Briefly discusses the Aadhaar Act, 2016 and brings out its dubious legality

1. Right to Privacy and the Aadhaar Act, 2016 – An Alternative Perception
Shantanu Basu
In the context of the Hon’ble Supreme Court’s order on privacy under Art. 21 of the
Constitution, I thought it was entirely appropriate to take a closer look at the Aadhaar Act,
20161. The results of my amateurish reading and understanding make for interesting reading.
S. 7 of the Act clearly states that the Central Government or, as the case may be, the State
Government may, for the purpose of establishing identity of an individual as a condition for
receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the
receipt therefrom forms part of, the Consolidated Fund of India, require that such individual
undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an
individual to whom no Aadhaar number has been assigned, such individual makes an
application for enrolment. Provided that if an Aadhaar number is not assigned to an
individual, the individual shall be offered alternate and viable means of identification for
delivery of the subsidy, benefit or service.
Moreover, S. 29(1) states that no core biometric information, collected or created under this
Act, shall be shared with anyone for any reason whatsoever or used for any purpose other
than generation of Aadhaar numbers and authentication under this Act. Further, S. 8(2) states
that a requesting entity shall unless otherwise provided in this Act, obtain the consent of an
individual before collecting his identity information for the purposes of authentication in such
manner as may be specified by regulations and ensure that the identity information of an
individual is only used for submission to the Central Identities Data Repository for
authentication. S. 10 states that UIDAI may engage one or more entities to establish and
maintain the Central Identities Data Repository and to perform any other functions as may be
specified by regulations.
S. 23 (2) (c) states that UIDAI may appoint one or more entities to operate the Central
Identities Data Repository while sub-clause(1) stipulates that UIDAI shall develop the policy,
procedure and systems for issuing Aadhaar numbers to individuals and perform
authentication thereof under this Act. In sum, there is nothing binding on UIDAI to hire non-
state agencies to operate the Central Identities Data Repository. Likewise, S. 15(3) empowers
UIDAI to enter into Memorandum of Understanding or agreement, as the case may be, with
the Central Government or State Governments or Union territories or other agencies for the
purpose of performing any of the functions in relation to collecting, storing, securing or
processing of information or delivery of Aadhaar numbers to individuals or performing
authentication. UIDAI also has powers to appoint any number of Registrars, engage and
authorize such agencies to collect, store, secure, process information or do authentication or
perform such other functions in relation thereto, as may be necessary for the purposes of this
Act. It may also engage such consultants, advisors and other persons as may be required for
efficient discharge of its functions under this Act on such allowances or remuneration and
terms and conditions as may be specified by contract. Finally, S. 28(4) says that, without
prejudice to sub-sections (1) and (2), the Authority shall ensure that the agencies, consultants,
advisors or other persons appointed or engaged for performing any function of the Authority
under this Act, have in place appropriate technical and organizational security measures for
all information held by it.
1
UIDAI: Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, extracted on Aug
25, 2017 from https://uidai.gov.in/images/the_aadhaar_act_2016.pdf

2. However, the cherry on the cake is S. 9. This states that an Aadhaar number or the
authentication thereof shall not, by itself, confer any right of, or be proof of, citizenship or
domicile in respect of an Aadhaar number holder. Since no single subsidy, benefit or service
is rendered gratis by the State, nor is Aadhaar even remotely connected to bona fide
citizenship, what is the purpose of granting constitutional and legal status to it? Moreover, it
is the responsibility of states and the Union to verify actual beneficiaries of direct benefits
transfer and they already have adequate machinery for this purpose. More than a third of
India’s population may comprise of illegal migrants and other foreigners that were
thoughtlessly granted the right of perpetual abode and work in India. Wouldn’t suitable
amendments to the Citizenship Act be more appropriate than enforcing Aadhaar that does not
distinguish between Indian and foreigner? Why should bona fide citizens pay out for
subsidies, benefits and services that illegal migrants and other ineligible foreigners also avail?
Or is there something much more sinister?
Since I get no handouts from governments, why should I have to mandatorily furnish my
biometric and other details for e-authentication? Likewise, financial services available to
public are certainly not handouts from governments and far from being gratis state subsidy,
benefit or services such as municipal, registration, births & deaths, etc. Then why am I being
constantly badgered, even brazenly threatened with freezing, to link my PAN and bank
accounts with my Aadhaar number?
Not a single state-rendered service today comes gratis. Income tax, VAT, GST, Customs,
Property tax, registration, development fees, building plan sanctions and approvals, birth &
death and marriage certificates, court application fees, stamp duty, myriad more, are citizens’
payments for these subsidies, benefits and services. Therefore how does any subsidy, benefit
or service bankrolled from the Consolidated Fund of India come within the ambit of the Act
at all? If someone, particularly the old, infirm and challenged, cannot enroll themselves,
should they be denied even paid services by state entities? Pensions for government
employees too are an earned benefit, not a gratis handout. Then why must a pensioner have to
give his pension-paying bank branch a life certificate supported with a copy of his/her Aadhar
card in November each year?
The definition of a ‘requesting agency’ is not laid down anywhere in the Act, nor is there any
distinction between a government entity and a non-government one. Presumably, this term
refers to such entitites that deliver gratis subsidy, benefits or services. Then under what
provision of the Act is the Income Tax Dept. of GOI making it mandatory to link PAN and
Aadhaar for submitting tax returns and linking Aadhaar no. with each bank account?
How is willing consent relevant when governments have made willingness a slave of
compliance by force? When identity information of an individual is only used for submission
to the Central Identities Data Repository of UIDAI for authentication, how are other entities,
entitled to verify these details when the subsidy, benefit or service they provide is not charity,
but funded entirely by taxes and imposts paid by citizens? Likewise, under what authority are
government entities like local bodies, banks, mobile phone service providers, registering
authorities, etc. mandating a copy of a person’s Aadhaar card for all transactions, monetary
and non-monetary? What security of repository data may be expected of non-government
agencies that deliver subsidy, benefits, or services, entities that collect biometric data,
contracted and consulting employees and implementing agencies/contractors of UIDAI, given
India’s glacial judicial system and sub-par and often politically motivated police
investigation? Aadhaar holders are better off in a system in which they get paid for selling
their data. At least that would leave them financially better off in times of deepening
economic distress.

3. Ironically, the Hon’ble Supreme Court’s order today does not cover the legality of Aadhaar.
Instead it marks the matter to a smaller constitutional bench. Interestingly, the Hon’ble
Court’s order does not refer to any of the above provisions of the Act either in its own
observations or from submissions made by Petitioners. Presumably, none bothered to even
read the Act and derive their arguments from it. In the end, what India received today was a
vague inclusion of privacy under Art. 21 without a clue on this order would be made use of in
challenging the above provisions of the Act as unconstitutional.
UIDAI is being portrayed as the knight in shining armor to destroy a cash-based economy
and propel it to a digital transaction-based one. And who are the biggest beneficiaries of this
transition? Financial institutions, technology service providers and hardware companies, card
service providers, financial portal managers, data managers and miners, data resellers and
hawkers, few domestic, the majority western. We still use western hardware and software, the
source codes of which are not in our hands. Isn’t that bad enough?
Failure to manage the integrity of cash transactions and its own legal tender is hardly an
excuse to digitize the world’s third largest economy. Europe’s largest economy, Germany,
uses corpulent amounts of cash for Germans buy almost everything in cash. Yet there is
hardly much of a parallel economy. The US too uses copious amounts of cash even today.
Then why does India need Aadhaar when it already has overlapping mountains of
unimplemented legislation, poor monitoring, and no compliance and/or enforcement
whatever by the three divisions of the State? (1490 words)
The author is a senior public policy analyst and commentator