In an earlier post, I examined, in broad terms, the nature of the petitioners’ challenge in the Aadhaar case. Senior counsel Shyam Divan concluded his arguments this week. Therefore, this second post will flesh out the substance of Mr Divan’s arguments.

In the remainder of this post, I will unpack the arguments over the last two weeks under three broad heads: (a) the privacy judgment; (b) challenges to the Aadhaar Act; and (c) the court’s concerns.

(A) The Privacy Judgment

The readers will recall that in August 2017, a nine-judge bench of the Supreme Court had re-affirmed the constitutional right to privacy in India in KS Puttaswamy v Union of India. Mr Divan referred the Aadhaar court to excerpts from the nine-judge bench decision. He did so to focus, first, on a general point about individual liberty. He pointed out the centrality of individual liberty to the welfare of the public by reading extracts from the judgment that rooted the right to privacy within the rationales of liberty, dignity and autonomy. Secondly, he considered the notion of informational privacy in the nine-judge bench decision, particularly in the context of informational self-determination.

Mr Divan sought to takeaway a number of points from the privacy judgment. In my view, there are two significant conclusions that stand out: first, that the right to privacy has both a negative and (a more contentious) positive emanation. The impact of the positive duty of privacy is to cast a duty on the State to enforce a citizen’s right to privacy against non-state actors.

A second conclusion that Mr Divan sought to draw from the privacy decision is that privacy can be restricted only by law that complies with the ‘just fair and reasonable’ standard.

Both conclusions are interesting. A positive privacy obligation, if accepted, would bring Indian privacy jurisprudence in line with the position under the European Convention on Human Rights (ECHR). In India, before Puttaswamy, only one other privacy case had alluded to the idea of positive obligation, and only fleetingly so. That was Ram Jethmalani v Union of India (2011) 8 SCC 1. In that case, the court held (at [73]),

The notion of fundamental rights, such as a right to privacy… is not merely that the State is enjoined from derogating from them. It also includes the responsibility of the State to uphold them against the actions of others in the society, even in the context of exercise of fundamental rights by those others.

Despite this passage, however, the Ram Jethmalani decision did not conclusively determine the application of privacy as a positive right. However, in Puttaswamy, Justice Chandrachud, speaking on behalf of four other judges, took a more affirmative stand. He said at [158] that:

The Constitutional right is placed at a pedestal which embodies both a negative and a positive freedom. The negative freedom protects the individual from unwanted intrusion. As a positive freedom, it obliges the State to adopt suitable measures for protecting individual privacy.

In view of the nine-judge bench decision, therefore, Mr Divan’s reasoning based on the positive emanation of privacy seems to stand on a strong footing. This is particularly relevant in the context of Aadhaar because at least part of the petitioners’ complaint relates to the State’s failure to oversee private actions that potentially impinge on citizens’ privacy rights.

Mr Divan’s second takeaway from the privacy judgment concerned the general standard of judicial review under Article 21: ‘just, fair and reasonable’. This well-known standard is the minimum threshold against which Article 21 infractions are tested. However, the jurisprudence on the standard of review for privacy is more complex. It is for that reason that it seems surprising that Mr Divan did not seek to deploy the argument that the Aadhaar project ought to be reviewed on the basis of a higher standard of judicial review.

In that context, in the pre-Puttaswamy era, courts had oscillated between the standards of traditional reasonableness and the higher standard of ‘compelling state interest’ for privacy violations. In Puttaswam yitself, although Justice Chelameswar took this traditional approach, there is some support for the European standard of ‘proportionality’. This ties in with a general point about the alignment of Indian privacy law with European law. In Puttaswamy, the court appears to have made a conscious effort to align its jurisprudence with that under the ECHR. This is true for both the positive obligation of privacy as well as the standard of judicial scrutiny. This is an interesting shift in trend, not least because a large part of India’s privacy jurisprudence had, thus far, been inspired by developments in American law.

Admittedly, there were references peppered through Mr Divan’s arguments about the need for Aadhaar to satisfy the requirement of being a ‘proportionate’ means to achieve particular ends. However, he appears to have stopped short of specifically culling out the standard of ‘proportionality’ from the Puttaswamy decision.

It may well be that other counsel to follow Mr Divan will focus their arguments on the applicable standard of review for privacy infractions. But it would be surprising if the petitioners did not run a proportionality challenge. In my view, it is their strongest foothold for why Aadhaar may potentially fail judicial scrutiny.

(B) Challenges to the Aadhaar Act

The broad nature of the petitioners’ challenges was examined in the previous post. In the course of the last two weeks, Mr Divan developed them under five heads. A number of these points were considered in the previous post. Some of them are also examined in detail in the following section of this post. In this section, therefore, I will only advert to them briefly. The petitioners’ five main heads of challenge are as follows:



Surveillance: A recurring theme in the petitioners’ challenge has been the idea that Aadhaar will build the infrastructure for creating a surveillance State. In Mr Divan’s words, “the architecture of Aadhaar enables surveillance”.

Violation of privacy: in pegging the Aadhaar Act to the privacy challenge, Mr Divan focussed separately on the pre-Act position (when the Aadhaar project ran without legislative backing) and the position under the Act. In the former period, he argued, the Aadhaar project was indisputably a violation of privacy. Even during the latter period, he said, the violation continued. As a starker manifestation of citizens’ privacy infraction, he pointed out that Aadhaar offers a citizen no choice in relation to the means by which to identify oneself.

Limited government: The Constitution mandates the creation of a limited government. It imposes restrictions on State power. Aadhaar focuses on the individual being transparent to the State. It is in fact the reverse that limited government mandates.

Money Bill: Mr Divan outlined the procedural flaw in the Aadhaar Act. It was wrongly characterised as a Money Bill. Mr Divan indicated that Mr Datar and Mr Sibal will advance arguments on this point in the coming weeks.

Procedure under the Act being violative of Articles 14 and 21: Mr Divan focussed on four specific procedural flaws: (a) the absence of an opt-out mechanism (b) lack of informed consent (c) UIDAI’s inability to directly control enrolling agencies and (d) lack of measures to ensure data integrity.



(C) The Court’s Concerns

During the course of Mr Divan’s submissions, a number of the court’s apparent concerns manifested themselves in the form of judicial interventions. Three of these, in my view, stand out.

First, the bench compared Aadhaar to data collection by private actors. Jutice Chandrachud, for instance, asked how Aadhaar was distinguishable from private actors (such as Uber and Google) who track individual information. If data collection by private actors is ubiquitous, he asked, why is Aadhaar problematic? Justice Chandrachud also wondered whether centralisation of data could be the crux of the distinction? While agreeing with his concern about centralisation, Mr Divan sought to distinguish the position of private data collectors from that of the State in two ways: (i) private actors such as Google and Uber do not share forward the personal information they collect, and (ii) as these corporations are not the State, there was a stronger element of consent in the data collection process. Individuals could always opt out. In the context of the State collecting personal information, he said, a State tracking its citizens in real-time amounts to laying down the foundations for a police-state.

The second concern from the bench was about the legitimacy of the purpose for which Aadhaar was promoted, namely welfare. Justice Chandrachud pointed out that there is a clear difference between collection of data through Aadhaar and [mis]use of that data. He asked whether the petitioners would be satisfied if the usage of information collected through Aadhaar was restricted to the specific purpose(es) for which it was collected.

These are key questions. If the standard of review applicable is that of proportionality, then the first question that the Court will need to answer is whether the State is pursuing a legitimate purpose? A welfare benefit is, arguably, a legitimate state purpose. The first limb of the test for proportionality may therefore be satisfied. The second limb of the test asks the following question: is there a nexus between the purpose and the infringing act? The third limb then considers whether a less intrusive measure could have been used to achieve the State purpose? By limiting Aadhaar to specific purposes, the bench is perhaps implying that Aadhaar may be able to satisfy the first three limbs of the proportionality threshold. However, the fourth limb of proportionality is far more complex, and requires the court to balance the potential public benefit of a State action against the extent of its intrusion into individual rights.

Finally, the third crucial theme coming from the bench concerns an aspect of the case that was examined in some detail in the previous post: retrospective legislative validation. For the first seven years, Aadhaar operated without legislative validation. Can the Aadhaar Act retrospectively validate an executive action that would otherwise have violated a fundamental right? Can the respondents rely on Section 59 of the Aadhaar Act as evidence of such validation?

In this context, Justice Chandrachud asked if Article 73 of the Constitution of India could operate to save the Aadhaar program during the seven years that it functioned without legislative backing. With respect, in my view, Article 73 does not have this effect. Article 73 concerns the executive powers of the Union of India, and reads:

(1) Subject to the provisions of this Constitution, the executive power of the Union shall extend

(a) to the matters with respect to which Parliament has power to make laws ...

(2) Until otherwise provided by Parliament, a State and any officer or authority of a State may, notwithstanding anything in this article, continue to exercise in matters with respect to which Parliament has power to make laws for that State such executive power or functions as the State or officer or authority thereof could exercise immediately before the commencement of this Constitution Council of Ministers.

Article 73 postulates that executive power is, under the Constitution, co-extensive with legislative power. It does not, however, permit executive action to infringe, or indeed, even restrict Part III rights. As it was pointed out in the previous post, rights under Article 21, of which privacy is an example, can only be restricted by Parliamentary legislation. Article 73 does not authorise an infraction of Part III rights. Neither does it elevate executive action to the status of “law” for the purposes of Article 21. For these reasons, it is submitted that Article 73 cannot justify the pre-Act Aadhaar project by way of retrospective legislative validation.

Mariyam Kamil is a D Phil candidate in Law at the University of Oxford.

[The opinions expressed in this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of LiveLaw and LiveLaw does not assume any responsibility or liability for the same]