wordpress blog stats
Connect with us

Hi, what are you looking for?

Prof. Shamnad Basheer files PIL seeking ‘exemplary damages’ for Aadhaar Data Leaks

Prof. Shamnad Basheer has filed a Petition before the Delhi High Court seeking action against the UIDAI and NIC for not adhering to secure practices, exemplary damages for the data leaks and the provision to opt out of Aadhaar, LiveLaw reports. Premising his PIL on the data leaks causing a violation of the fundamental right to privacy that was upheld in the Puttaswamy Judgment, the petition alternatively seeks a Writ of Mandamus directing the Central government to delete all Aadhaar numbers.

The Aadhaaris

The petition refers to Aadhaar holders as “Aadhaaris” and begins with a poem:

Grass seemed greener on the Aadhaar side
Seduced by its spell, I got taken for a ride
Linking my card, not once but twice
Lulled by its lore and some lies

But soon I found
That Aadhaar was unsound
Privacy breaches and bunglings galore
Data pirates so desperate to score

My unique ID is now up in the air
Open to all, both foul and fair
Yet the “authority” insists that all is well
Link some more…and we’ll all be swell!

To our courts therefore, I now do turn
For privacy, justice, and a little less burn

Advertisement. Scroll to continue reading.

The petition then traces the history of Aadhaar and its change from being a voluntary scheme into its now near mandatory form. and ubiquitous linkages with essential services, including banking, filing taxes and mobile phones magnifying the privacy concerns caused by the data breaches. The petition explicitly clarifies that it does not challenge the constitutional validity of the Aadhaar Act but to “establish that the Respondents continue to compromise the security of Aadhaar data through their negligent acts/omissions and consequently violate the fundamental privacy rights of the Petitioner and that of the public at large”.

Lack of data security

In the petition, Prof. Basheer states that he obtained an Aadhaar in 2015 believing the project to be safe and consent based. He later linked his Aadhaar with his bank account for fear of his account being deactivated. He then recalls the discovery of the confidentiality of Aadhaar being compromised and cited several reports of Aadhaar data being compromised, including the unauthorized access to the Aadhaar database being available for sale on WhatsApp, as reported by the Tribune.

Prof. Basheer also articulates apprehensions of being due to the data. “Being a Muslim and a member of a minority community, the threat of potential harms to the Petitioner are even more accentuated. For one, given that in today’s post truth world, almost all Muslims are seen as terrorists and interrogated as such at various international airports and the like, the risk of harms from a data breach and consequent identity theft or the tampering with personal data is significantly more magnified. Secondly, given the present political climate in the country for minorities and the growing patriotic fervor of those committed to purging the country of its plural ethos, the Petitioner fears that unrestrained access to his data could have potentially fatal implications.”

Potential for misuse by third parties

Stating that most of the breaches pertained to the Aadhaar data maintained with the CIDR (Central Identities Data Repository), the petition states the apprehension that “… his valuable data (as also that of countless other Aadhaaris) is in the illegal possession of unauthorized third parties, who can, at any time, misuse it for their own personal gain. This fear is not just a theoretical one, but one which has played out in the past.”

Actionable and Compensable as a common law tort

The petition argues that the lack of reasonable security measures on the part of the UIDAI is “negligence/wilful recklessness” and asserts that the UIDAI’s conduct violates the Aadhaar Act and associated regulations, the Information Technology Act (2000) and associated rules and violates the petitioner’s fundamental right to privacy, thus being actionable and compensable as a common law tort.

Specifically, the petition argues that the UIDAI violates the Aadhaar Act by not fulfilling its duty under Section 28 to “take all necessary measures” to secure the information held by it in allowing “grievance redressal” personnel access to the CIDR and effectuate changes at will and allowing such access to be multiplied and disseminated widely.

Advertisement. Scroll to continue reading.

It also holds the UIDAI responsible for failing to systematically audit and track breaches or deploy a fraud analytics system. The petition argues that the UIDAI and the Centre are liable to compensate aggrieved Aadhaaris for the security breaches under Section 43A of the IT Act.

Data Security measures sought

The petition seeks a direction to the authorities for immediate compliance with the IT Rules (2011), including the publication of a privacy policy and laying down of a security policy for itself and its core operations.

With regard to breaches that have already taken place, the petition seeks action taken and exemplary damages imposed against the UIDAI and other government agencies like the NIC for failure to adhere to security practices, as well as the option to opt-out for Aadhaaris. As an alternative, the petition seeks a Writ of Mandamus directing the Centre to permanently delete all existing Aadhaar numbers

The petition also seeks information on the number of data breaches that have taken place since the inception of the UIDAI and the Aadhaar scheme and the scope of the breach and manner in which the data has been compromised.

The petition recommends the appointment of an independent multistakeholder investigative/audit committee to investigate all Aadhaar breaches and the robustness of the existing systems as well as the appointment of a neutral ombudsman/ verification authority for addressing all concerns and complaints at the first level, which may arise in the future in relation to violations of the Aadhaar Act and the IT Act, as well as any data breaches.

Current status of the Petition

The matter has been posted for the 21st of August with judges Justice Sanjiv Khanna and Justice Chandrashekhar wanting to wait for the judgment in the Constitutional Challenge to Aadhaar in the Supreme court, but the Petitioners free to approach a bench before, in the event of any emergency or urgency.

Advertisement. Scroll to continue reading.

The Petitioners

Prof. Basheer is an IP lawyer who founded the Increasing Diversity by Increasing Access to Legal Education (IDIA) trust, which is a non-profit working on making legal education accessible to the underprivileged. The Promoting Public Interest Lawyering (P-PIL) initiative was started by IDIA to enable IDIA scholars and volunteers to advocate for public interest causes, whilst still in Law School, through practical experience. This petition is a part of the P-PIL initiative.

Advocate Siddharth Aggarwal, who specializes in Criminal Law is representing Prof. Basheer pro bono. He was briefed by lawyers, Rupali Samuel, Jhanvi Dubey and Sidddharth Sajita. UIDAI was represented by Advocate Zoheb Hossain. IDIA fellow Balu Nair and volunteers Anmol Malhotra, Ankit Yadav, Shilpa Prasad, Vinoothna Vinjam and IDIA scholar Donnie Ashok are assisting the petition.

Written By

Vidyut is a commentator on socio-political issues with a keen interest in behavioral sciences, digital rights and security and manages to engage her various proficiencies to bring an unusual perspective to issues related with the intersection of tech and people.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ