This post highlights the relevant legal provisions under Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. We had previously covered Aadhaar related topic here, here and here.
For those who have not closely followed the entire Aadhar controversy, here’s a brief background of the case.
- The first petition was filed way back in the year 2012, with the division bench of Supreme Court, in relation to the Aadhar Scheme of the government. The case is Justice K.S. Puttaswamy (retd.) and Anr. vs. Union of India [Writ Petition (Civil) 494 of 2012].
- The Court initially objected to government’s forcing everyone to link Aadhar number with various services. It was news that linking Aadhar number is not mandatory anymore. Further, as an interim arrangement, the Supreme Court had ordered that obtaining Aadhar card is not mandatory for every citizen and Aadhar card is mandatory only for six schemes. (See the interim order dated August 11, 2015, here and order dated October 15, 2015, here).
- However, to bypass this order, during the pendency of the petition, the government passed the Aadhar Act, 2016 in both the houses. The Aadhar Act was notified by the government on July 12, 2016, and September 12, 2016.
- Now, since the matter now related to an Act of the Central Government, while hearing the matter the division bench of Supreme Court referred the matter to a five-judge constitution bench as to the constitutionality of the Act. (See the Order dated July 12, 2017, here)
- Then as per the order dated July 18, 2017, the five-judge bench observed that in order to proceed with the case, first, it is essential to determine whether there is any fundamental right of privacy under the Indian Constitution. The five-judge bench referred the matter to a nine-judge constitutional bench only to adjudicate upon the issue of the fundamental right to privacy. (See order here)
- This led to the landmark privacy judgment wherein privacy was held to be a qualified fundamental right. (See the Order dated August 24, 2017, here) Read the full judgment here.
- As it was now clear the privacy is a fundamental right, the original matter with the five-judge bench vis-a-vis the constitutional validity of the Aadhar Act resumed.
- On December 15, 2017, it was argued that in order to ensure clarity for citizens on one hand and for the Union and the State governments and the instrumentalities on the other it is expedient to resolve the issues at the earliest.
- The matter is currently pending before the five-judge bench of Supreme Court which is hearing the final arguments in this matter. The final hearing of the case commenced on January 17, 2018.
Other related cases:
- In the interim, one separate writ petition was filed in the Supreme Court in relation to mandatory linking of Aadhar number with PAN card [Binoy Viswam vs. Union of India (W.P (C) 247 of 2017)].
- Another writ petition which is pertinent to mention here is the one praying for a uniform mobile phone subscriber verification scheme, to ensure 100% verification of the subscriber. It was prayed in the petition, that the identity of each subscriber, as also, his/her address should be verified, so that no fake or unverified phone subscriber, can misuse a mobile phone. In this regard, the Supreme Court observed that the Aadhar based E-KYC ensures an effective process for identity verification of all subscribers. [Lokniti Foundation vs. Union of India and Anr. (W.P. (C) 607 of 2016)]. (See final order dated February 06, 2017 here)
What is Aadhar?
Aadhaar is a unique identification number assigned to such individuals residing in India and notified by the Central Government as entitled to it. Proviso to Section 3(1) empowers the Central Government time to time, notify such other category of individuals who may be entitled to obtain an Aadhaar number.
Information required for obtaining Aadhaar
- “Biometric information”- photograph, fingerprint, Iris scan, or such other biological attributes of an individual as may be specified by regulations.
- “Demographic information” includes information relating to the name, date of birth, address and other relevant information of an individual, as may be specified by regulations for the purpose of issuing an Aadhaar number, but shall not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.
Features under Section 4 of the Aadhar Act
- An Aadhaar number, issued to an individual shall not be re-assigned to any other individual.
- An Aadhaar number shall be a random number and bear no relation to the attributes
or the identity of the Aadhaar number holder.
- An Aadhaar number, in physical or electronic form subject to authentication and
other conditions, as may be specified by regulations, may be accepted as proof of identity of the Aadhaar number holder for any purpose.
Section 7 empowers The Central Government or the State Government for the purpose of establishing identity of an individual to require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment as a – condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India. Proviso to Section 7 provides that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.
Protection of information under Chapter VI
(i) Duties and Responsibilities of UIDAI (Section 28)
- The Authority shall ensure the security of identity information and authentication records of individuals.
- The Authority shall ensure confidentiality of identity information and authentication records of individuals.
- The Authority shall take all necessary measures to ensure that the information in the possession or control of the Authority, including information stored in the Central Identities Data Repository, is secured and protected against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.
- The Authority shall —
(a) adopt and implement appropriate technical and organizational security measures;
(b) ensure that the agencies, consultants, advisors or other persons appointed or engaged in performing any function of the Authority under this Act, have in place appropriate technical and organizational security measures for the information; and
(c) ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors, and other persons to act only on instructions from the Authority.
- The Authority or any of its officers or other employees or any agency that maintains the Central Identities Data Repository shall not, whether during his service or thereafter, reveal any information stored in the Central Identities Data Repository or authentication record to anyone.
(ii) Prohibition on Sharing of Data collected (Section 29)
- No core biometric information, collected or created under this Act, shall be—
(a) shared with anyone for any reason whatsoever; or
(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.
- The identity information, other than core biometric information, collected or created under this Act may be shared only in accordance with the provisions of this Act and in such manner as may be specified by regulations.
- No identity information available with a requesting entity shall be—
(a) used for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication; or Security and confidentiality of information.
(b) disclosed further, except with the prior consent of the individual to whom such information relates.
- No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.
(iii) Protection of Biometric information under Information Technology Act,2000 (Section 30)
The biometric information collected and stored in electronic form, in accordance with this Act and regulations made thereunder, shall be deemed to be “electronic record” and “sensitive personal data or information”, and the provisions contained in the Information Technology Act, 2000 and the rules made thereunder shall apply to such information, in addition to, and to the extent not in derogation of the provisions of this Act.
(iv) Alteration of information at the request of an Aadhaar number holder (Section 31)
In case any demographic information of an Aadhaar number holder is found incorrect or changes subsequently, the Aadhaar number holder shall request the Authority to alter such demographic information in his record in the Central Identities Data Repository in such manner as may be specified by regulations.
(v) Disclosure of information permitted pursuant to an order of a court and in the interest of national security etc (Section 33)
Section 33 provides exceptions to the protection under Sections 28 and 29 as follows-
(a) Any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a District Judge may be made. Such order of Court takes over Section 28 (2), (5) and Section 29 (2). An opportunity of hearing to the Authority shall be given before passing an order.
(b) Any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer, not below the rank of Joint Secretary to the Government of India specially authorized in this behalf by an order of the Central Government shall be permitted. It takes over Section 28 (2), (5) and Section 29 (1),(2) (3). Every direction issued shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology before it takes effect. Such direction issued shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.
The post has been co-authored by Bhumika Sharma and Siddhant Sharma.
Image from here