A nine-judge bench of the Supreme Court pronounced its verdict on Right to Privacy and in the digital era, a new equation between the state and the civil society has been established. The Right to Privacy also impacts the outcome of several cases where aspects of Aadhaar have been challenged, with petitioners arguing that making the scheme mandatory violates Fundamental Rights.
Addressing the media, Union Law Minister Ravi Shankar Prasad maintained that the government has always acknowledged the need for privacy, stating that his party colleague and Finance Minister Arun Jaitley told the Rajya Sabha that, "Right to Privacy is a Fundamental Right".
The verdict is being seen as a major setback for the government, which had earlier argued in the apex court that the Constitution does not guarantee individual privacy as an inalienable Fundamental Right. "The Right to Privacy is protected as an intrinsic part of the Right to Life and Personal Liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution," the judges declared in the 547-page order.
But the verdict also raises a pertinent question: What happens to Aadhaar, 12 digit unique-identity number issued to all Indian residents based on their biometric and demographic data?
"The question often asked to me is that if privacy is a Fundamental Right, then wouldn't Aadhaar fail? I think that is the wrong conclusion. We should keep the Aadhaar consideration away at the moment because that matter is being considered by another bench of the honourable Supreme Court of India. Now the question is, in Aadhaar, if biometric information is being taken, is it being taken under a legal architecture which will make sure that the right to privacy is not breached? If the right to privacy is breached, that architecture will fail and has to be changed. That aspect is being considered by another bench and nobody should speculate about it," senior advocate Sajan Poovayya told Firstpost. He is on the petitioner’s side for the impleading applicant Rajeev Chandrasekhar, Member of Parliament from Karnataka.
Litigator Apar Gupta, who authored the book Commentary on Information Technology Act in 2011, stated that this is a big victory for privacy in India. "The right is now grounded not only in Article 21 but all Part-III Fundamental Rights. This will practically allow the court to develop privacy as a right in subsequent judgments to its full vitality. The Aadhaar cases will now move ahead to a comprehensive and substantive hearing. The first, clear impact is that its legality will be decided," he said.
Mere kilometres away from the Supreme Court of India, the Cabinet Secretariat at Raisina Hill is facing the challenge of securing the Aadhaar data and of ensuring 100 per cent Aadhaar-based Direct Benefit Transfer (DBT) by 31 March, 2018. Since May this year, Cabinet secretary PK Sinha has been working to achieve both the targets. On July 7, 2017, just days before Aadhaar hearing in the apex court, Sinha spoke to top bureaucrats in the central government to discuss the issue.
"While progress has been made in implementing Aadhaar-based DBT in major schemes, the work needs to be completed on a mission mode. Specifically, in all schemes where 50 percent Aadhaar seeding has already been achieved, 100 per cent Aadhaar seeding of beneficiaries in scheme databases may be targeted for achievement by 31 December, 2017. For all other schemes this may be done by 31 March, 2018," Sinha wrote, in a note to top secretaries of the Centre that was procured by Firstpost.
Simultaneously, Sinha has issued direction for authentication of Aadhaar and de-duplication of the beneficiary database to be carried out to weed out ghost beneficiaries for better targeting of schemes and preventing syphoning off public money. "This will enable better targeting of programmes, resulting in saving of public funds," stated Sinha.
Top bureaucrats representing different ministries were recently invited to the committee room of the Cabinet Secretariat to up the game against the tardy handling of sensitive data. Ajay Bhushan Pandey, CEO of Unique Identification Authority of India (UIDAI) in his presentation made it amply clear that publishing of such sensitive personal data or identity information in public domain is clear violation of Information Technology Act, 2000 and Aadhaar Act, 2016.
"Aadhaar Act stipulates that core biometric information cannot be shared with anyone or used for any purpose other than generation of Aadhaar numbers and authentication. Further, identity information available to a requesting entity cannot be shared without consent of the individual and can only be used for the specific purpose for which such consent has been given by that individual," Pandey had said.
Pandey apprised that the full Aadhaar number should not be published on websites or printed on certificates, cards, licenses etc and if an agency is storing Aadhaar numbers, the data must be encrypted and stored; regular audit must be conducted and only STQC/UIDAI certified biometric devices be used for authentication and the issue that change of address should be allowed with proper authentication should be addressed.
So far, Aadhaar numbers have been issued to about 99 per cent of the adult population and Aadhaar seeding of beneficiaries of various schemes is being carried out, the note said. Pandey said the issue of privacy of personal sensitive data and Aadhaar has been taken up in a bunch of petitions filed in various courts and it is imperative that the government departments and agencies should take utmost care while handling sensitive personal data and Aadhaar numbers and they must follow the provision of rules.
The Future of Privacy Rules
The Supreme Court has directed the government to ensure a robust regime for data protection. The various arms of the government debating Right To privacy law since the last couple of years have different views on privacy, data collection and data breach.
In the wake of Supreme Court judgment, the government will have to frame the rules keeping in mind the Supreme Court observation. "Now, the government doesn't have absolute right to decide parameters and extent of privacy. They need to frame the rules and it will be tested on the touchstone of Right to Privacy in the Constitution. The rules will have to be in sync with the judgment and it is government duty to protect the data and frame rules so there is no breach," a source in the Ministry of Personnel, Public Grievances and Pensions stated.
Updated Date: Aug 25, 2017 14:53 PM