Private use of Aadhaar data challenged
The Supreme Court has asked the Centre to respond to a petition challenging the validity of amendments that allow private entities to use the Aadhaar data furnished voluntarily by customers for identity authentication.
A bench of Chief Justice of India S.A. Bobde and Justice Bhushan Gavai on Friday issued a fresh notice to the Centre while tagging the matter with a related petition against an ordinance on amending the Aadhaar laws.
The latest petition jointly filed by S.G. Vombatkere and social activist Bezawada Wilson challenging the Aadhaar and Other Laws (Amendment) Act, 2019, and the Aadhaar (Pricing of Aadhaar Authentication Services) Regulations, 2019, on the ground that they violate citizens’ fundamental right to privacy. Senior advocate Shyam Divan appeared for the petitioners.
A constitution bench had earlier upheld the validity of the Aadhaar act but said private entities cannot be allowed to use the data even for voluntary authentication of customers’ details. The Centre later changed the law, allowing the voluntary use of Aadhaar as proof of identity for opening bank accounts and getting mobile phone connections.
The amendment bill, which replaced the ordinance, was passed in the Rajya Sabha in July by a voice vote, although many Opposition parties had opposed it and voiced fears of data theft. The act was brought into force through a notification on July 25, this year.
The petitioners submitted that the act created a backdoor to permit private parties to access the Aadhaar ecosystem, thus enabling State and private surveillance of citizens.
The impugned regulations permit the commercial exploitation of personal and sensitive information that has been collected and stored for the purpose of the State alone, the petitioners said.
On September 26, 2018, a five-judge bench had ruled that private parties like mobile companies cannot access the Aadhaar data of citizens.
The bench had said that mobile or other private companies cannot access the citizens’ data without consent as it amounts to invasion of their privacy.
Assailing the new act, the petition filed through advocate Vipin Nair, said: “The impugned act and regulations are manifestly unconstitutional as they seek to re-legislate the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which enabled commercial exploitation of personal information collected for the purposes of the State by permitting private parties to access the Aadhaar database, which were specifically declared unconstitutional in the Aadhaar case….”
It added: “The Aadhaar database lacks integrity as it has no value other than, at most, the underlying documents on the basis of which the Aadhaar numbers are issued. As admitted before this hon’ble court, none of the data uploaded at the time of enrolment is verified by anyone, much less a government official. Permitting such a database to be linked with the existing databases of services offered under Chapter IV of the Prevention of Money Laundering Act, 2002, and Section 4 of the Indian Telegraph Act, 1885, poses a grave threat to national security by permitting unverified data to creep into these databases.
“The Aadhaar database is a Trojan horse which will over time infect, undermine and debase the integrity of these two databases. The purported utilisation of the same for e-KYC and verification of identity for the use of services is manifestly arbitrary and compromises national security and the integrity of the financial system of the country.”According to the petitioners, the act “…exacerbates the problems caused by the Aadhaar project, as it creates unprecedented opportunities for unauthorised parties to save and replicate Aadhaar-related personal data, in various offline federated databases.
“These databases are themselves impermissible under the Aadhaar Act, and unconstitutional inasmuch as they enable private entities to store and commercialise citizens’ personal data”.
The petition added that the act increases the ambit of Aadhaar to cover the consolidated fund of the states also.
“This is an impermissible expansion as it violates the federal structure of India. In addition, this increases the risk of surveillance and poses an impermissible threat to privacy, through the creation of federated databases in the states that will contain persons’ Aadhaar number, and biometric and demographic details.
“Peoples’ data, which was collected for the Aadhaar database, is their private property and permitting this to be commercialised is an impermissible violation of their dignity under Article 19 (freedom of speech) and 21 (life and personal liberty) of the Constitution of India,” the petition said.