There are procedural and substantive issues plaguing the scheme, from rights violations to excessive delegation to the UIDAI.
As the country awaits the Supreme Court’s verdict on Aadhaar in a few weeks, there is a set of various challenges to the biometric architecture that has been built. These include the money bill question, pre-2016 enrolments, exclusions, constitutional rights, and excessive delegation. Here, we focus on how the Supreme Court should address them.
The money bill question
The Supreme Court has long reviewed actions that even lie within the domain of Parliament. Examples are cases relating to parliamentary privileges and the anti-defection law, where finality is given to action of the Speaker of the Lok Sabha, but some review of the action is possible. This review is limited, and includes select grounds such as illegality and colourable exercise of power. The court should affirm its authority to review whether or not the Aadhaar Act could have been passed as a money bill.
The Act relates to several matters outside Article 110 of the Constitution. Importantly, coverage outside Article 110 (such as the extension of the service to private actors) is not incidental to the scheme. If the court does not want to strike down the law entirely on the ground that it was invalidly enacted as a money bill, it must at the very least limit the law to schemes involving the Consolidated Fund of India. In this way, the law can be partially upheld. All other applications, from private authentication to building a stack using Aadhaar data, must go through both houses of Parliament.
Even though pre-2016 enrolments stand on shaky legal foundations, we must recall that the Supreme Court did not intervene when the data was being collected. At that stage, the court passed interim orders focussing on the alleged voluntariness of the scheme.
We now know that the voluntariness argument is meaningless, because if the scheme is linked to important benefits, it is not actually voluntary. But there is now a different argument before the court: the validating clause, Section 59.
Given that the court did not intervene earlier (though the argument before it was different), we do not believe that it should call for the destruction of the data. However, it should provide specific limitations on future actions of retroactivity, and secondly, it should declare that validating pre-2016 enrolments must also imply that any legal claims and violations, though rooted in the 2016 Act, must also apply to data handling prior to 2016.
As we have noted, the law does not seem to permit arbitrary exclusions. Safeguards to deal with exceptional situations have come into being, and while future empirical data may suggest otherwise – in which case, a challenge can always emerge – at this stage, the law and notifications do not seem to raise an Article 14 equal protection violation.
The Puttaswamy case alerts us to the risks of mass data collection. Minimal data is not merely about the gathering of limited information. It is also about keeping the application of a data programme to a minimum, because data by its very nature is a recombinant asset. A right may not be absolute, but any intrusion of a right cannot be arbitrary.
In this case, three features raise major concerns about the effective regulation of data under Aadhaar: the meta-data provides considerable information to enable abuse; an identity can be easily matched across schemes; and external penetration into the system through multi end-points risks data security.
To address these, the court must limit the use of Aadhaar. The greater the uses, the greater the chance for arbitrariness. We have already noted that, to allow for Aadhaar to exist given its money bill origins, it must be limited to schemes involving expenditure from the Consolidated Fund. To meet the rights-based challenges, it should be further limited to schemes where the state can show clear evidence of revenue loss through duplication. The issue of storage of authentication records noted previously also needs to be addressed.
While Indian law has often been relaxed on excessive delegation from Parliament to the executive or a regulatory agency, the Aadhaar Act seems to take matters to an entirely new level. Sections 23 and 54, in particular, put in place a scheme where large portions of the policy behind Aadhaar is determined by the UIDAI rather than Parliament. The extensive regulations that have followed the Act testify to this abdication of core legislative functions.
At the very least, both these provisions must be struck down, and Parliament itself must frame the policy behind Aadhaar. The policy must be part of a new law that Parliament enacts. The legal issue here is obvious enough: it links to an essential element of parliamentary government. But we should also note the dangers of such excessive delegation: it means that so much of what we are basing our judgments on with regard to Aadhaar (its promise and its problems) can be altered by way of a mere notification.
The Aadhaar challenge thus captures a number of procedural issues that are unrelated to the merit of the scheme: the fact that it was enacted as a money bill, the fact that the delegation to UIDAI is excessive. However, on the substance of the scheme as well, important questions arise, and only a new law that addresses these procedural and substantive concerns, from the appropriate amount of delegation to limiting the application of the scheme, should be able save the Aadhaar project.
Madhav Khosla, co-editor of the Oxford Handbook of the Indian Constitution, is a junior fellow at the Harvard Society of Fellows. His Twitter handle is @M_Khosla. Ananth Padmanabhan is a Fellow at the Centre for Policy Research. His Twitter handle is @ananth1148.