The issue here is one of procedure: which body has the authority to pass what kinds of rules.
One of the debates about Aadhaar is over the problem of excessive delegation. The legislature often delegates law-making power to the executive, including to regulatory agencies. Such delegation cannot be excessive – Parliament cannot give up its law-making power on fundamental issues, like the balancing of rights.
The doctrine of excessive delegation is closely associated with the rule of law, because the rule of law consists of three components: rule creation, rule application, and rule execution. Excessive delegation bundles these components. The issue here is one of procedure: which body has the authority to pass what kinds of rules.
The excessive delegation challenge to Aadhaar relates to the management and usage of the scheme, especially Sections 7, 8, 23, 28, 32, 50 and 54 of the Aadhaar Act. A reading of these provisions shows that the legislative policy on the management and application of Aadhaar data and safeguards present have been left to the UIDAI, with minimal guidelines. The state’s response to this was straightforward: that the Act had provided enough guidance, both in terms of objectives and principles.
How does one adjudicate such a contest? Delegation is ubiquitous, and excessive delegation is impermissible. But when does delegation become excessive?
In the state’s defence, the Supreme Court has been neither clear nor stringent on this matter in recent years. The threshold that it has set is embarrassingly low. But there are two ways to think about this matter. The first is to closely examine the subject matter at hand. In a case involving fundamental rights, for example, Parliament should perform more rather than less. The second query, as captured by the classic case In re Delhi Laws Act (1951), the question is whether the legislature has sufficiently determined “the legislative policy”.
In this case, the seriousness of the subject matter is incontrovertible. The question is whether the legislative policy has been laid down by Parliament.
Gaps in the policy
In some respects, the policy is clear; for example, Section 7, which specifies services where the expense relates to the Consolidated Fund of India.
In others, however, gaps emerge. For example, Section 23, which empowers the UIDAI to “develop the policy, procedure and systems for issuing Aadhaar numbers to individuals and perform authentication thereof under this Act”. The development rather than implementation of policy by the UIDAI seems like a clear violation. Section 32, covered in our previous piece, too leaves an important policy decision relating to the storage of data with the UIDAI.
These instances are not glaring but matters seem different with Section 28, which leaves the UIDAI with complete direction to determine policy matters relating to security and confidentiality, and Section 54, which seems like a residual provision of sorts. Section 54 has 24 entries, authorising regulating on matters ranging from enrolment to authentication to sharing. As per Section 54(x), “regulations may provide for … any other matter which is required to be, or may be, specified, or in respect of which provision is to be or may be made by regulations”. This provision is, quite simply, self-validating. As such, it is a clear case of excessive delegation. Indeed, it seems to be a case of excessive delegation by definition.
The problem of excessive delegation becomes even more serious if one considers the structure of the UIDAI. The Aadhaar Act does not provide for any review of UIDAI’s functioning (apart from a complete supersession of the body by the Union) and mechanisms for accountability are all internal. Section 47(1), Aadhaar Act, states that “No court shall take cognisance of any offence punishable under this Act, save on a complaint made by the authority or any officer or person authorised by it”.
The state’s answer to this was, in part, persuasive. It rightly argued that Indian constitutionalism has been remarkably flexible on the structure of regulatory agencies. SEBI, for example, performs some degree of legislative, executive, and judicial functions.
But the state’s answer only resolves the problem of bundling and external oversight; it does not solve the problem of excessive delegation because the leeway given to regulatory agencies with regard to bundling and oversight takes place in the context of delegation that cannot be excessive. Even though Section 55 of the Act stipulates that regulations must be laid before Parliament, this addresses the issue of accountability to Parliament, but it does not address the issue of delegation from Parliament.
There are thus five different challenges to Aadhaar that the Supreme Court must address: (a) its enactment as a money bill; (b) the validation of pre-2016 enrolments; (c) enrolment errors; (d) constitutional rights; (e) excessive delegation.
Madhav Khosla, co-editor of the Oxford Handbook of the Indian Constitution, is a junior fellow at the Harvard Society of Fellows. His Twitter handle is @M_Khosla. Ananth Padmanabhan is a Fellow at the Centre for Policy Research. His Twitter handle is @ananth1148.