Subscribe to the Bombay Chartered Accountant Journal Subscribe Now!

October 2017

Aadhaar and the Right to Privacy: An Overkill by Over linking?

By Gautam Nayak
Member
Editorial Board
Reading Time 8 mins

Aadhaar seems
to be the flavour of the day for the Government. In the past few months, the
Government has gone on an overdrive to link all persons, transactions and other
digital initiatives through Aadhaar. Linking of PAN to Aadhaar was made
mandatory to be done before 31st August 2017 (now extended to 31st
December 2017). Providing Aadhaar for all bank accounts before 31st
December 2017 has been made mandatory under the Prevention of Money Laundering
(Maintenance of Records) Rules.Besides the requirement of obtaining Permanent
Account Number, Aadhaar number of the purchaser for all financial transactions
exceeding Rs. 50,000 has been introduced.Linking of all mobile SIM cards with
Aadhaar before 6th February 2018 has also been made mandatory. The
requirement of quoting of Aadhaar on registration of a death has also been
introduced from 1st October 2017. MCA has announced its intention to
make all MCA21 services linked to Aadhaar. The Government has also stated its
intention of linking all driving licences with Aadhaar shortly.

 While one
appreciates the need from a security perspective to link all these transactions
or accounts with the Aadhar number, a few questions do arise as to the manner
and haste with which this is being implemented. If one examines the provisions
of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits
and Services) Act, 2016, section 3(1) clearly provides that every resident shall be entitled to obtain an Aadhaar number
by submitting his demographic information and biometric information by undergoing
the process of enrolment. Therefore, obtaining an Aadhaar number is not
mandatory under the Aadhaar Act, but optional. This was confirmed by the
Supreme Court in Binoy Viswam’s case (396 ITR 66), where the mandatory linking
of Aadhaar number with PAN was challenged.

Section 7 of
the Aadhaar Act provides that the Government, for the purpose of establishing
identity of an individual as a condition for receipt of a subsidy, benefit or
service, may require that such individual undergo authentication,or furnish
proof of possession of Aadhaar number, or in the case of an individual to whom
no Aadhaar number has been assigned, such individual makes an application for
enrolment. The proviso to this section states that if an Aadhaar number is not
assigned to an individual, the individual shall be offered alternate and viable
means of identification for delivery of the subsidy, benefit or service.

Therefore,
the very basis of the Aadhaar Act was that Aadhaar is optional, only for
purposes of subsidies, benefits or services, and that alternative and viable
means of identification should also be offered to persons who did not have
Aadhaar number.
Given
this, without amending the Aadhaar Act, is the Government justified in making
it mandatory under other laws?  Of course,
in Binoy Viswam’s case, the Supreme Court upheld the legality of the
requirement u/s.139AA of the Income Tax Act to link every PAN with the Aadhaar
number, justifying it on the ground of the need to check corruption and black
money, to tackle the problems of terrorism and crime and to ensure that
subsidies reach the right person. This decision was rendered subject to the
issue pending before the Supreme Court on whether the right to privacy, which
may be violated by the requirement of furnishing Aadhaar, was a fundamental
right under the Constitution.

A nine-judge
bench of the Supreme Court, in the case of Justice K. S. Puttaswamy vs. Union
of India, has now held that the right to privacy is a fundamental right under
the Constitution. It has further held that an invasion of life or personal
liberty must meet the three-fold requirement of (i) legality, which postulates
the existence of law; (ii) need, defined in terms of a legitimate state aim;
and (iii) proportionality which ensures a rational nexus between the objects
and the means adopted to achieve them. The Supreme Court further held:

 “We commend to the Union Government the need to
examine and put into place a robust regime for data protection. The creation of
such a regime requires a careful and sensitive balance between individual
interests and legitimate concerns of the State. The legitimate aims of the
State would include for instance protecting national security, preventing and
investigating crime, encouraging innovation and the spread of knowledge, and
preventing the dissipation of social welfare benefits. These are matters of
policy to be considered by the Union government while designing a carefully
structured regime for the protection of the data.”

While the legal
position of whether the requirements of mandatorily linking bank accounts, PAN
and mobile SIMs to Aadhaar violate this right to privacy would be taken up by the Supreme
Court in November 2017, other questions as to whether this is the right
approach by the Government do arise.

From a
situation where Indian residents are informed that Aadhaar is optional, to make
it compulsory under other laws may be legally correct, but is it morally
correct? Does this backdoor approach not amount to misleading the public? First
asking citizens to obtain Aadhaar which is meant to give benefits under social
schemes, then, steadily making Aadhaar mandatory for one thing after another!
Is it morally correct to burden citizens, especially those outside most social
benefit schemes to mandatorily quote Aadhaar in spite of them having obtained
PAN and other KYC registrations?

Again, in
law, Aadhaar was meant to ensure targeted delivery of subsidies, benefits and
services by the Government. What is the subsidy, benefit or service provided by
the Government when I file my tax returns, operate my bank account, use my
mobile phone or purchase jewellery exceeding Rs.50,000? Should not the
Government first amend the Aadhaar law, clarify the complete purpose of
Aadhaar, define benefits to every citizen and the State, put a security
apparatus in place for those who are keeping this identity information, and
then implement these requirements?

Viewed from the
perspective of observance of the right to privacy, versus the legitimate
concerns of the State, one can understand the need to link bank accounts with
Aadhaar ((e.g. to check money laundering). But what is the compelling need to
link mobile numbers or driving licences or death certificates with Aadhaar? One
can understand that this will help improve governance in these areas, or help
in tracing persons. But is this so necessary that it overshadows the right to
privacy? In almost all countries, obtaining a SIM card is an easy process, and
one does not need a domestic national identity proof / social security number
to obtain a SIM card. Is this therefore a case of overkill?

Through these
requirements, the Government is effectively making Aadhaar mandatory. Today, a
mobile phone is almost a necessity, a driving licence ensures that you can move
around even in the absence of efficient public transport, and it is not
possible to carry out some basic economic transactions without a bank account,
given the restrictions on cash payments. So a person is left with no choice but
to compromise his right to privacy in order to obtain an Aadhaar number due to
these requirements. What was meant to give benefits is now an impediment to
deny basic benefits citizens are entitled to and pay for!

There is also
the problem of the exceptional cases. Many senior citizens are unable to have
their fingerprints captured, due to their fingerprints being flattened and
faded by old age. They are unable to obtain Aadhaar, even if they have the
desire to do so. How do non-residents obtain SIM cards for use during their
visits to India without an Aadhaar number, for which they are not eligible?
Non-resident accounts obviously cannot comply with the requirement of linking
their bank accounts to Aadhaar. The Government in the past has come in for a
lot of flak for implementing schemes in haste without proper planning or
considering all the ramifications. The same fate should not befall this
initiative. Therefore, all these exceptions need to be thought through and
exemptions provided for, just as was done in the case of linking of PAN to
Aadhaar.

Given the large
number of hacking incidents involving hitherto thought safe databases (such as
Equifax) that one reads about, and given the different places at which the
Aadhaar numbers would be provided, the likelihood of leakage of Aadhaar data is
quite high. Should the Government not provide in the law for insurance or
compensation to persons affected by any such leak? After all, it is at the
behest of the Government that one is being forced to obtain and provide an
Aadhaar number.

Lastly, should
not a citizen, who just wants to comply with the law, and lead a quiet, decent
and private life without much Government interference, be allowed to do so? Can
we really see a situation of “less Government, more governance” graduate from
just being a slogan, to becoming a reality in our lifetimes?

You May Also Like