On the 26th of September 2018, the Supreme Court’s decision in the Aadhaar Case declared the Aadhaar Scheme as constitutionally valid in a 4:1 majority verdict, however this was subject to conditions. One of the most debated themes in the judgment was the constitutionality of Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (hereinafter: ‘Aadhaar Act’). Section 57 which read as follows:
“Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or anybody corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:
Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.”
Section 57 of the Aadhaar Act as it stood before the judgment meant that Aadhaar number could be used by the State, body corporate or person for establishing the identity of an individual for any purpose provided such purpose was backed by law or a contract. The use of Aadhaar for establishing identity has now been read down to any purpose which is backed by law. Furthermore, such law shall be subjected to judicial scrutiny. Since purposes backed by contractual relationships do not constitute purpose backed by law, it has been excluded from the ambit of this provision.
This provision allowed private entities to use Aadhaar numbers for any purpose in furtherance of a law or contract, thereby providing legal backing to mobile companies, private service providers, banks, payments services to obtain Aadhaar details for the purpose of establishing identification of an individual by using e-KYC. This was a convenient, paperless and time saving mechanism for identification of individuals availing different kinds of services. The reason this provision was read down was because the term “any purpose” was likely to be misused especially when came within the ambit of contractual consent. However, what remains ambiguous is whether all authentication is now unconstitutional or only that which arises from a contractual relationship between a private entity and an individual. This gives rise to two pertinent questions relating to previous authentication done by private companies and authentication to be done in future.
The striking off of this section now imposes a prohibition on private players obtaining biometric and demographic details of their customers.
Though this section was struck down with a larger view of preventing commercial exploitation of citizen’s data to manipulate human behaviour, this has also posed an impediment in participation of private entities who have the means and resources, to carry out welfare schemes thereby limiting access and resources to the common man. Additionally, what remains a bone of contention is that even if a customer voluntarily chooses to use Aadhaar for e-KYC, private entities cannot accept it.
One of the reasons accorded for reading down of this section was purpose limitation. The identity information sought to be collected for a purpose under the Act could be used for another purpose. Benefits, subsidies and services to which the personal data collected was to be applied were not identifiable, despite that, such provisions were made contingent upon Aadhaar authentication. Moreover, under Section 57 of the Aadhaar Act, the State, a body corporate or any person could avail authentication facility and access information under Central Identities Data Repository “CIDR”. This created an open ended and unspecified set of laws and contracts for which Aadhaar could be used and defeated the principle of informed consent at the time of enrolment and purpose limitation, as per the verdict. However, there was a valid counter to this view that Section 57 of the Act was incidental to the object of the Act and did create a purpose limitation upon use of Aadhaar by private operators. Even though nothing prevented them from using Aadhaar for other purposes, the same had been subjected to the procedure and obligations of Section 8, which required, informed consent of the Aadhaar number holder and purpose limitation. This meant that the identity information would be used only for submission to CIDR for authentication and the private entity was to provide alternatives to submission of such identity information, which, in other words, means that private parties could not have insisted upon Aadhaar and make Aadhaar mandatory, unless required by law. Therefore, Section 57 is a limitation imposed under the Aadhaar Act on the use of Aadhaar number by private parties which was purely incidental to the object of the Act. Despite this, the susceptibility to misuse of such data resulted in it being read down. Another argument against the use of Aadhaar authentication was that no person could conduct routine activities without the Government knowing about them.
In my opinion, the striking off section 57 of the Aadhaar Act is definitely a welcome move, despite the restrictions imposed on private sector operators. It seeks to look at the larger interest of the privacy of the common man being secured.