The ASG was submitting requirement for linking Aadhaar with bank account, and how failing to which can lead to account being frozen. He said, “There is plenary legislation of a valid statute Section 12 and 15 give the statutory status to the PMLA Rules under challenge.”
Chief Justice Misra and Justice Bhushan pointed out that those provisions under the Act cannot give sanction to render a new account inoperative after six months. This is violation under Section 300A as alleged by Senior Counsel
Arvind Datar in his submission.
“Conditions, limitations, consequences are all different under law,” the Chief Justice pointed out. Senior Advocate Rakesh Dwivedi, who is the representing Gujarat Government, contended that Aadhaar is mere a condition for opening a continuance of account.
Justice Bhushan pointed out that the condition mentioned in 12(c) only applies to verification and not about continuance of accounts.
Referring to existing accounts, Justice Sikri asked, “How you can freeze those accounts under the Act…even those validly opened accounts.”
Justice Chandrachud also opined that by any stretch Section 12 and Section 15 cannot sanction prescribing penalties by Rule making power.
However, ASG Mehta continued to contend that consequences of non-compliance can be prescribed by Rules.
Both Justice Sikri and Justice Chandrachud did not agree with the contention of the ASG. Justice Sikri says, “When someone cannot withdraw his property, it is a deprivation under Section 300A.”
Earlier, Justice Sikri had asked about status of a pensioner who can be deprived from receiving pension and operating own account. “A pensioner who is known to be a pensioner for so many years…what is the need to trouble him and harass him by not allowing him to withdraw on just the ground of no Aadhaar?”
The ASG contended that the power under PMLA Act of the law being able to reach the right beneficial owner of any entity is not under challenge.
Interjecting, Justice Sikri pointed out that Rule 9 (4) is challenged on proportionality where there are several other officially valid documents. He said, “What is the need to make Aadhaar compulsory when there are other officially valid documents available?”
Mr Mehta, however said that Aadhaar is the most robust and most fraud proof identity and other IDs do not have biometric.
While the ASG was reading the Rules under PMLA, Justice Chandrachud asked him to respond to contentions from Mr Datar.
Mr Datar had contended that “That the Rules are just subordinate legislation and that it is ultra vires Act. There is no provision under PMLA to render a validly opened account in-operational and how is life insurance or health insurance included under the Rules?”
Senior Counsel Shyam Divan also raised the question of one time verification versus continuous verification.
Senior Counsel Rakesh Dwivedi contended that nobody has been forced to get an Aadhaar and everyone has voluntarily gone and obtained an Aadhaar number!
Calling petitioners to be engaged with ‘rhetorics’, Mr Dwivedi contended, “Reality of India is that the top 1% have 73% of the wealth. And the petitioners are saying that the government is spending time in real time surveillance.”
Mr Dwivedi admitted that surveillance has been happening, but there is not need of Aadhaar for this. “No government needs Aadhaar to surveil anybody. Every time he made a speech, some person from the special branch was present. If the government wants to surveil, it will do so without Aadhaar.”
Justice Chandrachud said the point is that technology is a powerful enabler of surveillance and misuse of data is one of the most pressing problems.
Responding to this, Mr Dwivedi, asked “Which data? Merely saying ‘metadata’ does not lead us anywhere. Aadhaar data cannot be compared with Google and Facebook. UIDAI does not have those kinds of tools.”
The Counsel for Gujarat contended that the only purpose of Aadhaar is authentication.
Justice Chandrachud asked, “Then why you store the metadata? When the CEO of UIDAI made his presentation, technical experts showed that they learnt a lot about him from that.”
Replying to this, Mr Dwivedi said, “I do not know about Pandey. But I challenge anyone to disclose what they know about me, on any media. I am issuing an open challenge to technical experts”
Justice Sikri pointed out that the metadata tells you a lot about the nature of transaction. Mr Dwivedi, said, “The UIDAI does not know this.”
Justice Sikri says, “You will know if the authentication request has come from a hospital, or a chemist, or…”
Mr Dwivedi argued that this does not work like that. “The authentication request will come from, say, http://nic.com
. I will not know if it comes from a hospital, or from anything else. Let us assume an authentication request comes from Apollo Hospital. I will not know which Apollo it is in the country – Chennai or Mumbai or Delhi. I will only know that it was Apollo. The only way in which surveillance can happen is if the government breaks the law and colludes with the UIDAI and sends the Central Bureau of Investigation (CBI) to find out if it was Apollo Delhi or Apollo Chennai. This is far fetched.”
Justice Chandrachud said, “The problem is not only at your end. We still do not have a data protection law. What about the requesting entity?”
Mr Dwivedi asked “What will the requesting entities surveil?”
Justice Chandrachud said, “Commercial surveillance is exactly what is happening. This will happen to your farmers as well.”
The Counsel for Gujarat told that Bench that individual information about his is ‘trash’ and has no worth. “What use are my photographs to anyone. It is like molasses thrown out by factories. It later became a goldmine but at that time it was a nuisance. Mr Divan might be worried about privacy, but I am not. And I have spoken to hundreds of people and they are not either,” Mr Dwivedi said.
Justice Chandrachud, however, disagreed with this contention. He said, “It is not about whether 1.9 billion people care about privacy, but about information being unavailable.”
Mr Dwivedi contended, “Fingerprint information is only of interest to palmists and for the growth of palmistry.”
Justice Chandrachud said that, “The concern is not about fingerprints per se. The American cases are about the localised use of fingerprints such as entering some place. The issue is storage and then use for authentication.”
Ignoring this observation, Mr Dwivedi argued that the only pleading of petitioners is that the UIDAI can surveil and there is no pleading by them (petitioners) that the requesting entities can surveil and there is no challenge. “Petitioners are NGOs, they are better off suggesting improvements than picking at all the stitches,” he said.
Justice Chandrachud and Justice Sikri pointed out Section 29(3)(b) read with Section 57 allow for information to be shared with third parties even under contracts.
Mr Dwivedi, contended, “This is why you need a data protection law, to specify the terms of consent and an overseeing mechanism. In any case, you can never share core biometric information under Section 29(1).”
Justice Chandrachud pointed out that Section 29(3) makes it possible to share biometric information.
“It can be read down to exclude sharing of biometric information. The requesting entity cannot retain a copy of the PID block. So it must be read like that. The core biometric data is kept in the CIDR and cannot be shared,” Mr Dwivedi replied.
Justice Chandrachud pointed out that UIDAI can only control what it has control over.