Village women stand in a queue to get themselves enrolled for the Unique Identification (UID) database system at Merta district in the desert Indian state of Rajasthan on February 22, 2013. 

© 2013 Reuters
(New York) – India’s Supreme Court upheld the constitutionality of the biometric identification project, Aadhaar, on September 26, 2018, Human Rights Watch said today.

In its ruling, the court said that the government could make Aadhaar a requirement to access government benefits and for filing income tax, but restricted it for other purposes. The government should create adequate safeguards to ensure that an Aadhaar registration requirement does not prevent poor and marginalized people from getting essential services that are constitutionally guaranteed, including food and health care.

“Aadhaar has led to further marginalization of the poorest and most vulnerable people by denying them access to critically needed subsidies and benefits,” said Meenakshi Ganguly, South Asia director at Human Rights Watch. “The government should ensure there that is greater accountability and transparency by Aadhaar and not impose unnecessary identification requirements that violate privacy rights.”

While the ruling disappointed privacy advocates in upholding the mandatory and sweeping program of government biodata collection, the court did impose important limitations on the widely spreading use of Aadhaar identification. The four-to-one majority judgment barred private companies from demanding Aadhaar and also said that schools, banks, and telecom companies cannot make Aadhaar compulsory for their services.

The dissenting judge said that the entire Aadhar program since 2009 had raised constitutional concerns and violated fundamental rights and called the law in its entirety unconstitutional. India’s central government welcomed the ruling and the Information and Technology Minister called it “historic.”

The Aadhaar project is run by the Unique Identification Authority of India (UIDAI), a statutory body of the Indian government set up in 2009. It collects personal and biometric data such as fingerprints, facial photographs, and iris scans, and issues 12-digit individualized identity numbers. Aadhaar was initially meant to be voluntary, aimed at eliminating fraud in government welfare programs and giving people a form of identification.

However, the Aadhaar Act of 2016 and subsequent notifications and licensing agreements dramatically increased the scope of the project, making Aadhaar enrollment mandatory for people to access a range of essential services and benefits including government subsidies, pensions, and scholarships. It was also linked to services such as banking, insurance, telephone, and the internet.

Access to Essential Services

Numerous reports by media, researchers, and rights groups found that shops providing subsidized food grains as part of the government’s public distribution system to people living in poverty denied supplies to eligible families who did not have an Aadhaar number or had not linked it to their ration cards, or because the authentication of their biometric data such as fingerprints failed. Local human rights groups and media have reported some cases in which people starved to death as a result. Poor internet connectivity, machine malfunction, and worn out fingerprints such as those of older people or manual laborers have further exacerbated the problem of biometric authentication.

Rajasthan state activists reported that between September 2016 and June 2017, after the Aadhaar authentication was made mandatory, at least 2.5 million families were unable to get food rations. In October 2017, the central government instructed states not to deny subsidized food grains to eligible families merely because they did not have an Aadhaar number, or had not linked their ration cards to it. However, reports of denied benefits continued.

The court said that the authorities should investigate cases in which authentication failed and adopt alternate methods for identification. Indian authorities should ensure that problems with biometric authentication or bureaucratic delays do not prevent people from accessing their entitlements or fundamental rights, Human Rights Watch said.

In his dissenting ruling, Justice D. Y. Chandrachud said: “Constitutional guarantees cannot be subject to the vicissitudes of technology. Denial of benefits arising out of any social security scheme which promotes socioeconomic rights of citizens is violative of human dignity and impermissible under our constitutional scheme.”

Right to Privacy

The government says it has issued 1.1 billion Aadhaar numbers to residents of India, not limited to citizens, making it one of the world’s biggest biometric databases. The government’s push for mandatory enrollment and its efforts to link the Aadhaar number to a wide range of services raised grave concerns that it could disproportionately interfere with the right to privacy for millions of people. It also prompted fears of increased state surveillance, with the convergence of various databases making it easier for the government to track information about individuals, and to target dissent.

Several reports have shown that the Aadhaar system is also vulnerable to data breaches and leaks. In 2017 and 2018, government websites published millions of Aadhaar numbers, along with people’s personal information, including bank account information,.. In January, the Tribune newspaper reported that unrestricted access to the personal details of people enrolled in Aadhaar could be purchased for less than US$10 from racketeers. In February 2017, the UIDAI filed a criminal complaint against three companies alleging illegal transactions using stored biometric data.

In August 2017, the Supreme Court stated that the right to privacy was part of the constitutional right to life and personal liberty, overturning government arguments that privacy was not a fundamental right.

The ruling on September 26 held that Aadhaar did not unduly infringe on privacy or necessarily create a surveillance state. In response to privacy and surveillance concerns raised by the petitioners on the issue of metadata collection that it enabled real-time tracking, the court directed that authentication records or transaction logs should not be kept longer than six months.

The Indian parliament should enact a robust privacy framework and data protection law in line with international standards, Human Rights Watch said. The government should provide sufficient safeguards relating to storing and protecting centrally stored data under Aadhaar.

The Aadhaar Act also prevented anyone other than the UIDAI from approaching the courts in case of a breach or violation of the law. However, the court ruling now allows an individual whose right has been violated to file a complaint.

While the court retained the provision allowing for disclosure of information under Aadhaar in the interest of national security, to prevent misuse, it added a requirement for judicial oversight in such cases.

“The court’s decision to restrict private actors from accessing information under Aadhar and limiting its expansion is helpful at a time when there are serious fears of data breach, profiling and surveillance,” Ganguly said. “But there are serious concerns of government overreach in holding people hostage to a 12-digit number in a program riddled with flaws, leaving them at risk of intrusive scrutiny, identity theft or to denial of their basic rights.”