The controversy over the constitutional validity of the Aadhaar programme has been on for years now, and all eyes were on the Supreme Court on Wednesday as it delivered its verdict on the matter. The country's highest judicial body has upheld the constitutional validity of the Aadhaar Act by a 4:1 majority, with Justice DY Chandrachud dissenting from the other judges on the bench.
"When we apply the test for adjudging the validity, what we have explained is that whether the court is to apply strict scrutiny standard, or reasonableness standard," Justice AK Sikri said as he began to read out his judgement.
While he said that the "purpose of the Act is legitimate", he held that the rational connection to purpose is satisfied". He said the "balancing test is satisfied by the Act insofar as Aadhaar only collects minimal data".
Even as the judges were reading out their judgments, they listed out all the contentious provisions in the Aadhaar Act that they had decided to strike or read down. This includes provisions that allowed private companies to seek your Aadhaar data, as well as the national security provision that allowed State bodies to demand your Aadhaar number for identification.
This was arguably the most controversial section of the Act as it had mandated linked Aadhaar to avail of a number of services. The Supreme Court reading down Section 57 of the Aadhaar Act means that an Aadhaar card is no long longer a proof of identity and cannot be demanded for that purpose.
It stipulated that the State, a body corporate or person can request for Aadhaar if required by law, which gave legislative backing to mobile companies and other private service providers to seek customers' Aadhaar card for identification purposes.
The five-judge bench, on Wednesday, read down this section, calling it "unconstitutional", specifying that private companies can no longer mandatorily seek a person's Aadhaar details for authentication. It has been read down to the extent that "any purpose" should mean a purpose backed by law as far as State authorities are concerned.
"Private companies also cannot disable a service if their Aadhaar is not linked," legal expert Asheeta Regidi said. "What we have understood is that unless there is a statutory support to a request for Aadhaar details, they cannot ask for it mandatorily."
In a nutshell, this means that banks cannot invalidate your account if you have not linked your Aadhaar with it yet. Aadhaar is no longer mandatory for enrolment in schools, opening bank accounts, for any purpose for the CBSE, NEET or UGC, or for new mobile connections " the Supreme Court has held the telecom department's notification to that effect as unconstitutional. The bench also stressed that no child can be denied benefits of any schemes for not being able to produce an Aadhaar card.
However, there is not much clarity about what those who have already linked their Aadhaar with services can now do. "It's unlikely that the Supreme Court will come out with a delinking process," said Regidi. "Don't think they can do much."
It also raises questions about the Reserve Bank of India's latest regulations on e-KYC, which mandates Aadhaar. The Supreme Court made no mention of this process in its judgment.
Section 33 (1) and Section 33 (2)
The Supreme Court has read down Section 33 (1) to afford an individual an opportunity to be heard if his or her data has been sought from the UIDAI. An Aadhaar-holder can now make his or her case to not have their data disclosed and not be forced into it.
Section 33 (2) allowed the UIDAI to disclose information under the Aadhaar Act, including identity and authentication data, in the interest of national security on an order to the Centre from an officer not below the rank of a joint secretary. For example: The police could seek a first-time offender's Aadhaar details to verify his identity.
The Supreme Court has struck down this section on sharing information for national security purposes, saying that the joint secretary mechanism was "arbitrary and requires a judicial warrant". Regidi asserted that the contours of this provision and what "national security" entails are too vague.
Section 2(d) defines an authentication record, which affects the rules on maintaining records of authentication data, Regidi said. Under this provision, the Aadhaar database could store metadata of individuals generated at the time of authentication or carrying out transactions. A person's IP address, for example. The Supreme Court has struck down this provision in its entirety.
"Meta data is not core to the transaction and only included surrounding information," the legal expert said.
In addition to the ruling on metadata storage, the Supreme Court also struck down the five-year-old rule for archival storage of transaction logs. Regidi said there were "surveillance concerns" about this as the UIDAI stored data such as an individual's location at the time of carrying out a transaction and other data that allowed for profiling.
Under this section of the Aadhaar Act, only the UIDAI had the authority to file a complaint on any offence punishable under the Act. It also disallowed courts below that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate from trying cases related to an offence punishable under this legislation, such as a data breach.
The Supreme Court has held that excluding individuals from filing complaints was arbitrary and has struck down this section of the Aadhaar Act. It said that even individuals must be entitled to file complaints.