The arguments on day 3 commenced with Mr. Shyam Divan continuing with the Privacy judgment in the case of Puttaswamy v. Union of India. He read out the excerpts of the judgment which elaborated upon the right to privacy of an individual and his right to be alone. He further read the parts which addressed the need for data protection, transparency, consent and data protection. He highlighted how any State action limiting privacy is required to fulfil three major conditions: a statutory backing, legitimate State aim and proportionality, i.e., the means adopted by the legislature should be proportional to the object sought to be achieved.
Finally, reading out the operative part of the privacy judgment, he stated that privacy is a natural right and is a condition precedent to the enjoyment of any other fundamental right. He then handed over a three-page summary of the privacy judgment to the Court, the main points of which are enumerated below:
Right to privacy is a natural right and hence, inalienable. It is a condition precedent to the enjoyment of rights under Part III and one of its aspect is the right to control the dissemination of personal information.
The sanctity of privacy lies in its functional relationship with dignity. Privacy is a postulate of human dignity itself.
Privacy is intrinsic to freedom, liberty and dignity. It is more than merely a derivative constitutional right.
Privacy has both positive and negative content. The negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen while its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual.
Right to privacy is not an elitist construct.
Informational Privacy is a facet of right to privacy. Individually, information silos may seem inconsequential. However, in aggregation, information provides a picture of the beings.
Right to privacy cannot be impinged without a just, fair and reasonable law. Even if data is collected for a legitimate state aim, it must necessarily be for a specific legitimate purpose and cannot be utilised unauthorizedly for extraneous purpose.
Rule of Law and judicial remedies. There should be an undiluted assurance that the Rule of Law will protect their rights and liberties against any invasion by the State.
Mr. Divan then moved on to the Aadhaar Act, 2016. He read out the statement of objects and reasons, Long Title and Preamble of the Act. Moving on to the definitions, he pointed out that as per the definition of “authentication process” and “authentication record”, both the time of authentication and identity of the requesting entity are required to be stored by the UIDAI and ASA (Authentication Service Agency).
Pointing to the definition of “benefits” he said that benefits does not necessarily have to be from the government. Further, he said that the definition of “biometric information” is open-ended and does not provide an exhaustive list. Further, he said that “registrar” could be any entity, not necessarily the government entity. Again on the definition of “requesting entity”, he said that it need not be a government entity but any agency or person including private entities. He said that it enabled profiling of the individuals as the Statute required maintaining the records of time and the requesting agency. He further pointed out that the definitions of “service” and “subsidies” was very wide and open-ended.
Mr. Divan then moved on to Section 3 of the Act. He stated that Aadhaar is an ‘entitlement’. He said that it is the right of an individual to obtain Aadhaar and not an obligation. He reiterated that the verification process is probabilistic in nature. He reminded the court that prior to the enactment of the Act, there was no requirement of counselling. Moreover, he said that the concept of informed consent under Section 3 would become completely illusory if Aadhaar is held to be mandatory.
Moving on to Section 4 of the Act, Mr. Divan said that the whole enrolment process is compromised. Stating that 49000 enrollers had been cancelled, he questioned the integrity of the process. Reading Section 6 on the updation of data, he said that even UIDAI acknowledged that biometrics changed over time. On Section 7, he said that the proviso to this section provides for an alternate method to avail benefits and services, it effectively made Aadhaar mandatory for the receipt of those benefits. He stated that the section sought to render the constitutional and statutory obligations of the State to provide benefits, subsidies and services, conditional upon an individual parting with his or her biometric and demographic information.
Mr. Divan then moved on to the provisions which establish UIDAI, its composition and functions. Referring to Section 23 detailing the powers and functions of UIDAI, he stated that the UIDAI could specify demographic and biometric information ro be collected by the means of regulation. He further raised concerns with respect to UIDAI’s power to deactivate the Aadhaar number, thus pointing out the level of control it has over the individuals.
He then went on to read Chapter VI of the Act on protection of information. Reading Section 29 dealing with the restrictions on sharing information, he stated that the information sought to be protected through this provision had already been shared. At this point, Justice Chandrachud questioned Mr. Divan as to how the breach of the Statutory provisions affected the constitutional validity of the Act. Mr. Divan answered that the entire Aadhaar programme was bad and therefore, the statute which provided legislative backing to such a programme was also unconstitutional. He further stated that if an individual, by providing biometrics, thinks that she is imperilling herself, she has the right to protect herself. He said that an individual had the right to not obtain Aadhaar and to have a choice as the method to be used to identify herself. Mr. Divan then read out Section 32 on maintenance of authentication records and stated that the whole Aadhaar architecture enabled surveillance state.
On a point raised by Justice Chandrachud about sharing information with private entities in today’s networked world and the difference that interpolation of Aadhaar number made, Mr. Kapil Sibal expressed concerns regarding the extent to which the State should gather the information under one umbrella and share it with private entities.
Mr. Divan then pointed out that under Section 47 of the Act, an individual had no locus to approach the Court and only UIDAI had that power. Further, referring to Section 48, he stated that in case of public emergency, the entire record would into the hands of central government-which is a cause of concern.
He then read out Section 57 on use of Aadhaar for purposes other than mentioned under the Act. He said that this section, instead of confining the usage, extended it to almost every entity. On this note, Justice Sikri questioned what harm would giving the Aadhaar number without biometrics cause. Mr. Divan responded that the number coupled with other information available in public domain could be problematic.
Justice Chandrachud intervened saying that an individual is only supposed to give her Aadhaar number, the biometric information remained only with CIDR. Justice Khanwilkar agreed saying that Aadhaar established identity, did not give identity information. However, Mr Divan differed with him citing the example fingerprints being skimmed off.
The hearing will continue on Wednesday, 24th January, 2018.