wordpress blog stats
Connect with us

Hi, what are you looking for?

Constitutional Validity of Aadhaar, Day 28: “Perceived Privacy”

This is a record of the proceedings in the Supreme Court bench hearings on the Constitutional validity of Aadhaar, which began on Feb 13, 2018. You may read the previous days’ proceedings here: Day 1Day 2Day 3Day 4Day 5Day 6Day 7Day 8Day 9, Day 10, Day 11, Day 12, Day 13Day 14Day 15Day 16., Day 17Day 18, Day 19, Day 20, Day 2Day 22, Day 23, Day 24, Day 25, Day 26 and Day 27.

ASG Tushar Mehta resumed his arguments from the previous day. He said that the PMLA amendment was made considering the larger public interest. He read out the relevant provisions of PMLA (Maintenance of Records) Rules. He said they are not ultra vires the Aadhaar act or RBI circular. He said there’s no challenge with respect to the PML rules being ultra vires the PMLA.

The ASG said that the power under PMLA Act of the law being able to reach the right beneficial owner of any entity is not under challenge.

Justice Sikri interjected saying Rule 9 (4) is challenged on the grounds of proportionality where there are several other officially valid documents. What is the need to make Aadhaar compulsory when there are other officially valid docs available?

The ASG said it is to prevent impersonation. He said Aadhaar is the most robust and most fraud proof identity we have now. No biometric authentication is available with other IDs.

Advertisement. Scroll to continue reading.

Justice Chandrachud interjected to ask the ASG to respond to contentions of Mr. Datar:

  1. That the Rules are just subordinate legislation and that it is ultra vires Act.
  2. There is no provision under PMLA to render a validly opened account inoperational.
  3. How is life insurance or health insurance included under the Rules?

Senior Advocate Shyam Divan said it is also a question of one time verification versus continuous verification.

The ASG said that is the very mischief sought to be remedied.

Justice Sikri raised a question about “Designated Business” under the definition of Reporting Entity under PMLA. He said that anyone can become a reporting entity under the PMLA, not just banks. How is this proportional?

The ASG said there are no notifications. Shyam Divan pointed out that it is defined under 2 (sa). The ASG defended that saying these are about prize schemes etc.

The ASG said the intention is very clear, they follow zero tolerance policy when it comes to money laundering. Public interest is interest of the nation here.

Justice Sikri asked if they will ask for Aadhaar even for a person who goes to a casino in Goa for fun. The ASG said it is absolutely required. Public interest. Interest of the Nation.

Advertisement. Scroll to continue reading.

Justice Sikri was not so sure this will measure up on proportionality. The ASG repeated the “national interest” argument.

Justice Chandrachud questioned the rule that an existing bank account will become non-operational if Aadhaar is not linked within six months.

The ASG said that it’s not permanent closure.

Justice Sikri asked the ASG to address the precise points raised by Petitioners.

The ASG wanted to first address the question of accounts being non-operational. He said it is only temporarily non-operational till Aadhaar is given.

The ASG next said there is plenary legislation of a valid statute Section 12 and 15 that gives the statutory status to the PMLA Rules under challenge.

Advertisement. Scroll to continue reading.

The CJI and Justice Bhushan said those provisions under the Act cannot give sanction to render a new account inoperative after 6 months if Aadhaar is not provided not in violation of article 300a of the Constitution. (That is the 300A violation alleged by Mr. Datar.)

The ASG said that it is a reasonable restriction.

Justice Chandrachud exposited that Section 12 and Section 15 by any stretch cannot sanction prescribing penalties by Rule making power. Were the penal consequences authorized by the Act or rules itself? The Act only talks about verification of bank accounts.

The ASG said that the consequence of noncompliance can be prescribed by Rules. He said that the rules are part of the Act. Penal consequence is just an ancillary provision and can be provided by the rules.

Justice Chandrachud did not agree.

The ASG said that considering only plenary law with respect to “procedure established by law” is wrong. The rules can also be considered. Freezing of bank account is not a penalty but just a consequence.

Advertisement. Scroll to continue reading.

Justice Sikri said that it is a penalty. “You’re depriving someone of their property.”

Justice Sikri and Justice Chandrachud were angry with the ASG when he said this is only a consequence of non compliance and not penal. Justice Sikri said that when someone cannot withdraw his property, it is a 300A deprivation. Justice Sikri had earlier also asked about what about a pensioner who has been known to be a pensioner, who is known to be a pensioner for many years. What is the need to trouble him and harrass him by not allowing him to withdraw on just the ground of no Aadhaar?

The ASG said the point of such a consequence ( freezing of bank accounts) is so that money launderers render their account non operational.

The CJI said that their only question is whether the consequence is mandated under law or is it an overreach. He asked the ASG to show legal authority to show how Rules may prescribe consequences of non compliance as drastic as this when Act does not provide for it. The ASG promised he will.

The ASG read a judgment that said Rules once issued are effectively part of the Act. The CJI and Justice Sikri were of the opinion that cannot apply to Rules outside of Rule making power. The CJI said conditions, limitations, consequences are all different under law.

Senior Advocate Rakesh Dwivedi, also arguing for the authority interjected and said Aadhaar is mere a condition for opening and continuance of account. Given the problems they are facing, they need to re-verify the accounts that are already existing, he said.

Advertisement. Scroll to continue reading.

Justice Bhushan pointed out that the condition mentioned in 12(c) only applies to verification. Not about continuance of accounts etc.

Justice Sikri referred to existing accounts and asked how they can freeze those accounts under the Act – even validly opened accounts.

The Bench rose for lunch, reassembled at 2:30pm.

The ASG said that the Prevention of Money Laundering Act is encompassing. The objectives are to find out the real person behind the accounts, and to find it out in other jurisdictions. He said that the number of fake accounts are mind boggling, and threaten the very root of the economy and of national security. He talks about cross-border offences. Terror financing destroys the root of our democracy and threatens our national security, he said. This kind of menace happens both inside and outside India. Therefore it’s important to link bank account with Aadhaar.

The ASG said that the minimum we owe to the nation is go and show to the State that we are who we claim to be. This is a minimally invasive requirement.

The ASG said that the scheme of PMLA is three fold:

Advertisement. Scroll to continue reading.
  • Zero tolerance to money laundering
  • Curbing black money
  • Reaching beneficiaries.

There will be minor inconvenience to some citizens but it is in the interest of the nation, the ASG said. He said that the individual interest of “perceived privacy” has to be weighed against the public interest. He said that if this is not in public interest nothing can be. The ASG concluded his arguments.

Senior Advocate Rakesh Dwivedi is the last counsel for the State. He said that he has heard all the counsel for the petitioners with rapt attention. He said that petitioners have argued this case as if it’s “off with the head” like the Queen of Hearts. He said this is an argument in wonderland. (Referring to the book by Lewis Carroll, “Alice in Wonderland”).

Dwivedi said that he has never felt that he is under surveillance. He said that nobody has been forced to get an Aadhaar. In no city or village or any part of India has anyone been forced. He said that people have voluntarily gone and gotten an Aadhaar card. Dwivedi said we (he is talking about some lawyers) don’t qualify for targeted delivery but we still got Aadhaar for the sake of having one identity, because we think it’s a useful thing.

Dwivedi said the Government of India has ample means to surveil. No need of Aadhaar. Refers to master circular of CBI that allows monitoring of bank account. He asked which government will wake to surveil farmers tilling the land. He said that at one time he used to carry a red flag and he went to jail because he was fighting for farmers. He described his time living in a farmer’s hut. He said it’s ridiculous to think that this government will surveil such people.

Dwivedi said that the reality of India is that the top 1% have 73% of the wealth. And the petitioners are saying that the government is spending time in real time surveillance. He alleged that the petitioners have engaged in rhetorics. He repeated that no government needs Aadhaar to surveil anybody. He said that every time he made a speech, some person from the special branch was present. Dwivedi acknowledged that surveillance has been happening. But you don’t need Aadhaar for it. If the government wants to surveil it will do so without Aadhaar.

Justice Chandrachud said that the point is that technology is a powerful enabler of surveillance. Elections of countries are being swayed with the use of data and technology. He said that the misuse of data is one of the most pressing problems.

Dwivedi asked, “which data?” Dwivedi said merely saying “metadata” doesn’t lead us anywhere. Aadhaar data cannot be compared with Google and Facebook. UIDAI doesn’t have those kinds of tools. He said that we don’t have learning algorithms. He said that the petitioners have been trying to confuse the Court. He said that S 32 prohibits the UIDAI from knowing the purpose of a transaction.

Advertisement. Scroll to continue reading.

Justice Chandrachud said that that’s only a prohibition on sharing.

Dwivedi said we can’t compare Google and Facebook’s algorithms with UIDAI’s technology and that it is for the petitioners to show that the Act allows such powers.

Justice Chandrachud said that the act does not preclude UIDAI to acquire that kind of tech, those powers.

Dwivedi said it’s an offence under section 33. He said that if the Court finds there is such power, it can strike it down. He said that the only purpose is authentication, authentication, authentication.

Justice Chandrachud asked then why do they store the metadata?

Dwivedi said the only purpose of Aadhaar is authentication and nothing else. There is no power provided under the Act to analyze data. Dwivedi said Meta data is also limited. The meta data is of authentication records and it does not reveal anything about an individual.

Advertisement. Scroll to continue reading.

Justice Chandrachud said that when the CEO of UIDAI made his presentation, technical experts showed that they learnt a lot about him from that.

Dwivedi said that he didn’t know about Ajay Bhushan Pandey, but he challenged anyone to disclose what they know about him, on any media. He said that he is issuing an open challenge to the technical experts.

Justice Sikri said that metadata tells you a lot about the nature of a transaction. Dwivedi said that the UIDAI doesn’t know this.

Justice Sikri said that they will know if the authentication request has come from a hospital, or a chemist, or… Dwivedi said that it doesn’t work like that.

Dwivedi said that meta data consists of authentication request, result of authentication and the time of authentication only.

Justice Sikri said that that is enough to reveal a lot about an individual.

Advertisement. Scroll to continue reading.

Dwivedi said that the authentication request will come from, say, nic.com – he won’t know if it comes from a hospital, or from anything else. Dwivedi said, let’s assume an authentication request comes from Apollo Hospital. He won’t know which Apollo it is in the country – Chennai or Mumbai or Delhi. He will only know that it was Apollo. He said that the only way in which surveillance can happen is if the government breaks the law and colludes with the UIDAI and sends the CBI to find out if it was Apollo Delhi or Apollo Chennai. He said this is far-fetched. Also the identity of the person who requested authentication is not revealed.

Justice Chandrachud said that the problem is not only at your end. We still don’t have a data protection law. What about the requesting entity.

Dwivedi said that what will the requesting entities surveil. Justice Chandrachud said that commercial surveillance is exactly what is happening. He said that this will happen to your farmers as well.

Justice Chandrachud said that the requesting entity can store the data, considering there is not even a robust data protection law. Commercial information about an individual is also a gold mine. Surveillance doesn’t have to be interpreted in the traditional sense.

Dwivedi said that individual information about him is trash. It has no worth. He said, what use are my photographs to anyone. He compares it with molasses thrown out by factories. He said it later became a goldmine but at that time it was a nuisance. (MediaNama: But now it is a goldmine?)

Dwivedi said that Senior Advocate Shyam Divan might be worried about privacy, but he is not and he has spoken to hundreds of people and they’re not either.

Advertisement. Scroll to continue reading.

Justice Chandrachud said he disagrees. He said that it’s not about whether 1. 9 billion people care about privacy, but about information being unavailable. Dwivedi said that fingerprint information is only of interest to palmists and for the growth of palmistry.

Justice Chandrachud said that the concern is not about fingerprints per se. He said that the American cases are about the localised use of fingerprints such as entering some place. He said the issue is storage and then use for authentication.

Dwivedi said Millions like him do not care about privacy. (MediaNama: Regardless, is privacy a fundamental right or not that must be accommodated by the law of the land? The 9 judge bench Puttaswamy judgment on privacy says yes.)

Justice Chandrachud said that giving fingerprints for a limited particular purpose is okay. Under Aadhaar, fingerprints are means for storing data in a central database for the purpose of authentication. That is a problem.

Dwivedi said that the petitioners only pleading is that the UIDAI can surveil. There is no pleading by the Petitioners that the requesting entities can surveil. He said that there is no challenge. He said the biometrics are encrypted. Also the data is not shared with anyone. Even EU data protection law does not have the kind of protection that Aadhaar Act has. There is no reasonable expectation of privacy with regard to demographic information.

Dwivedi said that the moment he put his fingerprints, they are encrypted, and transmitted in encrypted form. Dwivedi said that information can be shared only in accordance with the Aadhaar Act. He said that there is complete protection. One can’t envisage breaches and ignore all this. He said that he understands if people have a problem with the implementation and enforcement of the Aadhaar Act. But there’s no problem with the law and the technology.

Advertisement. Scroll to continue reading.

Dwivedi said that the only possible complaint is that enforcement might be lacking. He said that the Petitioners are NGOs, they are better off suggesting improvements than picking at all the stitches. (MediaNama: Ad hominem much? Besides being factually incorrect)

Justice Chandrachud and Justice Sikri point out that S 29 read with 57 allow for information to be shared with third parties even under contracts. Justice Chandrachud said that this is why you need a data protection law, to specify the terms of consent and an overseeing mechanism.

Dwivedi said that in any case you can never share core biometric information under Section 29(1).He said 29(1) bars sharing of core biometrics completely. He said section 29(b) has to be read in the context of section 29(1).

Justice Chandrachud said that this Act has gone beyond section 7 benefits and that is a major concern for the Bench. He said that this Act is not just about Section 7 or the UIDAI, but goes much beyond, and must be interpreted very carefully.

Dwivedi said that the Court can interpret the Act to make it reasonable. The court should not be a crusader, but a medical man.

Justice Chandrachud said that 29(3) seems to make it possible to share biometric information.

Advertisement. Scroll to continue reading.

Dwivedi said that it can be read down to exclude sharing of biometric information.

Justice Chandrachud: Section 29(3) uses the word “identity information” which seems to suggest biometrics can also be transferred.

Dwivedi said that the requesting entity cannot retain a copy of the PID block. So it must be read like that. The core biometric data is kept in the CIDR and cannot be shared.

Justice Chandrachud said that the UIDAI can only control what it has control over.

The Court rose for the day. The Additional Solicitor General Tushar Mehta will continue submissions on behalf of the UIDAI at 11:30am on the 17th April 2018.

Summary of hearing based on tweets by Prasanna S, Gautam Bhatia and SFLC.

Advertisement. Scroll to continue reading.

Written By

Vidyut is a commentator on socio-political issues with a keen interest in behavioral sciences, digital rights and security and manages to engage her various proficiencies to bring an unusual perspective to issues related with the intersection of tech and people.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ