The government has made Aadhaar mandatory for access to banking and filing I-T returns. But there are serious concerns about possible breach of privacy with private entities having access to Aadhaar data.

A woman at an Aadhaar enrollment centre


  • 1
    Aadhaar-less bank accounts will be frozen after December.
  • 2
    Aadhaar is mandatory for filing I-T returns.
  • 3
    Aadhaar data is accessible to private companies.

On June 1, the revenue department of the finance ministry issued a notification making linking of Aadhaar with bank accounts mandatory.

The notification amended the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 to make quoting of Aadhaar mandatory along with PAN or Form 60 by individuals, companies and partnership firms for all financial transactions of Rs 50,000 or above.

This has intensified the privacy debate in the country. West Bengal Chief Minister Mamata Banerjee termed it anti-poor and said, “Aadhaar has serious issues about privacy.” The Supreme Court is already seized with the question of privacy versus Aadhaar.


The Supreme Court has more than once told the government not to make Aadhaar mandatory for citizens.

In 2015, on two occasions, the Supreme Court ruled that “it is not mandatory for a citizen to obtain an Aadhaar card” asking the government to advertise this prominently.

The production of an Aadhaar card will not be condition for obtaining any benefits otherwise due to a citizen, the Supreme Court had said. However, the apex court has allowed the government to link various schemes including MNREGS, LPG, PDS, EPFO, Old Age Pension etc with Aadhaar.

But, the Supreme Court ruling in 2015 clearly read, “… the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other.”

The apex court has set up a constitutional bench to hear Aadhaar case. The Aadhaar Act 2016 also does not make Aadhaar mandatory for citizens.


While the case is pending in the Supreme Court, the government has moved fast with Aadhaar enrollment drive.

This was backed by the Budget 2017 (passed by Parliament), which mandated seeding of Aadhaar number with Permanent Account Number (PAN).

Then came the amended Finance Act 2017. It made enrollment in Aadhaar compulsory for obtaining a PAN and filing Income Tax returns.

The government has court’s permission to link its welfare schemes – which are voluntary in nature – with Aadhaar, which, the apex court said, could only be voluntary. This means that if a citizen does not want to avail benefits of those schemes like Old Age Pension, Widow Pension etc, s/he can stay away from Aadhaar.

The Finance Act effectively meant that an earning member of Indian society is a potential criminal if s/he does not have an Aadhaar as the citizen would not be able to file I-T returns, which s/he is legally bound to do.


Recently a report by the Centre for Internet Society said that more than 13 crore Aadhaar data were leaked, stolen or compromised.

Leakage of Aadhaar data of cricketer Mahendra Singh Dhoni‘s family members made headlines. Similar leakage of lesser mortals must have gone unnoticed.

Section 29 of the Aadhaar Act prohibits sharing, publishing, displaying or posting publicly the core biometric information collected under the project except in “the interest of national security”. However, the Act does not state what constitutes national security.

Further, Section 57 of the Aadhaar Act, 2016 allows private companies to use the Aadhaar data to establish “identity of an individual for any purpose”.

There are several reports confirming that the Aadhaar data of Indian citizens are with companies like Accenture, Ernst and Young, L-1 Identity Solutions – the American biometric technology provider and of course, Microsoft whose Skype Lite recently ruffled many privacy right activists in the country.

The Unique Identification Authority of India (UIDAI) and the government allow access to Aadhaar data of people by these companies through Authentication User Agencies, which are both governmental and non-governmental entities.


According to an online survey conducted by noted citizen engagement platform LocalCircles, about 86 per cent of the respondents were in favour of a privacy law in India. Over 9,600 people participated in the survey.

Nearly 60 per cent of the respondents identified 18 attributes including biometrics and financial transactions to be brought under the purview of the privacy law. These attributes are:

Biometrics: Iris/retina scan, finger print scan, DNA

Personal: Aahaar details, passport details, date of birth, voter ID card details, mobile phone details, residential address information, family details, medical records

Financial: PAN card information, Bank account details, credit ratings, salary/compensation, performance at work, debit/credit card details, income tax details


There is no specific law passed by Parliament for protection against breach of privacy of individuals in India. A bill, Privacy Bill, 2011 was drafted by the UPA-II government but it is hanging fire since then.

Prime Minister Narendra Modi is said to have asked his ministerial colleagues to speed up the process regarding the Privacy Bill, on which last discussion is said to have taken place in March, 2015. The Bill is apparently on hold due to objections from intelligence agencies.

Only the Information Technology Act, 2000 has some express provision guarding individuals against breach of privacy by corporate entities. Section 43A was inserted into the IT Act in 2008 which makes the companies compromising sensitive personal data liable to pay compensation.

The government made eight rules on the basis of Section 43A of the IT Act. Beyond this, the right to privacy is dealt with under Article 21 of the Constitution which guarantees right to life and personal liberty.


In August 2015, while hearing the Aadhaar case, the Supreme Court referred the question of the constitutional validity of the right to privacy as fundamental right to a larger bench, which has now been constituted.

But, this was not the first time when the apex court dealt with the right to privacy question. In 1954, an eight-judge bench in MP Sharma vs Satish Chandra case and in 1962 a six-judge bench of the Supreme Court in Kharak Singh vs State of Uttar Pradesh case had equated the right to privacy with right to personal liberty but rejected it as fundamental or constitutional right.

The Delhi High Court had decriminalised homosexuality ruling a reading down of a provision in the IPC Section 377 that makes the act a crime. However, the Supreme Court later rejected the right to privacy theory in the matter upholding Section 377 of IPC.

The Supreme Court will be revisiting its old rulings and renewed legal debates when it reopens after the summer vacation and the Aadhaar case is brought up for hearing.