Continuing our discussion on the Judgement of the three Judges, Dipak Mishra, A K Sikri and A W Khanwilkar, responding to the first issue answered by them namely,
(1) Whether the Aadhaar Project creates or has tendency to create surveillance state and is, thus, unconstitutional on this ground?
(a) What is the magnitude of protection that need to be accorded to collection, storage and usage of biometric data?
(b) Whether the Aadhaar Act and Rules provide such protection, including in respect of data minimisation, purpose limitation, time period for data retention and data protection and security?
the judges have responded..
(iii) Section 33(1) of the Aadhaar Act is read down by clarifying that an individual, whose information is sought to be released, shall be afforded an opportunity of hearing.
The Section 33(1) as it stands today reads:
33. (1) Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a District Judge:
Provided that no order by the court under this sub-section shall be made without giving an opportunity of hearing to the Authority.
The sections 28(2), 28(5) and 29(2), of Aadhaar Act relate to Security and Confidentiality of Information and state as follows:
28(2) Subject to the provisions of this Act, the Authority shall ensure confidentiality of identity information and authentication records of individuals.
28 (5) Notwithstanding anything contained in any other law for the time being in force, and save as otherwise provided in this Act, the Authority or any of its officers or other employees or any agency that maintains the Central Identities Data Repository shall not, whether during his service or thereafter, reveal any information stored in the Central Identities Data Repository or authentication record to anyone:
Provided that an Aadhaar number holder may request the Authority to provide access
to his identity information excluding his core biometric information in such manner as may be specified by regulations.
29(2) (2) The identity information, other than core biometric information, collected or created under this Act may be shared only in accordance with the provisions of this Act and in such manner as may be specified by regulations.
It is not clear if a “reading down” was required since 33(1) provides that on the orders of the Court (District Court and above), information can be disclosed. The section alredy mentions that the person whose data is sought to be released, would be given an opportunity of hearing.
The provision as it exists and as is clarified reiterates that there cannot be a collection of data say for intelligence purpose without the knowledge of the aadhaar holder. This is a matter which the law enforcement agencies need to discuss whether it adversely affects the national security.
In a practical situation, if the Law Enforcement comes across a biometric which relates to a suspicious person, and wants to identify the person, the law enforcement agency cannot rely on the Aadhaar data base like their own NCRB data to identify the suspicious person. If therefore a terrorist is trying to escape in an Airport and the agencies have a doubt about the identity of the person, they cannot make a real time verification with the aadhaar data base. They may however detain him on suspicion and get a warrant and then check his identity. Either the law enforcement would resort to this method which is more inconvenient if the suspicion is wrong or they will let people slip through except when they have some very strong suspicion.
By such provisions, the law is being made Criminal friendly and it is not helping the honest citizen of the country who has his own stake in the national security.
The PDPA 2018 needs to have appropriate provisions to prevent such unfair restrictions to be imposed on the verification of identity of suspects with reference to the Aadhaar data. This is not amounting to “Surveillance” but is a security requirement.
Disclaimer: The views expressed here and elsewhere on this site are the personal views of Naavi and not the views of any organization or group that he may be associated with.