different if instead of Aadhaar, a PAN card was used for the same services. He also questioned if the issue was with centralisation of data, asking if that was what made it unconstitutional.

Further, he stated that in the absence of a problem with centralization, the only other relevant aspect was location tracking. He referred back to the point of citizens already being subject to location tracking and giving over their IP addresses and questioned why there would be a problem in the given instance.

Justice Chandrachud continued, stating that Uber tracks people who use their services, questioning why Aadhaar would be problematic then.

Mr. Divan then went on to detail the issues with this line of reasoning.

He stated that firstly, in the Aadhaar system, data was being centralised. Referring to the examples of electricity bills and income tax raised by Justice Chandrachud, he clarified that these were merely silos of information, as opposed to centralised information.

Justice Chandrachud stated that citizens were still being tracked, regardless of the storage.

Mr. Divan stated that as far as the individual facility was concerned, service providers may have a sense of a citizen’s location. Referring to the case of Digital Rights Ireland, he stated that the court ruled that maintaining log records of conversation was still prohibited.

He also stated that a particular service provider knowing a location was inherently different from the process of centralising data.

Mr. Divan then stated that the Bench had been trained to uphold the rights of the citizen, for which it was apt to consider the present situation 25 years in the future. He referred to the instance of school children being subject to Aadhaar authentication for scholarships. He also referred to an experimental use of Aadhaar, where movement of a citizen between cities could be tracked. Referring back to the example of service providers having geographic information as well, he stated that the state also had an obligation to ensure that service providers cannot profile individuals or have access to the kind of data that enables profiling.

Referring to the example of the PAN card being used for authentication, he stated that a system where identity could be established with a PAN card and where services could be received in return, would ensure complete satisfaction and would not have the adverse effects of surveillance.

He clarified that his implication of ‘surveillance’ was not in line with being ‘watched from behind a screen’. He stated that that was however, not the only form of surveillance foreseeable.

Justice Chandrachud then raised a question about insurance policies that had to be paid. He questioned if citizens were opening themselves up to surveillance in this instance.

Mr. Divan responded to the broader issue, questioning if the Indian constitution could allow for a surveillance state. He stated that checks and balances would not be of relevance, considering the degree of invasiveness at play.

Responding to the question on giving over geographic information to banks, he stated that a citizen still had the option to choose from different banks, since there would be different systems of information storage. He also stated that they could choose between a credit and debit card, clarifying that the former enables some form of information collection by the bank but with the latter, sensitive information would be protected completely. Compared to the over-arching power of the state, the power of private service providers and their relationship with citizens was wholly different.

 

SC Constitution Bench on Aadhaar – Final Hearing (Day V)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found on the following links – I, II, III and IV.

Following from the last hearing, Senior Counsel Shyam Divan continued with the discussion on surveillance.

He started off by discussing the ECHR case of Zakharov vs. Russia, which dealt with how intercepted data was stored and the alleged violation of Article 8 of the European Convention. This judgment was passed by a 17 judge bench. The issue in this case was that the provisions which allowed interception by the government were allegedly in contravention of Article 8 of the EC, which was upheld by the ECHR.

He then went on to discuss another decision of the ECHR – Digital Rights Ireland vs. Minister of Communications. In the context of this case, he discussed a EU directive (2006/24/EC) on data retention and the obligation of retaining data relating to public communications.

He also made references to how the process entails an interference with the fundamental rights of nearly the entire European Union

Mr. Divan then discussed UIDAI documents on State Resident Data Hubs, making references to ‘360-degree profiling of individuals’. Referring to documents on Odisha and Madhya Pradesh, he specified that interlinking made it possible to obtain a 360-degree profile. He also stated that the State Resident Data Hubs retain biometric data.

Justice Chandrachud interjected, stating that aggregation of data for the sake of social welfare benefits (referring to the MP and Odisha documents) should be permissible.

Mr. Divan rebutted, stating that aggregation could not be justified at all.

Justice Chandrachud stated that perhaps that could be true for aggregation in a broader sense and could also raise serious concerns, but aggregation for social welfare schemes should be permissible.

Referring to another SRDH document, he illustrated how it was possible to detect the geographical location of citizens. To this, the Bench interjected stating that the technology would only make it possible to know registered information and not actual movements.

Mr. Divan stated that there were foreseeable problems with the government knowing details about citizens’, including but not limited to their religion and their relationship to communities. He stated that in a democracy, the government cannot know everything about its citizens.

He also referred to Justice Chandrachud’s judgment in Puttaswamy vs. Union of India, stating that data aggregation was an infringement of privacy.

Mr. Divan then went on to discuss the example of the Kerala dairy farmers welfare fund board and their pension authentication records, illustrating that the timestamp was retained and details of the device ID were too, in addition to several other details.

Further on this point, Mr. Divan pointed out that it was possible to locate where a person was in real time (within 200-500 meters). He also mentioned that the UIDAI retained information on biometric mismatches as well.

Justice Chandrachud interjected stating that we were all part of a highly networked age anyway, implying that a certain amount of data aggregation/surveillance would have to be permissible.

The Bench stated that several other forms of electronic transactions could lead to surveillance, for instance using an ATM card could entail giving up personal information. According to the Bench however, that would not be considered to be surveillance.

To this Mr. Divan responded stating that the information given up during an ATM transaction would be known to the bank alone.

He then stated that the Aadhaar identity system was initially meant for select pension schemes, which was no longer the case. He stated that if this was system was allowed to function as is, 20 years down the line citizens would be subject to an ‘electronic leash’ and their actions throughout the day could be tracked easily.

Further, allowing this system to prevail would also allow for a certain totalitarian line of reasoning to prevail, where the state could question what the citizens had to hide from the state to begin with.

Justice Chandrachud responded with the example of the World Bank, stating that Aadhaar was praised for its ability to deliver citizen centric services. He also stated that this was one of the best aspects of Aadhaar.

Mr. Divan disagreed, stating that monetary justifications could not be used to praise the system.

Justice Chandrachud stated that the Delhi Development Board argument should be focussed on and the argument relating to Section 57 should be visited separately.

Mr. Divan stated that this was a system of complete surveillance and that a perfect system of surveillance could not be constitutionally permissible.

Justice Chandrachud then stated that it was important to ‘get down to the brass tacks’ and not get carried away with the rhetoric of surveillance.

Mr. Divan mentioned that the first and foremost consideration was whether this was a matter of surveillance or not and whether Aadhaar could be used as an instrument of mass surveillance.

In addition, in the context of authentication he mentioned that the technology in question was not developed, owned or maintained by the UIDAI.

He then went on to discuss concepts of limited government, constitutionalism and the rule of law.

Mr. Divan stated that limited government had various dimensions, one of its dimensions being fundamental rights.

He questioned if the state could mandate a specific form of identification on a citizen. This was a further aspect of limited government interference.

The final aspect he discussed was that of dignity, which was applicable to individuals and collectives.

Further on issues of good governance and the rule of law he stated that the Aadhaar programme had gone ahead on the basis of an administrative notification, which did not mention the use of biometric data. In addition to which, several private parties who were not under contract were trusted with sensitive information. Lastly, the Parliamentary Standing Committee report has also pointed out that the system in place is flawed. Mr. Divan stated that to carry on with the existing system despite the afore-mentioned gaps appears to be unconstitutional and against the rule of law.

The hearing will continue on Thursday (1/2).

Back to the Basics: Framing a New Data Protection Law for India

Over the past decade or so, the use of personal and big data has changed the way many businesses and governments operate. Regulators and legislative bodies have been struggling to keep up with the changes in technology, and increasing concerns about what it means for the privacy of individuals.

In India, we have worked with the Information Technology Act, 2000 (IT Act)[1], and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (Data Protection Rules) for a few years now[2]. These rules were arguably put together as a response to claims that Indian law did not meet European data protection standard, and for the purpose of ensuring that Indian companies do not lose cross border business (with the European Union)[3]. The rules are fraught with inconsistencies, right from the scope of the rules, to the manner in which they can be enforced[4].

Barring these rules, we have had minimal regulations on the use of personal data in certain sectors[5].

The Committee of Experts (Committee), constituted by Ministry of Electronics and Information Technology (MEITY), is currently working on recommendations regarding a new legal and regulatory framework for protection of personal data in India[6]. With all signs pointing only towards an increase in not only data driven businesses, but also data driven solutions to problems in many aspects of our life, it is imperative that we get it right this time.

The constant change and development in tech over the past few decades has shown us that it may be difficult to predict the way our technology and the internet will look in 10 years. It may be even more difficult to put in place the perfect legal system that addresses such technology. However, ensuring that the basic premise of the data protection law – what / who does it aim to protect, what the scope of the law is, and what principles the law is meant to uphold – is balanced and robust, will go a long way in ensuring that we have a strong, yet flexible legal framework[7].

In my paper titled ‘Back to the Basics: Framing a New Data Protection Law for India’, I take a preliminary look at each of these three concepts, while focusing largely on some of the principles that data protection laws have traditionally relied on, and how they can be revisited in today’s context.

The paper is available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3113536

 

 

[1] Information Technology Act, 2000, available at https://indiankanoon.org/doc/1965344/ (last visited on January 30, 2018)

[2] Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, available at http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf (last visited on January 30, 2018)

[3] Krishna Prasad, Smitha, (Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules (December 30, 2017). Available at SSRN: https://ssrn.com/abstract=3094792 (last visited on January 30, 2018)

[4] Krishna Prasad, Smitha, (Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules (December 30, 2017). Available at SSRN: https://ssrn.com/abstract=3094792 (last visited on January 30, 2018)

[5] International Comparative Legal Guide, Chapter on Data Protection in India, 2017, https://iclg.com/practice-areas/data-protection/data-protection-2017/india (last visited on January 30, 2018)

[6] http://meity.gov.in/writereaddata/files/meity_om_constitution_of_expert_committee_31072017.pdf (last visited on January 30, 2018)

[7] Krishna Prasad, Smitha, “Defining ‘personal info’ broadly key to protecting it”, January 21, 2018, available at:  http://m.deccanherald.com/?name=http://www.deccanherald.com/content/655012/defining-personal-info-broadly-key.html (last visited on January 30, 2018)