The Lok Sabha and Rajya Sabha passed the Aadhaar And Other Laws (Amendment) Bill, 2019, which was previously promulgated as an ordinance. Awaiting presidential assent, the amendment Bill introduces alarming changes to the original Aadhaar Act, 2016, purportedly to remove the discrepancy between the Act and the Supreme Court decision on the constitutionality of Aadhaar. which invites close scrutiny.
First, the amendment Bill attempts to reincarnate provisions struck down in the Aadhaar decision through a statutory amendment instead of a constitutional amendment, failing to cure its unconstitutionality. Section 5 of the Bill enables the parliament to make Aadhaar mandatory for authentication by enacting a subsequent law. This provision is an attempt to overturn the Aadhaar judgement insofar as the SC precluded the Centre from making Aadhaar mandatory for rendering services not mentioned in section 7 of the original Aadhaar Act (for instance, the SC struck down laws mandating linking of Aadhaar with SIM cards and bank accounts respectively as unconstitutional regarding them as unreasonable interventions on individual privacy). Such a statutory amendment does not remedy the infringement of privacy, since the defect in the law continues to undermine fundamental constitutional guarantees and may be subject to subsequent judicial scrutiny.
Second, the amendment Bill runs contrary to the apex court’s verdict which struck down section 57 of the Aadhaar Act insofar as it permitted the use of Aadhaar data by private entities. The SC had categorically declared that no person shall be denied services for lack of Aadhaar. Section 5 of the Amendment Bill seeks to reinstate the use of Aadhaar by private players for verification so long as the individual Aadhaar holder consents to such use.
Nudging people towards Aadhaar
While this ostensibly transfers greater control over personal data to individuals, it enables private entities to nudge customers towards continuing to use Aadhaar for two reasons. First, it could extend certain benefits to customers in lieu of choosing Aadhaar as a means of verification. Second, it could set Aadhaar as the default means of authentication while providing alternatives to ensure compliance with the amendment.
However, the active promotion of Aadhaar verification as the preferred mode may nudge consumers towards it despite knowing that alternate means of authentication are available. While the amendment Bill does require private entities to inform individuals that alternative means of authentication are available, this mandate is not qualified by a minimum threshold of a reasonable notice of available alternatives (for instance, section 8 of the Personal Data Protection Bill requires notice to be given to an individual before data is collected in a “clear, concise, manner…easily comprehensible to a reasonable person..in multiple languages where necessary and practicable”). In a developing economy where a large section of the population is bereft of digital literacy, citizens surrendering Aadhaar data to private corporations for more efficient services is an inevitable consequence.
The alternative to Aadhaar verification is the use of passports or other identifiers notified by the Central government, which provides little relief. As of 2017, according to data from the Ministry of External Affairs, passport holders constituted a meagre 5.15% of the populace (6.8 crore out of 132 crore). Without adequate digital awareness, the possibility of citizens applying for passports merely to bypass the Aadhaar verification seems remote.
Additionally, the amendment Bill does not create a timeframe within which the government must notify other acceptable identifiers, which effectively ensures that for most people, Aadhaar continues to prevail as compulsion than a real choice. This illusion of choice created by the amendment benefits private entities which had turned the entire Aadhaar verification process into an expansive data collection drive, prior to the takedown by the Supreme Court.
Data privacy and protection
Citizens who are coerced to submit their data have little recourse in the absence of a data protection law, and despite the report of the Justice Srikrishna Committee and a draft Act at their disposal, the inexplicable delay by the government in tabling it for parliamentary approval is confounding. For a government which prides itself in acting decisively in the face of legislative roadblock, which opted for an ordinance to effectively nullify the Supreme Court verdict, such undue delay in bringing forth a ready legislation is perhaps more strategic than negligent.
Third, the provision allowing children to exit the Aadhaar ecosystem does not really empower an individual to erase her digital footprint. It only allows her to cancel her Aadhaar number upon attaining eighteen years of age. Thus, while biometric information (which changes with time) may not be updated for such young adults, how the rest of their information already part of the Aadhaar database shall be maintained is unclear.
This government, in the past, has had the unenviable record of having openly promoted Aadhaar enrolment even with several Supreme Court orders to the contrary. The court, in its majority decision, lauded the government’s zealous efforts in this regard, diluting its own previous position of strength. While the amendment shall undoubtedly be enforced with equal fervor, especially with the private sector wholeheartedly welcoming it, it is up to the court to reassert its importance and ensure that its decisions aren’t rendered ineffectual by some of its own. For the interim, we the people must endure, as we are accustomed to.
Agnidipto Tarafder is a faculty member at the West Bengal National University of Juridical Sciences, where he teaches a course on privacy and the law. Siddharth Sonkar is a final year student of the West Bengal National University of Juridical Sciences with an interest in law, technology and policy.