Not just privacy, but even on surveillance and excessive delegation, Supreme Court didn’t engage with the tough questions.
In a recent piece, we argued that the Aadhaar verdict refused to seriously engage with the right to privacy. The importance of the right was underlined, but its application was given short shrift. Alas, this approach of the Supreme Court, where crucial questions are avoided rather than answered, where little guidance or clarity is offered on legal rules and principles, is writ large in the verdict. The right to privacy is only one instance of the approach that is visible across the majority opinion.
Consider, for example, the question of surveillance. In the original right to privacy verdict last year, Justice S.K. Kaul drew a link between privacy, surveillance, and technology. Technology has, he observed, “created new instruments for the possible invasion of privacy by the State, through surveillance, profiling and data collection and processing”. The Aadhaar verdict was expected to provide more guidance on this matter. The surveillance possibilities of the scheme as originally rolled out were tremendous, both because of excessively seeding Aadhaar numbers into various databases and using them for even private authentication, and because of the various categories of metadata retained in the system for long durations. The petitioners also identified a supplementary threat in the various state resident data hubs, admittedly created to gain a 360-degree view of residents.
In the light of these realities, the court was faced with the question of whether Aadhaar was a tool to track citizens. Such an inquiry is never easy. There are questions relating to the potential abuse of a law and questions relating to potential chilling effects of state action on free agency. Such questions are tricky bases for legal challenges, and they must inevitably rest on judgments of law and fact. The motives of state actors matter in such instances here, and judges must pierce through the veil of technological neutrality to explore ways in which a tool may be used.
Remarkably, however, the majority verdict responded to this delicate matter by way of near-complete reliance on security standards and efficiency claims, highlighted in the UIDAI CEO’s presentation during the hearings. There are two clear problems here. The first is that efficiency and surveillance are close companions. Even taking the UIDAI’s claims at face value, it is in the interest of a surveillance state to keep data secure in a centralised manner and build efficiency into the Central Identities Data Repository (CIDR).
The second is that the UIDAI has been structured under this project as a data custodian with strong incentives and unfettered authority to seed and scale Aadhaar, necessitating a cautious evaluation of its claims. The majority, for instance, accepts UIDAI’s submission that the data gathered is minimal. This, however, clouds the reality that with big data technologies, even minimal data can have maximum impact in profiling individuals when combined with other datasets. It is telling that the majority does not discuss at all the resident data hubs, which represent one form of such stitching of datasets.
As Justice D.Y. Chandrachud observed in the dissent, while the Aadhaar Act may exclude storage of “race, religion, caste, tribe, ethnicity, language, income or medical history into CIDR, the mandatory linking of Aadhaar with various schemes allows the same result in effect”.
The question before the court was whether, and to what extent, the claims of the state were valid. Instead, the court seems to have understood its role as merely to place on record the claims of the state. In addition to limiting metadata gathering and authentication record retention, as the majority rightly did, focus should have been on choices involving seeding and linking. This inquiry, had it been performed, would have shown another major flaw in the Aadhaar legislation – the vice of excessive delegation of legislative functions to an executive body.
For long, courts have weakened this plea. But the present context was different because the act of delegation potentially impacted fundamental rights. The vice here had more to do with preservation of rights than its traditional justification of separation of powers, necessitating a more exacting standard when distinguishing policy that cannot be constitutionally delegated from details that can be so delegated.
The majority’s response to the excessive delegation plea is no more than a cursory remark that the plea has been dealt with when deciding on surveillance. This is plainly wrong because this plea required examining the full panoply of powers and authority vested with UIDAI under sections 23 and 54 of the Act to see whether they are in the realm of policy or detail. This is substantively different from evaluating the current exercise of such powers under the surveillance challenge.
The dissenting opinion carefully maps UIDAI’s mandate to observe that the Act sets no limits on the authority of this body, which resides at the centre of the Aadhaar architecture. It rightly concludes that the UIDAI cannot be considered an independent agency in the light of its often conflicting administrative, adjudicatory, investigative, and monitoring roles. The larger point here is that the details of a law need to be examined in assessing its validity. The law is in the details. The majority opinion does not even seriously address the question of permissible delegation.
The absence of guidance and reasoning does great disservice for future assessments. For instance, the draft data protection bill gives a wide berth of powers to the newly proposed data protection authority, whose actions have a huge bearing on not only the right to privacy but also the freedom of business in the digital economy. How should the bill be assessed? Some legal hope may yet remain with a recent important petition filed by Shamnad Basheer before the Delhi High Court. The UIDAI’s functioning is expected to receive greater scrutiny here, and so are important questions surrounding its role in setting the policy for security, seeding, authentication and other critical matters associated with Aadhaar. Better conclusions may or may not emerge from that decision, but one at least hopes for better reasoning.
Madhav Khosla, co-editor of the Oxford Handbook of the Indian Constitution, is a junior fellow at the Harvard Society of Fellows. His Twitter handle is @M_Khosla. Ananth Padmanabhan is a Fellow at the Centre for Policy Research. His Twitter handle is @ananth1148