The recent Aadhaar verdict has once again rekindled the debate on the complex web of techno-legal and welfare issues involved in world’s largest unique identification project. In this case, the court was confronted with questions of deciding the constitutional validity of a specific design, its efficacy and the choice of a particular technology governing the Aadhaar project. The entire controversy revolved around the issues related to technological governance of Aadhaar, its linkages to various social welfare schemes and safeguarding the personal data collected by UIDAI. Though the project was conceived and executed during the UPA-II regime sans any statutory backing. To cover the deficiencies of a project of such a mammoth size and secure its legitimacy, the Union government used the dubious method of passing the Aadhaar Bill as a money bill in a hurried manner. The lone dissenting judgment of Justice Chandrachud expressed disapproval of this ruse and termed it as “fraud on the Constitution”.

We live in a complex world where the privacy players, regulators and stakeholders debate privacy-related issues. The Supreme Court’s majority judgment holds the Aadhaar Act to be a beneficial legislation and has put a full stop to the pervasive mandatory requirement of linking Aadhaar to all services except a few. The judgment has very cursorily treaded on the issue of privacy breach and the perceived apprehensions of turning India into a surveillance State. The court has accepted as gospel truth the contentions of UIDAI regarding data safeguards. The UIDAI’s contentions regarding the so-called “sufficiently secured” and “strongly regulated” regime has escaped deeper scrutiny and examination in the judgment. The worrisome fact is that as per media reports, as many as 49,000 Aadhar enrolment agencies have been blacklisted due to fraud and malpractices which fly in the face of tall claims of UIDAI and the so-called robust Aadhaar architecture.

But the dissenting voice of Justice Chandrachud has raised concerns over the false fait accompli and has held the Aadhaar project to be unconstitutional. He strongly doubted the methodologies adopted by the UIDAI with respect to biometric data and its linkage to the distinct data base which has the potential to alter the power structure that upholds the relationship between citizens and the State. He has rightly cautioned against the risk of abuse of data and how it can be a blow to individual liberty and privacy.

India has more than 1.22 billion on Aadhaar rolls and many of them do not get to know about data breaches and do not realise the value of their personal data. There is no mention of the word “privacy” in the Indian Constitution but the seminal judgment of Justice Puttaswamy (2017) has held the Right to Privacy to be a Fundamental Right. The value of privacy is dependent on a host of influences including our history, culture and social norms. Though the majority judgment has toed the line of government and underscored the apprehensions of violation of an individual’s right to privacy. The majority judgment has hesitatingly and mildly accepted some degree of State intrusion into privacy of the citizens and differed with the principle of proportionality of data breach, which smacks of a flawed legal reasoning. The project is not immune to risks associated with the collection of sensitive information like biometric data which is prone to exposure and risks getting linked to the unlinkables. Sadly, the majority judgment creates an impression that common citizens do not require any privacy and hence intrusion is not a big deal. On the other hand, the minority view has rightly held that denial of social welfare measures (like subsidized ration under PDS scheme) without Aadhaar was a violation of the fundamental rights of citizens.

The Aadhaar judgment has given rise to some unique questions (which call for some unique answers) such as: How much privacy can be given up? How transparent do we want to be? How much do we want our government to watch us? How much risk, in terms of internal and external security, are we willing to accept as the price for our privacy? How do we measure that risk, and how do we know that by giving up a certain level of privacy, we are safer? But many such questions remain unanswered.

In the welfare State regime, most of the beneficiaries of welfare schemes are least bothered about their privacy and their personal data; they are concerned mainly about receiving services and essential commodities from the government for survival. The apex court has frowned upon the use of Aadhaar by private companies since the biometric information gathered is likely to be misused. The striking down of Section 57 of the Aadhaar Act which provides access to private companies is a welcome move. However, policymakers are grappling with the issue of data protection, as it happens in every evolving situation, but the situation is marked by the “more talk, less work” phenomenon.

Aadhaar may have acquired the distinction of being the world’s largest technology-driven project linking many utility services, but for this the common people have been subjected to coercion in many ways. The social, political and economic motivations behind the project, which are lauded by the government should have been subject to intense parliamentary scrutiny. The accountability aspect of the project is still under a cloud, especially, in the aftermath of Cambridge Analytica episode. It is imperative that the judiciary and executive shift the focus from mere data gathering to data protection and usage. The judgment strives to bring about massive changes in Aadhaar Act and expressed the hope that legislative efforts for creating a new legal regime for data protection would be expedited.

The author is a Supreme Court advocate. Views are personal.