The recent Aadhaar verdict has once again rekindled the debate on the complex web of technology and welfare issues involved in world’s largest unique identification project.

In this case, the Court was confronted with the questions of deciding the constitutional validity of a specific design, its efficacy and the choice of a particular technology governing the Aadhaar project. The entire controversy revolved around the issues related to technological governance of Aadhaar, its linkages to various social welfare schemes and safeguarding the personal data collected by the UIDAI.

The project was conceived and executed during the UPA-II regime sans any statutory backing. To cover such deficiencies of the project of such a mammoth size, the Union Government used a flawed method of passing the Aadhaar Bill as a money bill and in a hurried manner in order to secure its legitimacy. The lone dissenter, Justice D Y Chandrachud has echoed his displeasure and termed it as a “fraud on the Constitution”.

State Surveillance via Aadhar

We live in a complex world where the privacy players, regulators, and stakeholders are debating privacy related issues and its erosional paths on a regular basis. The Supreme Court’s majority judgement calls the Aadhaar Act as a beneficial legislation and has put a full stop on the all-pervasive mandatory requirement of Aadhaar linking to all services except a few.

The judgment has very cursorily trod on the issue of privacy breach and the perceived apprehensions of making India into a surveillance state. The Court has just accepted the contentions of UIDAI regarding data safeguard to be the gospel truth. The UIDAI’s contentions regarding the socalled “sufficiently secured” and “strongly regulated” regime has escaped deeper scrutiny and examination in the judgement.

The worrisome fact is that as per media reports, as many as 49,000 Aadhaar enrolment agencies have been blacklisted due to fraud and malpractices which goes contrary to the tall claims of UIDAI and the so-called robust Aadhaar architecture. But the dissenting voice of Justice Chandrachud has raised concerns over the false fait accompli and has held the Aadhaar project to be unconstitutional.

He strongly doubted the methodologies adopted by the UIDAI with respect to biometric data and its linkage to the distinct data base which has the potential to alter the power structure between the citizens and the state. He has rightly cautioned the risk of abuse of data and its blow on individual liberty and privacy.

Violation of fundamental rights

The digital age has reinvigorated those ancient models of human interaction on a global scale. India has more than 1.22 billion on the Aadhaar rolls and many of them do not get to know about data breaches and don’t realise the value of their personal data. There is no mention of the word “privacy” in the Indian Constitution but the seminal judgment in the Justice Puttaswamy case (2017) has held the right to privacy to be a fundamental right.

The value of privacy is dependent on a host of influences including our history, culture, and social norms. The majority judgment has accepted the line of the Government and underscores the apprehension of violation of the right to privacy of an individual. The majority judgment has hesitatingly and mildly accepted some degree of state intrusion into the privacy of the citizens and differed with the principle of proportionality of data breach which smacks of a flawed legal reasoning.

The project is not immune to risks associated with the collection of sensitive information like biometric information which are prone to exposure of personal data and getting linked to the unlinkables. Sadly, the majority judgment creates an impression that common citizens do not require any privacy hence intrusion is not a big deal.

On the other hand, the minority view has rightly held that denial of social welfare measures (like subsidized ration under PDS scheme) without Aadhaar Card was violation of fundamental rights of citizens.

Unanswered questions

The Aadhaar judgment has thrown up some unique questions requiring some unique answers like; how much privacy can be given up? How transparent do we want to be? How much do we want our government to watch us? How much risk, in terms of internal and external security are we willing to accept as the price for our privacy? How do we measure that risk—and how do we know that by giving up a certain level of privacy we are safer? But many of such questions remain unanswered.

In the welfare state regime, most of the beneficiaries of welfare schemes are least bothered about their privacy and their personal data, they are concerned mainly about receiving government services and products. The apex Court has frowned upon the use of Aadhaar by private companies since the biometric information is likely to be misused.

The striking down of Section 57 of Aadhaar Act which provides access to private companies is a welcome move. However, the policy makers are grappling with the issue of data protection, as it happens with every evolving situation, but the situation is marked by “more talk less work” phenomenon.

Way forward

The Aadhaar project may have been acquired the distinction of being the largest technology driven project in the world linking to so many utility services. But the common citizens have been subjected to coercion in many ways as far as linkage to services is concerned. The social-politico-economic motivations behind the project as lauded by the Government should have passed through intense parliamentary scrutiny.

The accountability aspect of the project is still under a cloud, especially in the aftermath of the Cambridge Analytica episode. It is imperative that the judiciary and executive need to shift the focus from mere gathering of data to data protection and usage. The judgment strives for massive changes in Aadhaar Act and it is hoped that legislative efforts will be expedited in creating a new legal regime for data protection.

The writer is a Supreme Court Advocate. The views are personal.