At 128 in 2018 alone, and about 266 instances of internet shutdowns since 2012, India wears the unenviable crown of curtailing internet connectivity because of flimsy political excuses, despite chanting “Digital India” 24 X 7 X 365. Precisely why the validity of the Internet Shutdown Rules has been questioned in no uncertain terms by Shashi Tharoor, who has urged the government to undertake a comprehensive review of the Internet Shutdown Rules.
The September 26 judgment violates the court’s own landmark ruling on citizen’s constitutional right to privacy by failing to address why biometric data is required at all for benefits and services received from government. It also fails to take account of the fact that its own orders were violated by both government and private companies during the pendency of the hearings and that passing of Aadhaar Act as a Money Bill was simply unconstitutional, as echoed in Justice Chandrachud’s strong dissent.
The is a table detailing the provisions and of the Aadhaar Act that were challenged and the grounds argued for their unconstitutionality by the Petitioners; the responses of the respondents, along with the decision on each of the provisions by the three separate opinions.
In the majority judgment passed by the five judge bench of the Supreme Court in the Aadhaar matter (referred to as “the Aadhaar judgment”) yesterday — September 26, 2018, the Supreme Court by a 4:1 majority has held that the Aadhaar project does not tend to create a surveillance state and further declared the Aadhaar Act, save and except some provisions, to be constitutionally valid.
Time will tell how Justice Chandrachud’s judgment will be regarded given that the constitutionality of the Aadhaar scheme and the Act of 2016 has been upheld by Justices Sikri, Khanwilkar, Bhushan, and the CJI Dipak Mishra. The only silver lining in this aspect is that the court declared that Money Bills, under which the Aadhaar Act was passed, are open to judicial scrutiny.
The petitioners are an interesting array of parties, two former judges, several academics, technologists, a few organisations that work for social justice, two retired army personnel who claim that Aadhaar is a massive national security threat, and individuals who have been not given their due services and benefits due to non possession of Aadhaar.
The Petitioner has contended that in the Uttarakhand State Elections held in February 2017, not only the Election Commission officials and employees of Electronics Corporation Of India Limited(ECIL) were allowed access to the EVMs, but also several persons belonging to a private firm M/s T&M Services Consulting Private Limited engaged by the ECIL were allowed to access the EVMs — thereby raising serious concerns and apprehensions about the possibility of a security breach.
While it creates a distinction between personal data, and sensitive personal data,the exemptions under Data Protection Bill include matters of security of state, for prevention, detection, investigation and prosecution of contraventions of law, processing for purposes of legal proceeding, research, archiving, or statistical purposes, personal or domestic purposes, journalistic purposes, or manual processing by small entities.
Aadhaar data-linked sensitive private information on citizens that Central and State governments, and by default, the political parties in power, have access to could easily be used to create caste and religion based voter maps. Such data would be invaluable to a Delimitation Committee mandated with the task of redrawing the boundaries of constituencies, and could well empower such a Committee with the potential to influence the delimitation process in a manner that could influence the outcome of an election in favour of a particular political party/group, thereby unethically influencing the electoral system and undermining democracy.
From its premature Cabinet clearance without any enforceable data protection framework in place, to its muddled approach to consent, in-built technologies of coercion leading to profiling and possible criminalisation of vulnerable groups, invasive information collection methods and mythicisation of the “infallibility” of the DNA technology — the Bill is a confused disarray of State arrogance fused with misplaced reliance on technology that’s still too nebulous for effective and wide-scale use
Provisions that permit personal data processing without express consent are clearly overbroad in comparison to comparable frameworks such as General Data Protection Regulation (GDPR) brought forth by the European Union (EU). The non requirement of necessity and proportionality with respect to personal data processing by the State prima facie seems regressive and violative of the tests laid down by the Puttaswamy verdict.