B.B.A. L.L.B (Hons.

Final Draft

Interpretation of Statutes

Research Project Topic: Adhaar Judgment (Privacy v. Personal Identity)

Submitted by:

Vanshika Gupta

SY BBA LLB (Hons)

Roll no. :A052

vdoshar@gmail.com

Submitted to:

Prof. Ishnoor

School of Law,

NMIMS (Deemed to be University)

INTRODUCTION

"One identity one nation" a policy initiated by our political leaders for linking other personal
information with adhaar had arose a lot of questions on the constitutionality of this policy. Even
the case which was going on in the honourable Supreme Court has passed its judgement with a
majority of 4:1 in favour of this policy but there are certain changes to be made in this scheme in
terms of data protection of the public. The five judge constitution bench made certain changes in
the provision of the adhaar act also. The bench in its major statement said that adhaar gives
dignity to the marginalised section, which outweighs the harm. Exceptionality was the
fundamental disparity between Aadhaar and other identity proofs, the bench said. They were of
the view that there are enough safeguards to protect data collected under Aadhaar policy."

On 24th August 2017, Supreme court gave a historic judgment in which Right to Privacy was
made a fundamental right. Now the question which came in front of the Supreme Court was that
whether linking of all the personal information (personal information include person's name,
phone number, address, email, photos, etc.) with adhaar infringing the right to privacy of
individuals or not and are the cyber laws of a developing country like India efficient enough to
protect the personal information of individuals which is linked with adhaar( launched in 2009).
JUSTICE K.S. PUTTASWAMY AND ANOTHER V. UNION OF INDIA AND OTHERS

Right to privacy is marked as a fundamental right under article 21 of the Indian Constitution.
Recently, our Prime Minister Narendra Modi spoke about the idea of 'One identity one nation'
which was the idea initiated by the congress party, i.e., all the information of an individual
should be linked with adhaar. Even a case was also going on in the Supreme Court currently, that
all sensitive personal information or data be attached with the adhaar or not and the verdict is out
now with the majority of 4:1. Developing country like India has proper data privacy laws or not.
Suppose a person's bank information is attached with adhaar and any person who has access to
his adhaar info. get to know about his bank details as well and may misuse it for his personal
benefits so this is a major issue in linking all the info. with adhaar and to see that the cyber laws
are strong enough to prevent such situations or not. We have to see that the idea of 'One identity
one nation' not infringing the right to privacy of an individual. Discussing about the data
protection laws of the country, they are strong enough to protect the data recorded under the
adhaar scheme as said by the law and IT minister of our country, Ravi Shankar Prasad.

Even after judging the matter in the context of permissible limits for invasion of privacy,
namely: (i) the existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should
pass the ‘test of proportionality’, the judges supporting the majority judgment came to the
conclusion that all these tests are satisfied. Apprehension of the petitioners was that this
provision entitles Government to share the information ‘for the purposes of as ma y be
specified by regulations’. In the majority judgment it was said that Section 33(1) 1 of the Act
prohibits disclosure of information, including identity information or authentication records,
except when it is by an order of a court not inferior to that of a District Jud ge. We have held
that this provision is to be read down with the clarification that an individual, whose
information is sought to be released, shall be afforded an opportunity of hearing. If such, an
order is passed, in that eventuality, he shall also have right to challenge such an order
passed by approaching the higher court. During the hearing before the concerned court, the

1
Section 33. (1) Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of
section 29 shall apply in respect of any disclosure of information, including identity information or
authentication records, made pursuant to an order of a court not inferior to that of a District Judge:
Provided that no order by the court under this sub-section shall be made without giving an opportunity of
hearing to the Authority.
said individual can always object to the disclosure of information on accepted grounds in
law, including Article 20(3) of the Constitution or the privacy rights etc.

Insofar as Section 47 of the Act 2 which provides for the cognizance of offence only on a
complaint made by the Authority or any officer or person authorised by it is concerned, it
needs a suitable amendment to include the provision for filing of such a complaint by an
individual/victim as well whose right is violated. Section 2(d) which pertains to
authentication records, such records would not include metadata as mentioned in Regulation
26(c) of the Aadhaar (Authentication) Regulations, 2016. Therefore, this provision in the
present form is struck down. Liberty, however, is given to reframe the regulation, keeping in
view the parameters stated by the Court. Retention of data beyond the period of six months
is impermissible. Therefore, Regulation 27 of Aadhaar (Authentication) Regulations, 2016
which provides archiving a data for a period of five years is struck down ensuring to
maintain the trust of the citizens of the country. On that basis, CBSE, NEET, JEE, UGC etc.
cannot make the requirement of Aadhaar mandatory as they are outside the purview of
Section 7 and are not backed by any law.

It was held that the provision in the present form does not meet the test of proportionality
and, therefore, violates the right to privacy of a person which extends to banking details.
This amounts to depriving a person of his property. It was found that this move of
mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality.
Circular dated March 23, 2017 mandating linking of mobile number with Aadhaar was held
to be illegal and unconstitutional as it was not backed by any law and was thereby quashed
keeping in mind the maintainability of privacy of the citizens. In case of adhaar card no
duplicity will be possible as the biometric information of the individuals is attached to it. In
the privacy judgment this Court preferred to adopt a ‘just, fair and reasonableness’ standard
in consonance with the judicial approach adopted by this Court while construing ‘reasonable
restrictions’ that the State can impose in public interest, as provided in Article 19 of the
Constitution. After detailed discussion, it is held that all matters pertaining to an individual

2
47. (1) No court shall take cognizance of any offence punishable under this Act, save on a complaint
made by the Authority or any officer or person authorised by it. (2) No court inferior to that of a Chief
Metropolitan Magistrate or a Chief Judicial Magistrate shall try any offence punishable under this Act.
do not qualify as being an inherent part of right to privacy. Only those matters over which
there would be a reasonable expectation of privacy are protected by Article 21.

The Aadhaar (Sharing of Information) Regulations, 2016, as of now, do not contain any
such provision. If a provision is made in the regulations which impinges upon the privacy
rights of the Aadhaar card holders that can always be challenged.

There was also a dissenting opinion of Chandrachud J. in the mentioned judgment. He said
that the Aadhaar Act, 2016 is declared unconstitutional for failing to meet the necessary
requirements to have been certified as a Money Bill under Article 110(1) 3.

Adequate norms must be laid down for each step from the collection to retention of
biometric data based on informed consent, along with specifying the time period for
retention. Individuals must be given the right to access, correct and delete data. An opt -out
option should be necessarily provided. The Aadhaar Act is bereft of these provisions.

3
110. Definition of Money Bill

(1) For the purposes of this Chapter, a Bill shall be deemed to be a Money Bill if it contains only
provisions dealing with all or any of the following matters, namely

(a) the imposition, abolition, remission, alteration or regulation of any tax;

(b) the regulation of the borrowing of money or the giving of any guarantee by the Government of India,
or the amendment of the law with respect to any financial obligations undertaken or to be undertaken by
the Government of India;

(c) the custody of the consolidated Fund or the Contingency Fund of India, the payment of moneys into or
the withdrawal of moneys from any such Fund;

(d) the appropriation of moneys out of the consolidated Fund of India;

(e) the declaring of any expenditure to be expenditure charged on the Consolidated Fund of India or the
increasing of the amount of any such expenditure;

(f) the receipt of money on account of the Consolidated Fund of India or the public account of India or the
custody or issue of such money or the audit of the accounts of the Union or of a State; or

(g) any matter incidental to any of the matters specified in sub clause (a) to (f)
Section 29(4)4 is over-broad as it gives wide discretionary power to UIDAI to publish,
display or post core biometric information of an individual for purposes speci fied by the
regulations.

The proviso to Section 28(5) of the Aadhaar Act 5, which disallows an individual access to
the biometric information that forms the core of his or her unique ID, is violative of a
fundamental principle that ownership of an individual’s data must at all times vest with the
individual. In the dissenting opinion it was clearly said that this judgment concludes that the
Aadhaar programme violates essential norms pertaining to informational privacy, self-
determination and data protection and the measures adopted by the respondent fails to
satisfy the test of proportionality and reasonability. The architecture of Aadhaar enables
surveillance activities through the Aadhaar database. Any leakage in the verification log
poses an additional risk of an individual’s biometric data being vulnerable to unauthorized

4
Section 29: (1) No core biometric information, collected or created under this Act, shall be--

(a) shared with anyone for any reason whatsoever; or

(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

(2) The identity information, other than core biometric information, collected or created under this Act
may be shared only in accordance with the provisions of this Act and in such manner as may be specified
by regulations.

(3) No identity information available with a requesting entity shall be--

(a) used for any purpose, other than that specified to the individual at the time of submitting any identity
information for authentication; or

(b) disclosed further, except with the prior consent of the individual to whom such information relates.

(4) No Aadhaar number or core biometric information collected or created under this Act in respect of an
Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may
be specified by regulations.
5
Section 28(5) Notwithstanding anything contained in any other law for the time being in force, and save
as otherwise provided in this Act, the Authority or any of its officers or other employees or any agency
that maintains the Central Identities Data Repository shall not, whether during his service or thereafter,
reveal any information stored in the Central Identities Data Repository or authentication record to anyone:
Provided that an Aadhaar number holder may request the Authority to provide access to his identity
information excluding his core biometric information in such manner as may be specified by regulations.
exploitation by third parties. Before the enactment of the Aadhaar Act, MOUs signed
between UIDAI and Registrars were not contracts within the purview of Article 299 of the
Constitution 6, and therefore, do not cover the acts done by the private entities engaged by
the Registrars for enrolment. The Aadhaar Act is also silent on the liability of UIDAI and its
personnel in case of their non-compliance of the provisions of the Act or the regulations.

Section 47 7 of the Act violates citizens’ right to seek remedies. Under Section 47(1), a court
can take cognizance of an offence punishable under the Act only on a complaint made by
UIDAI or any officer or person authorised by it. Section 47 is arbitrary as it fails to provide
a mechanism to individuals to seek efficacious remedies for violation of their right to
privacy.

In the absence of an independent regulatory and monitoring framework which provides

robust safeguards for data protection, the Aadhaar Act cannot pass muster against a
challenge on the ground of reasonableness under Article 14 of the Indian Constitution. No
substantive provisions, such as those providing data minimization, have been laid down as
guiding principles for the oversight mechanism provided under Section 33(2) 8, which

6
Article 299 of Inian Constitution: Contracts

(1) All contracts made in the exercise of the executive power of the Union or of a State shall be expressed
to be made by the President, or by the Governor of the State, as the case may be, and all such contracts
and all assurances of property made in the exercise of that power shall be executed on behalf of the
President or the Governor by such persons and in such manner as he may direct or authorise

(2) Neither the President nor the Governor shall be personally liable in respect of any contract or
assurance made or executed for the purposes of this Constitution, or for the purposes of any enactment
relating to the Government of India heretofore in force, nor shall any person making or executing any
such contract or assurance on behalf of any of them be personally liable in respect thereof.

7
Section 47. (1) No court shall take cognizance of any offence punishable under this Act, save on a
complaint made by the Authority or any officer or person authorized by it. (2) No court inferior to that of
a Chief Metropolitan Magistrate or a Chief Judicial Magistrate shall try any offence punishable under this
Act.
8
Section 33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-
section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of
information, including identity information or authentication records, made in the interest of national
security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government
of India specially authorized in this behalf by an order of the Central Government: Provided that every
permits disclosure of identity information and authentication records in the interest of
national security. Section 57 9 violates Articles 14 and 21. it is manifestly arbitrary, it suffers
from overbreadth and violates Article 14. Section 59 does not validate actions of the state
governments or of private entities. Section 59 10 fails to meet the test of a validating law
since the complete absence of a regulatory framework and safeguards cannot be cured
merely by validating what was done under the notifications of 2009 and 2016. The judgment
accepts that there is a legitimate state aim but the existence of a legitimate aim is
insufficient to uphold the validity of the law, which must also meet the other parameters of
proportionality spelt out in Puttaswamy. The 2017 amendments to the PMLA Rules fail to
satisfy the test of proportionality. The imposition of a uniform requirement of linking
Aadhaar numbers with all account based relationships proceeds on the presumption that all
existing account holders as well as every individual who seeks to open an account in future
is a potential money-launderer. The conflation of biometric information with SIM cards
poses grave threats to individual privacy, liberty and autonomy. Having due regard to the
test of proportionality which has been propounded in Puttaswamy and as elaborated in this
judgment, the decision to link Aadhaar numbers with mobile SIM cards is neither valid nor
constitutional. It is directed under Article 142 11 that the existing data which has been

direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the
Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and
the Department of Electronics and Information Technology, before it takes effect: Provided further that
any direction issued under this sub-section shall be valid for a period of three months from the date of its
issue, which may be extended for a further period of three months after the review by the Oversight
Committee.
9
57. Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity
of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any
law, for the time being in force, or any contract to this effect: Provided that the use of Aadhaar number
under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.
10
59. Anything done or any action taken by the Central Government under the Resolution of the
Government of India, Planning Commission bearing notification number A-43011/02/2009-Admin. I,
dated the 28th January, 2009, or by the Department of Electronics and Information Technology under the
Cabinet Secretariat Notification bearing notification number S.O. 2492(E), dated the 12th September,
2015, as the case may be, shall be deemed to have been validly done or taken under this Act.
11
142 of Indian Constitution.: Enforcement of decrees and orders of Supreme Court and unless as to
discovery, etc ( 1 ) The Supreme Court in the exercise of its jurisdiction may pass such decree or make
such order as is necessary for doing complete justice in any cause or matter pending before it, and any
decree so passed or orders so made shall be enforceable throughout the territory of India in such manner
collected shall not be destroyed for a period of one year. During this period, the data shall
not be used for any purpose whatsoever. At the end of one year, if no fresh legislation has
been enacted by the Union government in conformity with the principles which have been
enunciated in this judgment, the data shall be destroyed.

CONCLUSION

Keeping in mind humanistic concept of Human Dignity which is to be accorded to a

particular segment of the society and, in fact, a large segment this judgment has been
passed. There needs to be a balancing of two facets of dignit y of the same individual
whereas, on the one hand, right of personal autonomy is a part of dignity (and right to
privacy), another part of dignity of the same individual is to lead a dignified life as well
(which is again a facet of Article 21 of the Constitution). Therefore, in a scenario where the
State is coming out with welfare schemes, which strive at giving dignified life in harmony
with human dignity and in the process some aspect of autonomy is sacrificed, the balancing
of the two becomes an important task which is to be achieved by the Courts. For, there
cannot be undue intrusion into the autonomy on the pretext of conferment of economic
benefits. The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not
tend to create a surveillance state. This is ensured by the manner in which the Aadhaar
project operates. During the enrolment process, minimal biometric data in the form of iris
and fingerprints is collected. The UIDAI does not collect purpose, location or details of
transaction.

The Court is also of the opinion that the triple test laid down in order to adjudge the
reasonableness of the invasion to privacy has been made. The Aadhaar scheme is backed by
the statute, i.e. the Aadhaar Act. It also serves legitimate State aim, which can be discerned

as may be prescribed by or under any law made by Parliament and, until provision in that behalf is so
made, in such manner as the President may by order prescribe

(2) Subject to the provisions of any law made in this behalf by Parliament, the Supreme Court shall, as
respects the whole of the territory of India, have all and every power to make any order for the purpose of
securing the attendance of any person, the discovery or production of any documents, or the investigation
or punishment of any contempt of itself
from the Introduction to the Act as well as the Statement of Objects and Reasons which
reflect that the aim in passing the Act was to ensure that social benefit schemes reach. In so
far as Section 2(b) is concerned, which defines ‘resident’, the apprehension expressed by the
petitioners was that it should not lead to giving Aadhaar card to illegal immigrants. The
Court directed the respondent to take suitable measures to ensure that illegal immigrants are
not able to take such benefits.

Safeguards are available in Aadhaar Act, 2016 and there is no architecture for pervasive
surveillance. There is a balance between social benefits disbursal by state with right to
privacy. Sec 7 of Aadhaar Act, 2016, making Aadhaar number necessary for receipt of
certain subsidies, benefits and services etc. is held as constitutional. J. Bhushan observed
that some cases of authentication failure should not nullify the entire provision. Sec 29
which deals with restriction on sharing information, is upheld. Sec 33 which provides for
the use of Aadhaar data-base for police investigation, is upheld and found not violative of
Art 20(3). Sec 47 which disallows an individual to file a complaint for an offence under the
Act, was upheld. The last part of Sec 57 which permits use of Aadhaar by the State or any
body corporate or person, in pursuant to any contract is held unconstitutional. Rule 9 as
amended by PMLA (Second Amendment) Rules, 2017 making linkages of Aadhaar with
bank accounts necessary is upheld and found not to violate Articles 14, 19(1)(g), 21 & 300A
of the Constitution. Circular dated 23.03.2017 by Department of Telecommunications,
seeking Aadhaar-SIM linking is held unconstitutional. Passing of Aadhaar Act as Money
Bill is found to be valid but decision of Speaker certifying a Bill as Money Bill is not
immune from Judicial Review. Section 139AA of IT Act, 1961 which provides for linking
of Aadhaar for filing of income tax returns is upheld and found not to violate Right to
Privacy.