Read our joint submission on the draft Aadhaar Amendment Rules, 2023 with Article 21, Rethink Aadhaar, and Access Now

In our submission, we have recommended that the Rules should not be adopted.

17 May, 2023
3 min read

tl;dr

The Ministry of Electronic & Information Technology (MeitY) released the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2023 (GG Rules, 2023) on April 20, 2023 for public consultation. Read the joint submission on the GG Rules, 2023 by Article 21 Trust, Rethink Aadhaar Campaign, Access Now, and Internet Freedom Foundation.

Background

On April 20, 2023, the GG Rules, 2023 were released for public consultation. They amend Rule 3 of the the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (2020 Rules) which relates to ‘Purposes for Aadhaar authentication’ to include “promoting ease of living of residents and enabling better access to services for them” as a prescribed purpose.

The amendments also amend Rule 4 of the 2020 Rules to allow any entity, other than a government entity, that seeks to be able to perform Aadhaar authentication, to submit a proposal to the “concerned government Ministry or Department” justifying that their intended purpose falls under Rule 3 of the GG Rules, 2023. If the concerned Union or State government Ministry or Department is of the opinion that the proposal submitted falls under the prescribed purposes under Rule 3 & is in the interest of the State, then it can approve the proposal, allowing the entity to perform Aadhaar authentication.

Joint submission with Article 21 Trust, Rethink Aadhaar Campaign, and Access Now

We have submitted a joint submission with Article 21 Trust, Rethink Aadhaar Campaign, and Access Now as part of the public consultation process. Below, we briefly highlight our main issues:

  1. Colourable exercise of rule-making power: Through the proposed rules, the Government is attempting to bring regulations, indirectly, on issues, which the Supreme Court has prohibited it from doing directly in the Supreme Court’s Aadhaar Judgement (2019 1 SCC 1).
  2. The GG Rules, 2023 are beyond the scope of the parent legislation and cannot determine the ‘purpose’ of the parent Act: The purposes mentioned in the original Rule 3 and the proposed insertion, i.e., “promoting ease of living of residents and enabling better access of services”, apart from being broad, ambiguous and undefined, far exceed the scope of the parent statute, and are an impermissible use of rule-making power.
  3. The GG Rules, 2023 fails to meet the proportionality test: The Rules fail the proportionality test, as: (1) They lack “legality” as these is no law that permits the private entities to use Aadhaar authentication; (2) their aim, “promoting ease of living of residents and enabling better access of services,” is not a clearly defined legitimate state aim; (3) in any case, this purpose does not have a rational nexus with the means adopted to achieve it, given the threat that Aadhaar authentication poses to privacy, as a whole. There are undoubtedly other ways, which are less harmful to privacy, that “ease of living” can be promoted.
  4. Despite stating that authentication will be “Voluntary” the Authority has no power or functional grievance redress system to enforce this: The Draft Rules contain no guardrails to ensure that entities seeking to use Aadhaar authentication respect voluntariness; and no remedies if this is violated. There is also no mechanism to ensure that informed, voluntary and revocable consent is sought from individuals.
  5. The flaws pointed out in Comptroller and Auditor General of India’s Report (No. 24 of 2021) have not been addressed.
  6. Aadhaar has caused mass exclusion, which will be exacerbated by expanding its use cases.
  7. The GG Rules, 2023 contain unconstitutionally vague terms such as “in the interest of the State”.
  8. The implicit purpose of the GG Rules, 2023 is commercial exploitation: As Justice D.Y. Chandrachud noted in his minority judgement in the Aadhaar judgement allowing private entities to use Aadhaar numbers would lead to commercial exploitation of an individual's personal data without his/her consent and could lead to individual profiling.
  9. The procedure laid out in Clauses 4 and 5 for submitting and examining proposals do not sufficiently address the privacy risks or protect individuals’ rights.
  10. The GG Rules, 2023 enable state surveillance by increasing the number of entities and transactions that would be saved in the central information database, which increases the state’s surveillance capabilities.
  11. The GG Rules, 2023 can proliferate Aadhaar-related fraud by expanding the number of entities that have access to Aadhaar data
  12. No assessment in respect of the impact on fundamental rights, including the right to privacy, has been carried out.

Our recommendation

Our recommendation as part of the public consultation process is that the GG Rules, 2023 are unconstitutional and hence, should not be adopted.

Important documents

  1. Joint submission on the GG Rules, 2023 by Article 21 Trust, Rethink Aadhaar Campaign, Access Now and Internet Freedom Foundation dated May 8, 2023 (link)
  2. The Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2023 (link)
  3. IFF's blog post analysing the unconsitutionality of the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!