-Bridge the Gap Bring the Change

The #RightToPrivacy Judgement and it Implications for #Aadhaar


The verdict has altered unrecognisably the idea of state power. It is against this altered standard that the court will test the privacy violations of the UID project. By USHA RAMANATHAN

THE NINE-JUDGE BENCH OF THE SUPREME Court has propelled the privacy right to a place that is far higher than it was before this decision. In 2012, when the Justice A.P. Shah Committee (of which I was a member) was considering the contours of the right, it was a right that had been developing incrementally, case by case, and slowly acquiring an identity in fundamental rights jurisprudence. Some even considered it a “weak” right. That is now a thing of the past. While the detailing of the right will continue to happen as situations emerge where the right is asserted, the status of the right has been definitively pronounced by the nine-judge bench. The right to privacy is now a part of the rights and freedoms that are in the “Fundamental Rights” Chapter of the Constitution. It is closely allied to dignity. It is now “an intrinsic part of the right to life and liberty”.

This happened because of the doubts that the Attorney General cast on the very existence of the right.

Since 2012 and 2013, several petitions have been filed in the Supreme Court challenging the Unique Identification Authority of India’s (UIDAI) Aadhaar project on a range of grounds. It was a project that had been started without a feasibility report, with no law, no clarity on what it was and how it would be used, and what it meant for citizens’ rights and for state power over people. Biometrics were untested and UIDAI documents testified to this. There were fears that the poor would get excluded from services to which they were entitled: an apprehension that has come to pass and which academics, activists and journalists have documented.

The centralisation of data as also the involvement of foreign companies with close links to the United StatesCentral Intelligence Agency (CIA) and Homeland Security and the French government were serious concerns. There were concerns about the potential for surveillance that this project was creating, about the convergence of data, and the breaking down of silos of information, profiling, tracking, and identity fraud. These, then, were matters of individual privacy, personal security, national security and exclusion.

Since September 2013, the court had repeatedly tried to halt the coercive way in which the project was being carried out, even as the cases were pending determination in the court. In March 2014, the government argued before the Supreme Court that the UIDAI should not be asked to share biometric information that was held in the database with the Central Bureau of Investigation (CBI) because it had to protect the privacy interests of those who had enrolled in their database. On March 16, 2015, a bench of three judges tasked with hearing and deciding on the challenges to the UID project fixed a date in July for the hearings. It was when these hearings got under way, that is, in August 2015, that the Attorney General surprised the court, and everyone else too, with his claim that the people of this country did not have a right to privacy.

Another court, another stand

Interestingly, though, this was not what the government was saying in other fora. In another court, down the corridor of the Supreme Court, in the same week, another bench of two judges was dealing with the question of striking down defamation as an offence in criminal law. There the government was saying that the privacy of the people was involved in the offence of defamation, that privacy was a fundamental right, and that the government was concerned about protecting that fundamental right, and so the court must not strike it down. Earlier this year, in the WhatsApp case, it was argued for the government that digital data were a reflection of individual personality and were protected by Article 21, which guarantees the right to life and personal liberty.

Why the denial of the right to privacy only in the UID cases? It could have been a tactical attempt to have the final decision in the case deferred until an indefinite date, which would have allowed the government to keep expanding the project in ways that would make it difficult to dismantle. On March 16, 2015, the apprehension was that the government was using every delay in hearing the case to fortify its fait accompli; the judges had been clear that they would not accept the fait accompli argument. Yet, every delay was, in fact, used by the government to use coercion and threat of denial of service to build up its database and have the Aadhaar numbers “seeded” in as many databases as it could think of.

Or it could have been a genuine concern that the UID project would not survive the test of privacy. There is forced biometrics capture, “seeding” of the numbers, the “e-KYC” service to private companies in which the demographic data and photograph held in the UIDAI database are transferred to private companies, convergence of data from different databases, the surveillance potential that is created, and the loss of control over one’s own biometrics. This is just an illustrative list. Recent days have been witness to leaks, where various State agencies and departments have casually displayed the numbers along with a range of information about people on public, easily accessible, websites. Private players have begun to demand the numbers. More, the government has begun to demand that the numbers be given to private agencies, such as mobile phone service providers, banks and schools, on pain of losing the service or even having their monies frozen in their accounts. Denying the existence of the right may have been the only route to save the project.

The constitution of the nine-judge bench was entirely unexpected when it happened. In January 2017, when Shyam Divan mentioned the matter before Chief Justice J.S. Khehar, who had just taken charge, he was told that the Chief Justice did not have the judges to spare. At that time it was not clear if the bench would be composed of 5 or 7 or 9 judges. On July 18, a five-judge bench began to hear the matter and then, quite without warning, the Chief Justice announced that a nine-judge bench would sit the next day and hear and decide the issue of privacy. Nine, because the 1954 decision in the M.P. Sharma case, which was one of the two decisions that the Attorney General had said had denied the right to privacy, had had 8 judges on the bench.

In a twist of fate, therefore, the government’s move to erase the right to privacy ended up producing a right much stronger than any that could have been imagined. Nine judges can do a lot. They can overrule judgments of other Constitution benches of lesser strength—as they did the infamous Emergency decision in what is called the “habeas corpus” case, which has been an embarrassing burden that the judiciary has had to bear for over 40 years. They can set right interpretations and understanding that they see as having gone wrong, as they did with the 2013 decision of the Supreme Court in the Section 377 case which criminalises homosexuality. They can authoritatively pronounce on rights and wrongs, and it cannot be lightly disturbed because it will need a larger bench to reverse a nine-judge bench order, and that does not happen every day. That is why there was anxiety about what the court would do, because it is likely to be the law for a long, long time.

This has then opened up the privacy dimensions of the challenge, with this difference: that it is a stronger right that will have to be answered than when the privacy right was claimed not to exist in August 2015.

Since the judgment, proponents of the project have said that privacy advocates have been proved wrong because the court has held that the right to privacy is not absolute, but can be restricted. This is misleading. Nobody claimed that privacy was an absolute right. No right is absolute. Even the right to life can be denied so long as it is according to procedure established by law. But it cannot be just any law. It has to be a law that is just, fair and reasonable. The state will have to establish that there is a legitimate need: merely saying that it is a need will not do. And it should be proportionate, which, as the court said, “ensures a rational nexus between the objects and the means adopted to achieve them”.

The court has illustrated what may be a legitimate state aim which may allow for some intrusion into the privacy right. National security, siphoning off public resources intended for the impoverished, data mining for ensuring that benefits reach intended beneficiaries, and prevention and investigation of crime illustrate what the court indicated could be legitimate state aims. There is little to disagree with in these broad descriptions of “legitimate state aims”.

What a strong privacy right does is to raise the threshold for the test of constitutionality of the infringement, with the incursions into the privacy right being placed under strict scrutiny. The test is much, much more stringent after this judgment. The right is now not just strong but also fundamental, and any restriction on the right is the exception, which restriction will have to meet the tests set by the court. The idea of state power, which was implicit in the denial of privacy by the state, has been altered unrecognisably. It is against this altered standard that the privacy violations of the UID project will be tested by the court that will now hear the case.

Usha Ramanathan works on the jurisprudence of law, poverty and rights.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Kractivism — Powered by WordPress

Theme by Anders NorenUp ↑