Supreme Court upholds Aadhaar but strikes down required use by private sector
Aadhaar has survived its Supreme Court challenge mostly intact, with a five-judge panel ruling that it is constitutionally valid and that the program’s benefits outweigh its risks, but also striking down three sections of the Aadhaar Act. The changes significantly narrow the scope of Aadhaar use, and curb the use of Aadhaar by private companies.
India’s high court sat for 38 days of hearings on Aadhaar, making it the second-longest such case in the country’s history, after 27 different cases were rolled together. The court heard a variety of complaints about the system, ranging from procedural concerns about the Act which underpins the system to fears that widespread security breaches are not only possible, but have already happened.
In a 567-page, four to one ruling, the court held that the reduction of social welfare payment fraud is worth preserving, but that Sections 33(2), 47, and 57 of the Aadhaar Act overstepped the government’s authority, The Indian Express reports. The Guardian notes that a 2015 study showed 40 percent of social payments in India are lost to corruption or theft.
“We have come to the conclusion that Aadhaar Act is a beneficial legislation which is aimed at empowering millions of people in this country,” the bench wrote in the majority judgment.
“At the same time, data protection and data safety is also to be ensured to avoid even the remote possibility of data profiling or data leakage.”
Section 33(1) was changed by the court to allow individuals a hearing before a court can authorize the disclosure of their information, while the court eliminated section 33(2), which allows high-ranking government officials to order the disclosure of Aadhaar information on national security grounds.
The court also ruled against the legality of Section 47, which sets limits on how charges can be brought and heard if the Aadhaar Act is violated.
The biggest change, however, is likely the elimination of Section 57, which authorizes private entities to demand Aadhaar, and is the basis for requiring the ID to open a bank account or register a SIM card. Regulators had already been delaying the implementation of new customer authentication rules, pending the decision. Private entities can apparently still use Aadhaar to verify customers, but only a voluntary basis.
The ruling also disallows the inclusion of metadata in authentication records, and stipulates that those records should be erased after six months.
Aadhaar remains mandatory for registering a tax number, file an annual return, and to receive social welfare payments. The Unique Identification Authority of India (UIDAI) issued a stern warning to service providers denying people essential services after failed Aadhaar authentication earlier this year. The court recognized the problem, but said that scrapping the scheme because of procedural failures affecting roughly 0.2 percent of cases would “amount to throwing the baby out” with the bath water.
Dissenting Justice DY Chandrachud disagreed with several elements of the decision. He said that Aadhaar allows individuals to be profiled, violates privacy, and could enable illicit surveillance. Worse, he said that passing the Aadhaar Act as a Money Bill is an act of fraud against India’s Constitution.