In 2018, the Supreme Court of India pronounced its decision on the constitutional validity of India’s digital ID system Aadhaar. While the Supreme Court did not declare the use of Aadhaar for public service delivery unconstitutional, it did strike down certain provisions of the Aadhaar Act, 2016. One of the provisions that was struck down was Section 57 of the Aadhaar Act, 2016 which allowed any “body corporate or person” or private entity to ask for the Aadhaar details of an individual for the purpose of identification. The Court reasoned that the provision created the risk of surveillance and commercial exploitation.
While this should have been the end of private entities seeking to use Aadhaar for authentication purposes, it regretfully was not. On April 20, 2023, the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2023 (GG Rules, 2023) were released for public consultation. They amend Rule 3 of the the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (2020 Rules) which relates to ‘Purposes for Aadhaar authentication’ to include “promoting ease of living of residents and enabling better access to services for them” as a prescribed purpose.
The amendments also amend Rule 4 of the 2020 Rules to allow any entity, other than a government entity, that seeks to be able to perform Aadhaar authentication, to submit a proposal to the “concerned government Ministry or Department” justifying that their intended purpose falls under Rule 3 of the GG Rules, 2023. If the concerned Union or State government Ministry or Department is of the opinion that the proposal submitted falls under the prescribed purposes under Rule 3 & is in the interest of the State, then it can approve the proposal, allowing the entity to perform Aadhaar authentication. Thus, the GG Rules, 2023 could enable private entities to perform Aadhaar authentication, which goes against the decision of the Supreme Court. Read our joint submission on the draft Aadhaar Amendment Rules, 2023 with Article 21, Rethink Aadhaar, and Access Now here.
Concerned by this proposal, we decided to inquire about the organisations that currently have the authorisation for Aadhaar authentication with the help of the Right to Information Act, 2005. In our request to the UIDAI, we asked for information about the proposals received, the proposals approved, and the proposals denied. In the table below, we have collated and analysed the information received.
Table 1: Proposals approved that may have potential issues
The document containing the list of denied proposals also sheds some light as to the types of proposals where the government drew a line and acknowledged that Aadhaar should not be used. Such uses include the use of Aadhaar authentication in higher education by the Department of Higher Education, Uttarakhand and Aadhaar authentication for the Crime and Criminal Tracking Network System by the Tamil Nadu Police Department.
Firstly, we must appreciate the government for their transparency in sharing these responses with us and for having in place a process to judge whether a specific proposal should be approved, instead of providing blanket approvals. However, a perusal of the documents have further instilled our fears regarding the expanding use of Aadhaar for various uses, which could have severe impact on an individual’s privacy as it could allow the government to profile any individual. Further, with the increasing amount of data collection being done in a legal vacuum, there is little protection against privacy violations through data breaches and the upcoming Digital Personal Data Protection Bill, 2023 gives the Union Government power to exempt any state instumentality from the application of law through notification. Lastly, the use of Aadhaar to access government services and work with government agencies sets a dangerous precedent and could result in the unwarranted exclusion of those who either do not have Aadhaar or are facing technical issues with their Aadhaar.
(This post has been co-authored with Ria Singh Sawhney of Rethink Aadhaar)