oppn parties Supreme Court Addresses Privacy Concerns Over Aadhar Data

News Snippets

  • Amit Panghal becomes first Indian male to win silver at the World Boxing Championships
  • "Gully Boy" to be India's entry for the Oscars
  • Rajeev Kumar called an "absconder" by the CBI
  • Alipore court refuses to grant anticipatory bail to Rajeev Kumar
  • Trump likely to sign a mini trade deal with India next week
  • Government planning a loan mela to cover 400 districts in two phases
  • PM Modi says Kashmiris need a hug from all Indians
  • NPA tag will not be put on any MSME till March 20
  • Government likely to announce another economic stimulus package today ahead of the GST Council meet in Goa
  • Air Marshall RKS Bhadauria, slated to retire just a few days from now, to be the next chief of IAF
  • PM Modi slams politicians from his own party who are making irresponsible statements on the Ayodhya case and tells them to wait for the Supreme Court order
  • Telecom panel says resident welfare associations (RWA) cannot give monopoly access to any one service provider and infrastructure in public spaces and residential complexes will have to be shared by all
  • Mamata Banerjee meets Amit Shah, tells him there is no need for an NRC in Bengal
  • After 14 days, there is no hope left for reviving Vikram, the moon lander
  • CBI teams search for elusive Rajeev Kumar
Election Commission announces elections in Maharashtra and Haryana on October 21. Counting and results on October 24. Bypolls, including for 15 seats in Karnataka, will be held simultaneously
oppn parties
Supreme Court Addresses Privacy Concerns Over Aadhar Data

By Sunil Garodia

About the Author

Sunil Garodia Editor-in-Chief of indiacommentary.com. Current Affairs analyst and political commentator. Writes for a number of publications.
Having upheld the constitutional validity of Aadhar Act, 2016 and collection of biometric data, the Supreme Court has struck the right balance in protecting the right to privacy of citizens and protecting them from data theft by striking down sections 33(2), 47 and 57 of the said act. In the process, the court has clearly demarcated the services for which providing Aadhar is mandatory and those for which it is not. The judgment would have been perfect if the court had ordered those service providers for whose service Aadhar is no longer mandatory to delete the data collected so far and had specified a mechanism and time frame for the same.

The main objection against Aadhar was based on the fact that since every Tom, Dick and Harry was asking for Aadhar number before providing any service, the common man was losing control over his private data. With cyber crimes on the rise and hackers in every lane of the country (not counting the international ones), chances of identity theft were real and the scenario was scary. The court has addressed these issues by deleting the provisions in the abovementioned sections.

Section 33(2) reads as follows:- (2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government:
Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:
Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.

It is clear from the wording of this sub-section that the government had given itself arbitrary powers that could have been misused. Hence the court did the right thing by striking it off.

Section 47 reads as follows:- (1) No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorised by it. (2) No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate shall try any offence punishable under this Act. The wording of both these sub-sections makes it completely discriminatory and restrictive. It does not give an opportunity to the common man to get his grievances addressed by a court of law. Hence it had to go.

Lastly, Section 57 reads as follows:- Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect: Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

This was the section that provided a free licence to all companies providing services like mobile telephony, insurance, banking, financial services, housing and the like to ask for Aadhar number from customers and applicants. It was highly mischievous in the sense since the UIDAI was expressly prohibited from disclosing and biometric information to such requesting entities, there were many other documents like Voter ID card, Pan Card (already mandatorily linked with Aadhar) and Passport to establish the identity of the person. The insistence on asking for Aadhar number by these private or even government service providers was wrong. Since the person collecting the information was a counter clerk, the chances of the data being sold and put to criminal use were great. As subsequent reports on sale of Aadhar data proved, these fears were not unfounded. The court has done well to delete this section.

But where the court has probably erred is in not expressly telling these service providers to delete the data collected so far with intimation to the person whose data had been collected, providing a transparent and verifiable mechanism for the same and obviously a specific time frame within which it should have been done. Millions of Indians have provided their Aadhar numbers to hundreds of entities. Just ensuring that these entities can no longer ask for Aadhar number is not enough. To protect privacy, the collected data needs to be deleted from their servers in a prescribed manner and as early as possible.