Comments on the Draft Social Security Rules to safeguard worker's rights #SaveOurPrivacy

The Ministry of Labour released the Draft Code on Social Security (Central) Rules, 2020. In our comments on the draft, we have highlighted the following issues: mandatory aadhaar based verification and inadequate security safeguards for employee databases.

08 December, 2020
4 min read


The Draft Code on Social Security (Central) Rules 2020, following the Code on Social Security, 2020, makes Aadhaar based registration mandatory for receving benefits. This may contradict a Supreme Court judgement that allowed mandating Aadhaar linkage only in the case of  a service or benefit provided at the cost of the Consolidated Fund of India. A Standing Committee report on the Code on Social Security had already asked the Ministry of Labour to harmonise the provisions of the Code with the Supreme Court's judgement. Additionally, existing criticisms of Aadhaar based authentication for welfare delivery systems remain unaddressed. Lastly, databases containing the data of workers must have adequate security safeguards.

What do the Draft Rules say?

Article 142 of the Code on Social Security, 2020 states that employees or unorganised workers must, to register as beneficiaries for social security benefits or avail other social security services, "establish his identity or, as the case may be, the identity of his family members or dependants through Aadhaar number". In line with this, the Draft Code on Social Security (Central) Rules, 2020 specify Aadhaar linkage for the receipt of payments or other benefits under the Code. The table below details the instances where a worker may be asked to provide their Aadhar.

Rule Content
19 Every state employee has to mandatorily register with their Aadhaar on the Specified Portal.
47 Every building/ other construction worker is required to register on the specified portal
50(1)(a) Every eligible unorganised worker is mandated to register either with Aadhaar, on self-declaration basis in the form on the portal, as specified by the Central Government
50(2) Every eligible gig worker or platform worker is required to register with Aadhaar, on self-declaration basis in the form on the portal, as specified by the Central Government
60(1)(h) Every establishment must seed the Aadhaar Number of each of the members in the respective members’ account

What does the Puttaswamy Judgement specify?

In Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors, the Supreme Court, while upholding the constitutionality of Aadhaar, affirmed the Right to Privacy and noted that Aadhaar can constitutionally be linked only for benefits funded by the Consolidated Fund of India.

Given that social security benefits such as insurance, provident fund contributions and gratuity accrue at the cost of the employer, mandating Aadhaar for the receipt of the same may contravene the judgement. The Employees' Provident Fund Organisation has even passed an order removing penalties for employees who had not completed Aadhar based registration.

Further, the Parliamentary Standing Committee on Labour has also flagged this in its report on the Code on Social Security, 2019 where it notes the budgetary outlay from the consolidated fund of india is not clearly earmarked. The Committee asked the Ministry to reconsider mandatory Aadhaar linkage in light of the Supreme Court judgement, pointing out that Aadhaar may be mandated only for benefits provided from the Consolidated Fund of India.

Existing state of Aadhaar based verification

Aadhaar based verification may present an additional hurdle to accessing benefits for social security, as this system has already been criticised in other contexts. Technology failures plague the authentication system, and have already led to serious issues of exclusion from welfare benefits. The CEO of UIDAI had noted  that in 2018 authentication failure for government services was as high as 12%. Furthermore, as of March 3rd, 2020, only 60% of the total allocated grains per month have been distributed on the basis of biometric verification of Aadhaar.

The efficacy of Aadhaar based registration for schemes has been studied in various contexts. One study in Jharkhand found that Aadhaar based authentication “either did not reduce errors of inclusion or leakage or did so at the cost of increased exclusion error”. Another study for Aadhaar based verification in PDS shops found that the system is “rife with technical issues such as incomplete seeding of cardholder information, biometric failure and administrative gaps such as inadequate failure reporting and back-up systems”.

Lastly, a study sampling Aadhaar based authentication in diverse settings such as PDS distribution, NREGA work, LPG subsidies, midday meals, and the National Social Assistance Programme found that "Available evidence does not substantiate any signifi cant gains from Aadhaar-integration in welfare programmes. On the contrary, it has inflicted considerable pain. Apart from (supposedly) one-time costs of enrolment and Aadhaar-seeding, people are now faced with higher transaction costs on a monthly basis (in pensions and the PDS for instance), and in a significant minority of cases, also face exclusion and denial. Even when it works, people suffer from considerable indignities".

Thus, considering the Supreme Court judgement as well as the negative externalities of using Aadhaar based verification, we recommend that Aadhaar linkage not be mandated for the receipt of social security benefits. Instead, a social security card may be provided to workers to help with registration and service delivery. Furthermore, verification through Aadhaar should be made truly consensual, and verification should be allowed through multiple government IDs such

Databasing of Workers

Databases such as the Shram Suvidha portal help employers with labour law compliance. The Draft Rules mention the use of the Shram Suvidha portal (or any other portal that may be specified) for registering workers as beneficiaries. While such a database does indeed both help facilitate compliance and allow the government to monitor labour law implementation, provisions must be made to ensure that the data of workers is secured, especially since registration may involve the provision of personal data. Such data may also be used by employers for workers surveillance. Given that a comprehensive legislation regarding data protection, such as the Personal Data Protection Bill, 2020 or the Personal Data and Information Privacy Code 2020, is yet to be passed, we recommend that a provision be included that specifies that that adequate measures must be taken, as provided by the relevant authority, by both public and private compliance portals and employee databases to ensure the security of data.

Important Documents

  1. Code on Social Security, 2020 (link)
  2. Draft Code on Social Security (Central) Rules, 2020 (link)
  3. IFF's comments on the Draft Rules (link)
  4. Standing Committee on Labour, Ninth Report: The Code on Social Security (link)
  5. The Personal Data Protection Bill, 2019 as introduced by the Minister for Electronics and Information Technology, Mr. Ravi Shankar Prasad (link)
  6. The Personal Data and Information Privacy Code Bill, 2019 as introduced as a private members bill by Mr. D. Ravikumar, Member of Parliament (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!