By: Firdaus Mohandas
The Aadhaar (which translates to ‘foundation’ in Hindi) is a 12-digit identity number that Indian residents may (presently) choose to obtain. Residents who enrol with the the Unique Identification Authority of India to receive an Aadhaar are also provided a registration card, and are required to submit certain biometric and demographic data, including fingerprints and iris scans. This card serves as a valid proof of residence rather than citizenship. Importantly, the ease with which Aadhaar cards can be cross-referenced to such data has attracted much praise—the World Bank Chief Economic Paul Romer, for example, described it as the ‘most sophisticated ID programme in the world’.
The initial use of Aadhaar cards was largely to smoothen the process of providing certain public benefit schemes, allowing a secure ID to ensure greater efficiency. This use has, however, steadily expanded, and citizens have been pushed to link their Aadhaar numbers with a range of other services. Such services include mobile SIM cards, bank accounts, and passport acquisition. Additionally, the Aadhaar has gradually been made compulsory in a number of areas: filing income tax returns, receiving pension schemes, and even participating in certain government nutritional schemes. For example, there are reports of children having been denied midday meals for not having an Aadhaar number, and this has led to multiple deaths by starvation.
These situations throw up a range of interesting questions. The first is whether the cards clash with the right to privacy under Article 21 of the Indian Constitution. Given that fingerprints and retinal scans must be submitted for Aadhaars, and that such information is then stored in centralised databases, one must raise the issue of whether there is a prima facie violation of such rights. This is potentially exacerbated by the fact that there are several claims of data leaks—negligently or fraudulently—wherein corporations and other syndicates obtain access to the various information stored by Indian authorities. A World Economic Federation Report in 2019 suggested, for example, that the data breaches in India were the largest in the world—with the records of all 1.1 billion registered citizens compromised. Therefore, even if one is to assert that state control of data does not necessarily violate constitutional guarantees, this becomes harder to maintain in light of the lack of security associated with the data. The other important aspect is the mandatorisation of Aadhaar registration. While the Supreme Court in 2018 barred these cards being made compulsory in an absolute, the fact that they are needed for income tax purposes means that in practice all citizens are required to acquire them. This raises the issue of whether it is legitimate to bypass formal rules through such substantive means. It is also interesting to consider how these arguments interact with those regarding privacy above.
In assessing constitutional validity, one must eventually turn to a proportionality analysis—very similar to that employed by the European Court on Human Rights in assessing Convention violations. This involves examination not only of whether Aadhaar cards as a concept can be justified, but also whether each individual use (that is, each area where they have been made mandatory) can as well. This is often characterised as being a four-part analysis: the impugned measure must have a legitimate aim, the measure must be suitable to achieving that aim, the measure must be necessary to achieve that aim (i.e., there is no less onerous way of achieving it), and the measure must be reasonable in terms of its impact on rights-holders.
The key legitimate interests being pursued by the Aadhaar system are the creation of a national identity, and the increased efficiency generated for government purposes. The first of these is unquestionably valuable: given the traditional absence of a national unified identity card (driver’s licenses, for example, vary across states), there has been something of a lacuna when it comes to an assertion of centralised homogenous identity. This is exacerbated by the fact that most Indian citizens do not own passports, due to the complicated process and lack of incentive to do so. The existence of such an identity is possibly useful in creating a sense of belonging among citizens. However, this aim can scarcely justifying making these identity cards mandatory (any argument for doing so would be deeply paternalistic), and certainly cannot justify the violations of privacy rights in the collection of data—which have nothing to do with generating a national cohesive sense of self.
It is the other ‘legitimate interest’ that is of greater relevance in providing a justification for the invasive effects of the Aadhaar system. The Supreme Court of India has ruled that the overall Aadhaar framework can be seen as appropriate and legitimate (particularly with welfare schemes), but that it is unacceptable to extend the mandatorisation to other areas (such as mobile SIMs, bank accounts, and school examinations). A large part of the justification comes from the allegedly positive effect that the Aadhar regime has had on efficiency: a 2012 report pointed to tremendous improvements in terms of minimising government leakages. By comparison, the areas where the Court has rejected the Aadhar’s validity are those where there would be direct transfer of data to private organisations, which is seen as being more impermissible.
The problem with the overall reasoning, however, is that it poorly applies the proportionality tests. In particular, by simply weighing the overall positives and negatives of each aspect of the Aadhaar, the Court failed to consider the specific relationship between the rights violations and the tangible benefit thereof. For example, the Aadhar’s negative relationship with privacy (with respect to data collection, storage, and leakage) do not directly contribute to the positives of economic efficiency and minimised wastefulness. Instead, the added positive effect of these privacy violations is largely in terms of preventing illegal immigration (by using biometric data to prevent the re-entry of those found to have false documents) and aiding investigative agencies by sharing the collected data. Neither of these possible benefits figure in the Court’s proportionality analysis, making the actual invasive effect of the Aadhaar unjustified in the scheme of things. The complex and delicate situation with the Aadhaar and the right to privacy, therefore, brings to the fore both the value of proportionality-based tests and the importance of applying these correctly. It is anticipated that the ECtHR at Oxford Global 2019 will delve at great length into the question of how such an examination may best be logically organised.