“Aadhaar is not about free flow of data, but no flow of data,” says Senior Counsel Rakesh Dwivedi, representing Unique Identification Authority of India (UIDAI) and the Government of Gujarat during the Aadhaar case hearing before the five-judge Constitutional bench headed by Chief Justice Dipak Misra.

Get Moneylife’s
Top Stories by Email
Citing the European Union’s (EU) General Data Protection Regulation (GDPR), Mr Dwivedi said, “The whole purpose of the EUGDPR is to balance free flow of data with data protection. However, we are not doing that with Aadhaar. Aadhaar is not about free flow of data, but no flow of data. This has no bearing on Aadhaar, and in any case, the Srikrishna Committee is handling it.”
The Bench comprising Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan besides the Chief Justice on Tuesday resumed hearing in the Aadhaar case.
Justice Chandrachud pointed out that the EUGDPR envisages a ban on biometric data processing.
The Senior Counsel replied that there are exceptions and state laws can provide for them with appropriate safeguards. Reading out the exceptions, which include legitimate State interests with appropriate safeguards, Mr Dwivedi said member States have been left free to make laws.
Justice Chandrachud asked if that is the test of proportionality. Mr Dwivedi said that he was not disputing it.

Gautam Bhatia@gautambhatia88

RD says that the EU is now contemplating a biometric ID card.

Chandrachud J humorously asks whether they are planning to seed it with Aadhaar.

RD repeats his earlier point that the EU has opted for smart cards, India for a different architecture, and if Aadhaar succeeds +

Gautam Bhatia@gautambhatia88

+ there will be huge repercussions.

The UIDAI Counsel also claimed that in public sphere, the Right to Privacy is diluted. He said, “The entire Aadhaar activity is in the relational and public sphere. Demographic information and facial photograph do not have any privacy concerns. There is no reasonable expectation of privacy. At the requesting entity point, it is all dispersed and decentralised, and so it does not deserve the level of protection that the CIDR is given.”
Justice Chandrachud said that the point seems to be that core biometric information has higher privacy concerns, which does not mean there is no privacy concern elsewhere.
Mr Dwivedi, the Senior Counsel, also claimed that UIDAI collects only ‘limited technical metadata’.
To this, Justice Chandrachud asked whether it was necessary to retain metadata and why UIDAI need to retain it.
Mr Dwivedi said, “It is important to exercise control over the registrars and enrolment agencies (RE). There is no data about location or purpose of transaction, but only about the system, and that is required for audits.”
Justice Sikri wanted to know whether UIDAI is not collecting metadata about the person but only about the machine. Mr Dwivedi replied in affirmative.

Gautam Bhatia@gautambhatia88

RD says that we don’t know location or purpose, just device ID.

Chandrachud J tells RD that your argument might be supported By Regulation 26 proviso, which bars storing the purpose of a transaction.

RD agrees. He says that in any case the Aadhaar Act bars storing of purpose.

Gautam Bhatia@gautambhatia88

Chandrachud J asks what is the meaning of “authentication transaction data”, which can be stored under Regulation 26. RD says that it’s the data pertaining to a specific transaction, and there is a bar on storing purpose.

Earlier, Mr Dwivedi informed the Bench that the draft for data protection law will be out in May this year.
Justice Sikri pointed out there are instances where damage needs to be proved and said he was not sure if it would pass the adequacy of privacy test.
When Justice Chandrachud asked if there are any consideration of remedies for breaches in the Aadhaar Act, the Senior Counsel, said, “The Information Technology (IT) Act provides for penalties, and they have imposed penalties on some entities like Airtel.”
Chief Justice Misra observed that offences are one way but there are no monetary compensation under the Aadhaar Act.

Prasanna S@prasanna_s

RD: in aadhaar similarly, there is criminal liability; no exception whatsoever for core biometrics; No breach so far.

RD: Petitioners should suggest improvements if any…should not just ask it to be knocked off.

RD: we also are working on a data protection law.

The Senior Counsel contended that the UIDAI has provided a complete bar on sharing, and what is available with the REs is totally dispersed. The extent of privacy is much more diluted. And there is consent and a bar on using for anything other than authentication, he added.
Mr Dwivedi contended that the Court and the government should work in coordination as the two great wings of State, and not in opposition. “The sword should be unsheathed only in the last resort. My lords should save as much as possible of the Act. Doctor’s approach.”
In the morning session, the Senior Counsel of UIDAI, contended that we do not have to go to Europe for proportionality because India developed the test in 1952 in the VG Row’s case. He said, “Indian Supreme Court has never accepted the requirement that a restriction on fundamental rights be least intrusive.”
While the Bench was rising, Senior Counsel Shyam Divan stood up and said that he had a point of information. He said, “The State cited the case of VG Row, which first laid down the principle of proportionality. Mr Row’s son, SG Vombatkere, is one of the petitioners in this Aadhaar challenge.”
(Based on live tweets from Prasanna S @prasanna_s, and Gautam Bhatia @gautambhatia88, who represents one of the petitioners each in this case)