The Ministry of Electronic & Information Technology (MeitY) released the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2023 (GG Rules, 2023) on April 20, 2023 for public consultation. Read the joint submission on the GG Rules, 2023 by Article 21 Trust, Rethink Aadhaar Campaign, Access Now, and Internet Freedom Foundation.
On April 20, 2023, the GG Rules, 2023 were released for public consultation. They amend Rule 3 of the the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (2020 Rules) which relates to ‘Purposes for Aadhaar authentication’ to include “promoting ease of living of residents and enabling better access to services for them” as a prescribed purpose.
The amendments also amend Rule 4 of the 2020 Rules to allow any entity, other than a government entity, that seeks to be able to perform Aadhaar authentication, to submit a proposal to the “concerned government Ministry or Department” justifying that their intended purpose falls under Rule 3 of the GG Rules, 2023. If the concerned Union or State government Ministry or Department is of the opinion that the proposal submitted falls under the prescribed purposes under Rule 3 & is in the interest of the State, then it can approve the proposal, allowing the entity to perform Aadhaar authentication.
Joint submission with Article 21 Trust, Rethink Aadhaar Campaign, and Access Now
We have submitted a joint submission with Article 21 Trust, Rethink Aadhaar Campaign, and Access Now as part of the public consultation process. Below, we briefly highlight our main issues:
- Colourable exercise of rule-making power: Through the proposed rules, the Government is attempting to bring regulations, indirectly, on issues, which the Supreme Court has prohibited it from doing directly in the Supreme Court’s Aadhaar Judgement (2019 1 SCC 1).
- The GG Rules, 2023 are beyond the scope of the parent legislation and cannot determine the ‘purpose’ of the parent Act: The purposes mentioned in the original Rule 3 and the proposed insertion, i.e., “promoting ease of living of residents and enabling better access of services”, apart from being broad, ambiguous and undefined, far exceed the scope of the parent statute, and are an impermissible use of rule-making power.
- The GG Rules, 2023 fails to meet the proportionality test: The Rules fail the proportionality test, as: (1) They lack “legality” as these is no law that permits the private entities to use Aadhaar authentication; (2) their aim, “promoting ease of living of residents and enabling better access of services,” is not a clearly defined legitimate state aim; (3) in any case, this purpose does not have a rational nexus with the means adopted to achieve it, given the threat that Aadhaar authentication poses to privacy, as a whole. There are undoubtedly other ways, which are less harmful to privacy, that “ease of living” can be promoted.
- Despite stating that authentication will be “Voluntary” the Authority has no power or functional grievance redress system to enforce this: The Draft Rules contain no guardrails to ensure that entities seeking to use Aadhaar authentication respect voluntariness; and no remedies if this is violated. There is also no mechanism to ensure that informed, voluntary and revocable consent is sought from individuals.
- The flaws pointed out in Comptroller and Auditor General of India’s Report (No. 24 of 2021) have not been addressed.
- Aadhaar has caused mass exclusion, which will be exacerbated by expanding its use cases.
- The GG Rules, 2023 contain unconstitutionally vague terms such as “in the interest of the State”.
- The implicit purpose of the GG Rules, 2023 is commercial exploitation: As Justice D.Y. Chandrachud noted in his minority judgement in the Aadhaar judgement allowing private entities to use Aadhaar numbers would lead to commercial exploitation of an individual's personal data without his/her consent and could lead to individual profiling.
- The procedure laid out in Clauses 4 and 5 for submitting and examining proposals do not sufficiently address the privacy risks or protect individuals’ rights.
- The GG Rules, 2023 enable state surveillance by increasing the number of entities and transactions that would be saved in the central information database, which increases the state’s surveillance capabilities.
- The GG Rules, 2023 can proliferate Aadhaar-related fraud by expanding the number of entities that have access to Aadhaar data
- No assessment in respect of the impact on fundamental rights, including the right to privacy, has been carried out.
Our recommendation as part of the public consultation process is that the GG Rules, 2023 are unconstitutional and hence, should not be adopted.
- Joint submission on the GG Rules, 2023 by Article 21 Trust, Rethink Aadhaar Campaign, Access Now and Internet Freedom Foundation dated May 8, 2023 (link)
- The Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2023 (link)
- IFF's blog post analysing the unconsitutionality of the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (link)