The 1,448-page judgment on the legality of Aadhaar by a five-judge bench of the Supreme Court on September 26 was undoubtedly the event of the week, with both supporters and critics of Aadhaar claiming victory.The majority judgment found Aadhaar constitutionally valid (while DY Chandrachud's dissenting judgment called it unconstitutional), but said corporate entities, like banks and telecom service providers (TSP), cannot ask for customers' Aadhaar credentials.It also made Aadhaar mandatory for those availing government benefits and for filing income tax returns (ITR). The judgment also allows minors enrolled in Aadhaar to opt out once they turn 18.Aadhaar, a biometric and demographic-information-based identification, was conceptualised in 2006 and rolled out in 2010. While the verdict made certain things very clear, there are still some unanswered questions. Here are five of those:While the majority judgment says authentication records are not to be kept for more than six months, compared with five years earlier, it does not talk about what is to be done with data already collected. However, Chandrachud said, "The biometric information and Aadhaar details collected by Telecom Service Providers shall be deleted forthwith and no use of the said information or details shall be made by TSPs or any agency or person or their behalf."Usha Ramanathan, a legal expert and Aadhaar critic, says since the majority judgment does not disagree with Chandrachud's, the latter holds.It is not quite clear at this point if a telco or a bank can accept the 12-digit Aadhaar number for authentication when a customer chooses that as her identification. Some believe one reason why the judgment did not explicitly talk about that could be that it would have provided companies a loophole to seek Aadhaar data on the pretext of speeding up their service. Nikhil Pahwa, a digital rights activist, says Aadhaar-based electronic KYC (know your customer) is not even voluntary: "You have to look at the overriding theme of the judgement."Not quite. In fact, it leaves the field wide open for more legal disputes, since it has struck down Section 47 of the Aadhaar Act , 2016, which allowed only the Unique Identification Authority of India (UIDAI) to go to court for any offence under the act."Section 47 of the Act violates citizens' right to seek remedies. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. Section 47 is arbitrary as it fails to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy," said the judgment. According to Pahwa, before the verdict, citizens were robbed of their agency.Now, people whose data has been leaked or stolen, or people who are denied benefits can go to court. Ramanathan believes even those whose biometric authentication fails can approach the judiciary.They have to get it. But for those who already have Aadhaar, if their biometric authentication fails, then the government cannot deny them the benefit on account of that. It will have to provide them an alternative, says Pahwa.Well, almost. It is needed for those who get government benefits and subsidies and also for those paying income tax (your Aadhaar enrollment number is needed when you apply for your PAN card). That means those who do not get government benefits nor need a PAN card do not need Aadhaar. Those who enrolled for Aadhaar before the passing of the Aadhaar Act, 2016, can choose to exit the programme. But it is not clear if someone who got the Aadhaar number later can do the same.