Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether the Aadhaar Act violates right to privacy and is unconstitutional on this ground and whether invasion into right to privacy meets the three fold test as laid down in Puttaswamy case – Held: Enrolment in Aadhaar assumes the character of compulsory enrolment for those who want to avail the benefits under s.7 – Likewise, authentication, as mentioned in s.8, also becomes imperative – The Parliament has now passed Aadhaar Act, 2016 – Therefore, law on the subject in the form of a statute very much governs the field and, thus, first requirement laid down in Puttaswamy case i.e. requirement of lawstands satisfied – Aadhaar Act serves legitimate state aim and thus fulfills the second requirement also – In the Statement of Objects and Reasons, it is inter alia mentioned that though number of social benefits schemes have been floated by the Government, the failure to establish identity of an individual has proved to be a major hindrance for successful implementation of those programmes as it was becoming difficult to ensure that subsidies, benefits and services reach the intended beneficiaries in the absence of a credible system to authenticate identity of beneficiaries – The rationale behind s.7 lies in ensuring targeted delivery of services, benefits and subsidies which are funded from the Consolidated Fund of India – In discharge of its solemn Constitutional obligation to enliven the Fundamental Rights of life and personal liberty (Art.21) to ensure Justice, Social,Political and Economic and to eliminate inequality (Art.14) with a view to ameliorate the lot of the poor and the Dalits, the Central Government has launched several welfare schemes – These schemes involved 3% of the GDP and a huge amount of public money –Right to receive these benefits, from the point of view of those who deserve the same, has now attained the status of fundamental right based on the same concept of human dignity – The Constitution does not exist for a few or minority of the people of India, but “We the people” – The goals set out in the Preamble of the Constitution are predominantly or at least equally geared to “secure to all its citizens”, especially, to the downtrodden, poor and exploited,justice, liberty, equality and “to promote” fraternity assuring dignity– Aadhaar Act meets the test of proportionality as the following components of proportionality stand satisfied – A measure restricting a right must have a legitimate goal (legitimate goal stage) – It must be a suitable means of furthering this goal (suitability or rational econnection stage) – There must not be any less restrictive but equally effective alternative (necessity stage) – The measure must not have a disproportionate impact on the right holder (balancing stage).(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether Aadhaar Act strikes a fair balance between the two fundamental rights, right to privacy on the one hand and right to food, shelter and employment on the other hand – Held: Axiomatically both the rights are founded on human dignity – At the same time, in the given context, two facets are in conflict with each other – As the information collected at the time of enrolment as well as authentication is minimal, balancing at the first level is met – Insofar as second level, namely, balancing of two competing fundamental rights is concerned, namely, dignity in the form of autonomy (informational privacy) and dignity in the form of assuring better living standards of the same individual,balancing at the second level is also met – Enrolment in Aadhaar ofthe unprivileged and marginalised section of the society, in order to avail the fruits of welfare schemes of the Government, actually amounts to empowering these persons – On the one hand, it gives such individuals their unique identity and, on the other hand, it also enables such individuals to avail the fruits of welfare schemes of the Government which are floated as socio-economic welfare measures to uplift such classes – In that sense, the scheme ensures dignity to such individuals – Jurisprudence. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Architecture and structure of theAct – The UIDAI is established as a statutory body which is given the task of developing the policy, procedure and system for issuing Aadhaar numbers to individuals and also to perform authentication thereof as per the provisions of the Act – For the purpose of enrolment and assigning Aadhaar numbers, enrolling agencies are recruited by the Authority, which may be a private body/person– To enable a resident to get Aadhaar number, he is required to submit demographic as well as biometric information i.e., apart from giving information relating to name, date of birth and address, biometric information in the form of photograph, fingerprint, iris scan is also to be provided – Aadhaar number given to a particular person is treated as unique number as it cannot be reassigned to any other individual – Insofar as subsidies, benefits or services to be given by the government, the government can mandate that receipt of these subsidies, benefits and services would be given only on furnishing proof of possession of Aadhaar number (or proof of making an application for enrolment, where Aadhaar number is not assigned) – Such individual would undergo authentication at the time of receiving such benefits etc. – A particular institution/body from which the said subsidy, benefit or service is to be claimed by such an individual, the intended recipient would submit his Aadhaar number and is also required to give her biometric information to that agency – On receiving this information and for the purpose of its authentication, the said agency, known as Requesting Entity (RE), would send the request to the Authority which shall perform the job of authentication of Aadhaar number – On confirming the identity of a person, the individual is entitled to receive subsidy, benefit or service – Aadhaar number is permitted to be used by the holder for other purposes as well. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether the Aadhaar Project creates or has tendency to create surveillance state and is, thus,unconstitutional on this ground – Held: The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state – This is ensured by the manner in which the Aadhaar project operates – Authentication is a process by which Aadhaar number along with demographic information or biometric information of an individual is submitted to the CIDR for its verification – On submission thereof, the CIDR verifies the correctness or lack of it – While seeking authentication, neither the location of the person whose identity is to be verified nor the purpose for which authentication of such identity is required, comes to the knowledge of the Authority. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Salient features of Aadhaar Scheme– Aadhaar authentication service – Whether there is risk of misuse of vital information pertaining to an individual – Held: During the enrolment process, minimal biometric data in the form of iris and fingerprints is collected – The Authority does not collect purpose,location or details of transaction – Thus, it is purpose blind – The information collected remains in silos – Merging of silos is prohibited– The requesting agency is provided answer only in ‘Yes’ or ‘No’about the authentication of the person concerned – The authentication process is not exposed to the Internet world – Security measures, as per the provisions of s.29(3) r/w s.38(g) as well as Regn 17(1)(d) of the Authentication Regulations, are strictly followed and adhered to – During authentication, no information about the nature of transaction etc. is obtained – The Authority has mandated use of Registered Devices (RD) for all authentication requests –With these, biometric data is signed within the device/RD service using the provider key to ensure it is indeed captured live – The device provider RD service encrypts the PID block before returning to the host application – This RD service encapsulates the biometric capture, signing and encryption of biometrics all within it –Therefore, introduction of RD in Aadhaar authentication system rules out any possibility of use of stored biometric and replay of biometrics captured from other source – Requesting entities are not legally allowed to store biometrics captured for Aadhaar authentication under Regn 17(1)(a) of the Authentication Regulations – The Authority gets the AUA code, ASA code, unique device code,registered device code used for authentication – It does not get any information related to the IP address or the GPS location from where authentication is performed as these parameters are not part of authentication (v2.0) and e-KYC (v2.1) API – The Authority would only know from which device the authentication has happened,through which AUA/ASA etc. – It does not receive any information about at what location the authentication device is deployed, its IP address and its operator and the purpose of authentication – Further, the authority or any entity under its control is statutorily barred from collecting, keeping or maintaining any information about the purpose of authentication under s.32(3) of the Aadhaar Act.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether enrolment in Aadhaar is voluntary or mandatory – Held: As per s.7 of the Aadhaar Act incase an individual wants to avail any subsidy, benefit or services,she is required to produce the Aadhaar number and, therefore, it virtually becomes compulsory for such a person – Therefore, even if enrolment in Aadhaar is voluntary, it assumes the character of compulsory enrolment for those who want to avail the benefits unders.7. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Invalidation of the Act on argument based on probabilistic system of Aadhaar, leading to ‘exclusion’ –Correctness of – Held: The Authority has claimed that biometric accuracy is 99.76% – If the Aadhaar project is shelved, 99.76%beneficiaries are going to suffer – The entire aim behind launching this programme is the ‘inclusion’ of the deserving persons who need to get such benefits – When it is serving much larger purpose by reaching hundreds of millions of deserving persons, it cannot be crucified on the unproven plea of exclusion of some. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Scope of – Subsidies, services and benefits – Held: The Government cannot enlarge the scope of subsidies, services and benefits – ‘Benefits’ should be such which are in the nature of welfare schemes for which resources are to be drawn from the Consolidated Fund of India – A benefit which is earned by an individual (e.g. pension by a government employee)cannot be covered under s.7 of the Act, as it is the right of the individual to receive such benefit – Notifications which are issued under s.7 of the Aadhaar Act pertain to various welfare schemes under which benefits, subsidies or services are provided to the intending recipients – Moreover, in order to avail the benefits, only one time verification is required except for few services where annual verification is needed – The ‘benefits’ and ‘services’ as mentioned in s.7 should be those which have the colour of some kind of subsidies etc., namely, welfare schemes of the Government whereby Government is doling out such benefits which are targeted at a particular deprived class. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: ss.7 and 8 – Enrolment of children– Whether children can be brought within the sweep of ss.7 and 8 of the Act – On attaining the age of majority, such children who are enrolled under Aadhaar with the consent of their parents, shall be given the option to exit from the Aadhaar project if they so choose in case they do not intend to avail the benefits of the scheme –Insofar as the school admission of children is concerned,requirement of Aadhaar would not be compulsory as it is neither aservice nor subsidy – Further, having regard to the fact that a child between the age of 6 to 14 years has the fundamental right to education under Art.21A of the Constitution, school admission cannot be treated as ‘benefit’ as well – Benefits to children between 6 to 14 years under Sarv Shiksha Abhiyan, likewise, shall not require mandatory Aadhaar enrolment – For availing the benefits of other welfare schemes which are covered by s.7 of the Aadhaar Act, through enrolment number can be insisted, it would be subject to the consent of the parents – No child shall be denied benefit of any of the seschemes if, for some reasons, she is not able to produce the Aadhaar number and the benefit shall be given by verifying the identity on the basis of any other documents – Constitution of India – Art.21A.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(d) – Constitutionality of – Held:s.2(d) pertains to authentication records, such records would not include metadata as mentioned in Regn 26(c) of the Aadhaar(Authentication) Regulations, 2016 – Therefore, this provision in the present form is struck down. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(b) – Definition of resident –Apprehension expressed by the petitioners was that it should not lead to giving Aadhaar card to illegal immigrants – Respondent are directed to take suitable measures to ensure that illegal immigrants are not able to take such benefits. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.2(l) – Enrolling agency – s.2(l)challenged on the ground that the work of an enrolment could not have been given to a private entity as private entity cannot been trusted with the crucial task of explaining the nature of Aadhaar enrolment and securing informed consent – Held: Having regard to the nature of process that has been explained by the Authority, which ensures that immediately on enrolment, the concerned data collected by the private entity is beyond its control; it gets encrypted; andstands transmitted to CIDR, there is no basis of the apprehension expressed by the petitioners. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.29 – Constitutionality of – Held:s.29 imposes a restriction on sharing information and is, therefore,valid as it protects the interests of Aadhaar number holders.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies, benefits and services) Act, 2016: s.33 – Constitutionality of – Held:s.33(1) of the Act prohibits disclosure of information, including identity information or authentication records, except when it is byan order of a court not inferior to that of a District Judge – This provision is to be read down with the clarification that an individual,whose information is sought to be released, shall be afforded an opportunity of hearing – If such an order is passed, in that eventuality, he shall also have right to challenge such an order passed by approaching the higher court – During the hearing before the concerned court, the said individual can always object to the disclosure of information on accepted grounds in law, including Art.20(3) of the Constitution or the privacy rights etc. – Insofar ass.33(2) is concerned, it is held that disclosure of information in the interest of national security cannot be faulted with – However, for determination of such an eventuality, an officer higher than the rank of a Joint Secretary should be given such a power – There has to be a higher ranking officer along with, preferably, a Judicial Officer – The provisions contained in s.33(2) of the Act to the extent it gives power to Joint Secretary is, therefore, struck down giving liberty to the respondents to suitably enact a provision on these lines, which would adequately protect the interest of individuals.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.47 – Constitutionality of – s.47 provides that the cognizance would be taken only on a complaint made by the Authority or any officer or person authorised by it –Petitioners feel aggrieved by this provision as it does not permit an individual citizen whose rights are violated, to initiate the criminal process – Held: It would be in the fitness of things if s.47 is amended by allowing individual/victim whose right is violated, to file a complaint and initiate the proceedings.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.57 – Constitutionality of – s.57 mentions that Aadhaar Act would not prevent use of Aadhaar number for other purposes under the law – Held: Insofar as s.57 in the present form is concerned, it is susceptible to misuse inasmuch as:It can be used for establishing the identity of an individual ‘for any purpose’ – Therefore, the provision is read down to mean that sucha purpose has to be backed by law – Further, whenever any such“law” is made, it would be subject to judicial scrutiny – Such purpose is not limited pursuant to any law alone but can be done pursuant to ‘any contract to this effect’ as well – This is clearly impermissible as a contractual provision is not backed by a lawand, therefore, first requirement of proportionality test is not met –Apart from authorising the State, even ‘any body corporate or person’is authorised to avail authentication services which can be on the basis of purported agreement between an individual and such body corporate or person – Even if it is presumed that legislature did not intend so, the impact of the said features would be to enable commercial exploitation of an individual biometric and demographic information by the private entities – Thus, this part of the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals – This part of the section,thus, is declared unconstitutional. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.59 – Constitutionality of – When the Aadhaar scheme/project under the Act has been saved from the challenge to its constitutionality, there is no reason to invalidate the enrolments which were made prior to the passing of this Act as it would lead to unnecessary burden and exercise of enrolling these persons all over again – Instead the problem can be solved by eliciting ‘consent’ of all those persons who were enrolled prior to the passing of the Act – Since, enrolment is voluntary in nature,those who specifically refuse to give the consent, they would be allowed to exit from Aadhaar scheme – After all, by getting Aadhaar card, an individual so enrolled is getting a form of identity card – It would still be open to such an individual to make use of the said Aadhaar number or not – Those persons who need to avail any subsidy, benefit or service would need Aadhaar in any case. It would not be proper to cancel their Aadhaar cards – If direction is given to invalidate all those enrolments which were made prior to 2016 then such persons will have to undergo the rigours of getting themselves enrolled all over again – On the other hand, those who do not get any benefit of the nature prescribed under s.7 of the Act,it would always be open for them not to make use of Aadhaar card or to make use of this card in a limited sense, namely, showing it as a proof of their identity, without undergoing any authentication process – Therefore, to a large extent, it does not harm this later category as well – The validity of s.59 is upheld – As a corollary, Aadhaar for the period from 2009 to 2016 also stands validated.(Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: s.7 – Whether the Aadhaar Act could be passed as ‘Money Bill’ within the meaning of Art.110 of the Constitution – Held: The importance of Rajya Sabha (UpperHouse) in a bicameral system of the Parliament – The Rajya Sabha is an important institution signifying constitutional federalism – To enact any statute, the Bill has to be passed by both the Houses,namely, Lok Sabha as well as Rajya Sabha – It is the constitutional mandate – The only exception to this Parliamentary norm is Art.110– Having regard to this overall scheme of bicameralism enshrined in our Constitution, strict interpretation has to be accorded toArt.110 – Insofar as s.7 is concerned, it makes receipt of subsidy,benefit or service subject to establishing identity by the process of authentication under Aadhaar or furnish proof of Aadhaar etc. –The expenditure incurred in respect of such a subsidy, benefit or service is from the Consolidated Fund of India – s.7 is the main provision of the Act – Introduction to the Act as well as Statement of Objects and Reasons very categorically record that the main purpose of Aadhaar Act is to ensure that such subsidies, benefits and services reach those categories of persons, for whom they are actually meant – As all these three kinds of welfare measures are sought to be extended to the marginalised section of society, a collective reading thereof would show that the purpose is to expand the coverage of all kinds of aid, support, grant, advantage, relief provisions, facility, utility or assistance which may be extended with the support of the Consolidated Fund of India with the objective of targeted delivery – Various schemes contemplated by these provisions, relate to vulnerable and weaker section of the society – That is the main function behind the Aadhaar Act and for this purpose, enrolment for Aadhaar number is prescribed – Such an enrolment is of voluntary nature – However, it becomes compulsory for those who seek to receive any subsidy, benefit or service under the welfare scheme of the Government expenditure whereof is to be met from the Consolidated Fund of India – It follows that authentication unders.7 would be required as a condition for receipt of a subsidy, benefit or service only when such a subsidy, benefit or service is taken care of by Consolidated Fund of India – Therefore, s.7 is the core provision of the Aadhaar Act and this provision satisfies the conditions of Art.110 of the Constitution – Constitution of India – Art.110. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other subsidies,benefits and services) Act, 2016: Data minimisation – Demographic information is readily provided by individuals globally for disclosing identity while relating with others and while seeking benefits whether provided by government or by private entities, be it registration forcit izenship, elections, passports, marriage or enrolment in educational institutions – Email IDs and phone numbers are also available in public domain – s.2(k) specifically provides that Regulations cannot include race, religion, caste, tribe, ethnicity,language, records of entitlement, income or medical history – Thus,sensitive information specifically stand excluded – s.32(3) of the Aadhaar Act specifically prohibits the authority from collecting, storing or maintaining, either directly or indirectly any information about the purpose of authentication – The proviso to Regn 26 of Authentication Regulations is also to the same effect – Thus, the principle of data minimization is largely followed. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(k) – Requirement under the Aadhaar Act to give one’s demographic information – Whether violative of fundamental right of privacy – Held: Regn.4 indicates that information which shall be collected from individual are his name, date of birth, gender and residential address – The additional information which can be collected at the option of the individualis mobile number and e-mail address – Thus, information contemplated under Regn 4 is nothing but information relating to identity of the person – The identity of person from the time of taking birth is an identity well known and generally every person describes himself or herself to be son or daughter of such and such person –People who take admissions in schools/colleges/ university, who seek employment and those who engage in various trade and commerce are all required to provide demographic information –Therefore, there cannot be a reasonable expectation of privacy with regard to such information – Thus, demographic information required to be given in the process of enrolment does not violate any right of privacy – Aadhaar (Enrolment and Update) Regulations,2016 – Regn 4. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(g) – Requirement under the Aadhaar Act to give one’s biometric information – Whether violative of fundamental right of privacy – Held: Biometric information means photographs, fingerprints, iris scan and other such biometric attributes of an individual as may be specified by the regulations Biometric information is of physical characteristics of a person – A person has full bodily autonomy and any intrusion in the bodily autonomy of a person can be readily accepted as breach of his privacy – The biometric data as referred to in s.2(g) may contain biological attributes of an individual with regard to which a person can very well claim a reasonable expectation of privacy but whether privacy rights have been breached or not needs to be examined in the subject context under which the information was obtained. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.2(g) – Whether obtaining biometric information in context of enrolment breaches the right of privacy of individual or not – Held: The provisions of Aadhaar Act are to be tested in light of three-fold test laid in Puttaswamy case –The First requirement to be fulfilled is existence of law – Admittedly,Aadhaar Act is a Parliamentary law, hence the existence of law is satisfied – The Aadhaar Act has been enacted with an object of providing Aadhaar number to individuals for identifying an individual for delivery of benefits, subsidies and services – AadhaarAct, which was enacted to provide for unique identity for delivery of subsidies, benefits or services was a dire necessity, which decision was arrived at after several reports and studies – Aadhaar Act was, thus, enacted for a legitimate State aim and fulfills the criteria of a law being fair and reasonable – While examining the third requirement, that is, proportionality of the statute, it has to be kept in mind that the state is neither arbitrary nor of an excessive nature beyond what is required in the interest of public – The object of the Aadhaar Act was to provide for unique identity for purposes of delivery of benefits, subsidies and services to the eligible beneficiaries and to ward of misappropriation of benefits and subsidies, ward of deprivation of eligible beneficiaries – Biometric information, thus, which is to be obtained for enrolment is not disproportionate nor the provisions of Aadhaar Act requiring demographic and biometric information can be said to be not passing three-fold test as laid down in Puttaswamy case – Thus,requirement under Aadhaar Act to give one’s demographic and biometric information does not violate fundamental right of privacy and, therefore, is not unconstitutional – Constitution of India Biometric information – Right to privacy. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Whether proportionality test as envisaged in Puttaswamy case is not fulfilled in the instant case since State did not adopt an alternative and more suitable and least intrusive method of identification – Held: The biometric information which are obtained for Aadhaar enrolment are photographs,fingerprints and iris scan, which are least intrusion in physical autonomy of an individual – The physical process by which the fingerprints are taken does not require information beyond the object and purpose – Therefore, it does not readily offend those principles of dignity and privacy, which are fundamental to each legislation of due process. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: ss.29, 30, 33 – Whether collection of data of residents, its storage, retention and use violates fundamental right of privacy – Held: The Act contains specific provision providing that no core biometric information collected under the Act is shared to anyone for any reason whatsoever or use for any purpose other than generation of Aadhaar number or authentication under this Act – The statute creates injunction for requesting entity to use identity information data for any purpose other than that specified to the individual at the time for submitting any identification – Statute also provides for offences and penalties for impersonation at the time of enrolment and penalty for disclosing identity information – An overview of the entire scheme of functions under the Aadhaar Act and Regulations made thereunder indicate that after enrolment of resident, his informations including biometric information are retained in CIDR though in encrypted form – The major function of the authority under Aadhaar Act is authentication of identity of Aadhaar number holder as and when requests are made by requesting agency, retention of authentication data of requesting agencies are retained for limited period – Requesting entity as well as authority are required to retain authentication data for a particular period and thereafter it will be archived for five years and thereafter authentication data transaction shall be deleted except such data which is required by the Court in connection with any pending dispute – The data which is retained by the entity and authority for certain period is minimal information pertaining to identity authentication only no other personal data is retained –Thus, provisions of Aadhaar Act and Regulations made there under fulfill three fold test as laid down in Puttaswamy case, hence, the storage and retention of data does not violate fundamental right of privacy. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Whether s.7 is unconstitutional– Whether exclusion makes s.7 arbitrary and volative of Arts.14 and 21 – Held: s.7 is an enabling provision which empowers the State Government to require that such individual undergo authentication for receipt of a subsidy, benefit or service but neither s.7 nor orders issued by the Central Government and State Government can be read that in the event authentication of a person or beneficiary fails, he is not to be provided the subsidies and benefits or services – No doubt, there has been denial to few persons due to failure of authentication – Functioning of scheme formulated by the Government for delivery of benefits and subsidies to deserving persons is a large scale scheme running into every nook and corner of the country – When such scheme of Government is implemented, it is not uncommon that there may be shortcomings and some denial – There is no material on record to indicate that there is increase of failure to receive the benefits after the implementation of the Act –Therefore, few cases of exclusion would not make s.7 itself arbitrary and violative of Arts.14 and 21 – Constitution of India – Arts.14, 21. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.29 – Constitutionality of ,challenged on the ground that it permits sharing of identity information which amount to breach of Right of Privacy – Held: The provision of s.29 and the Sharing Regulations contain a restriction and cannot be in any manner be held to violate any of the constitutional rights of a person – Objective of the Act is to put restrictions on sharing information, which also is a legitimate State aim – The provision under s.29 which permits sharing of identity information except core biometric information in accordance with the Act and Regulations cannot be said to be disproportionate nor unreasonable – The provisions of s.29 is constitutional and does not deserves to be struck down – Aadhaar (Sharing of Information)Regulations, 2016. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.33 – Constitutionality of – Whether s.33 is unconstitutional since it provides for the use of the Aadhaar database for Police verification which violates the protection against self-incrimination as enshrined under Art.20(3) of the Constitution of India – Held: Sub-section (1) of s.33 contains an ample restriction in respect of any disclosure information which can be done only in pursuance of an order of the court not inferior to that of a District Judge – The restriction in disclosure of information is reasonable and has valid justification – s.33 subsection(2) contains two safeguards – Firstly, disclosure of information is to be made in the interest of national security and secondly, in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government, who is specially authorised in this behalf by an order of the Central Government –National security, thus, is determined by a higher officer who is specifically authorised in this behalf – The power given under s.33 to disclose information cannot be said to be disproportionate – The basic information which are with the UIDAI are demographic and biometric information – The use of information retained by the UIDAI given by the order of the Court under s.33 cannot be said to be violating the protection as contained under Art.20(3) – Thus, Art.20(3) is not violated by disclosure of information under s.33 – In view of this, s.33 is constitutional – Constitution of India –Art.20(3). (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.47 – Constitutionality of, challenged on the ground that it does not allow an individual who is victim of violation of Aadhaar Act to initiate a criminal process – Held: Special Acts are enacted for serving special objects towards offences under the Act – The initiation and prosecution of offences under the Special Act are kept by the specified authority to keep the initiation and prosecution in the hands of the authorities under the Special Act which acts as deterrent and prosecutions are brought to its logical end – Objective of such provisions is to discourage frivolous and vexatious complaints – s.47 can be invoked by the authority on its own motion or when it receives a complaint from a victim – With regard to an offence which falls within the definition of ‘offences’ a victim can always file complaint or lodge an F.I.R. – s.46 clearly provides that the penalties under the Aadhaar Act shall not interfere with other punishments – The limitation as containedin s.47 in permitting taking cognizance of any offence punishable under Aadhaar Act only on a complaint made by the authority orany officer or person authorised by it, has legislative purpose and objective – Thus, there is no unconstitutionality in s.47 of the Aadhaar Act. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.57 – Constitutionality of,challenged on the ground that broad and unlimited scope of activities covered under s.57 and kinds of private entities permitted to use Aadhaar is entirely disproportionate beyond the means and objectives of the Act and without any compelling state interests –Held: s.57 makes use of Aadhaar on two basis – Firstly, “pursuant to any law, for the time being in force” and secondly “any contract to this effect” – When the legislature uses the phrase “pursuant to any law, for the time being in force”, obviously the word law used in s.57 is a law other than s.57 of Aadhaar Act and the Regulations framed thereunder – When any law permits user of Aadhaar, its validity is to be tested on the anvil of three-fold test as laid down in Puttaswamy case, but permitting use of Aadhaar on any contract to this effect, is clearly in violation of Right of Privacy – A contract entered between two parties, even if one party is a State, cannot be said to be a law – Thus, s.57 in so far as it permits use of Aadhaar on “any contract to this effect” is clearly unconstitutional and is struck down. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.59 – Whether s.59 is void or unconstitutional – s.59 seeks to save and continue under the Act what was done under the executive scheme – Legislature often creates legal fiction to save several actions which had happened prior to enactment – Parliamentary legislative intent of s.59 is to save all actions taken by Central Government under the notification dtd.28.01.2009 and notification dtd. 12.09.2015 deeming the same to have been validly done under the Aadhaar Act by creating a legal fiction – The intention to save all actions taken under these two notifications and treat them to have done under that Act is the purpose and object of s.59 – Legislature by legislative device can cover actions taken earlier while creating any legal fiction which has actually been done by s.59 – Interpretation of statutes – Legal fiction. (Per Ashok Bhushan, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Circular dated 23.03.2017 issued by Ministry of Communications, Department of Telecommunications– Constitutionality of – Held: By circular dated 23.03.2017, all licensees were directed to re-verify all existing mobile subscribers(prepaid and postpaid) through Aadhaar based e-KYC process –The circular directing the licensees to mandatorily verify existing sim subscribers in turn resulted in mobile telephone service licensees directing the subscribers to get their sim seeded with Aadhaar – Compulsory seeding of Aadhaar with mobile numbers would be an intrusion in Privacy Right of a person – Any invasion on the Privacy Right of a person has to be backed by law as per the three-fold test enumerated in Puttaswamy case – Existence of a law is the foremost condition to be fulfilled for restricting any Privacy Right – The law as explained in Art.13(3) has to be applied for finding out as to what is law – Art.13(3)(a) gives an inclusive definition of law in following words:- (a) “law” includes any ordinance, order, byelaw,rule, regulation, notification, custom or usage having in the territory of India the force of law – The circular at best is only an executive instruction and cannot be held to be a law and direction to re-verification of all existing mobile subscribers through Aadhaar based e-KYC cannot be held to be backed by law, therefore, cannot be upheld – Administrative law – Executive instruction – Circular dated 23.03.2017 issued by Ministry of Communications, Department of Telecommunications. (Per Ashok Bhushan, J.)

Aadhaar (Enrolment and Update) Regulations, 2016: Regn 5– Whether collecting the identity information of children between 5 to 18 years is unconstitutional – Held: Regn 5 provides for information required for enrolment of children below five years of age – For children below five, no core biometric informations are captured and only biometric information of any one parent/guardian is captured – For enrolment of a children between 5 and 18 years, there has to be consent of their parents or guardian because they themselves are unable to give any valid consent for enrolment –Thus, parental consent have to be read in Regn 4 in so far as children of 5 to 18 years are concerned so that the provision in reference to children between 5 to 18 years may not become unconstitutional – Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016 – s.5 – Interpretation of statutes. (Per Ashok Bhushan, J.)

Aadhaar (Authentication) Regulations, 2016: Regn.27 – Time Period for Data Retention – Grievance of petitioners was that the data is allowed to be retained for an unreasonable long period of time – Held: Regn 27 of the Authentication Regulations requires the UIDAI to retain the “authentication transaction data” (which includes the meta data) for a period of 6 months and to archive the same for a period of 5 years thereafter – Requesting entities (RE)and Authentication Service Agencies are then allowed to retain the authentication logs for a period of 2 years and then archive them for 5 years – It is required to be deleted only after 7 years unless retained by a court – There is is no reason for archiving the authentication transaction data for a period of five years –Retention of this data for a period of six months is more than sufficient after which it needs to be deleted except when such authentication transaction data are required to be maintained by a Court or in connection with any pending dispute – Retention of data beyond the period of six months is impermissible – Therefore,Regn.27 which provides archiving a data for a period of five years is struck down. (Majority Opinion)

Aadhaar Scheme: Whether Circular dtd. March 23, 2017 issued by the Department of Telecommunications mandating linking of mobile number with Aadhaar is illegal and unconstitutional –Held: The circular is illegal and unconstitutional as it is not backed by any law – The same is, therefore, quashed. (Majority Opinion)

Constitutionalism: Aadhaar Act meets the concept of Limited Government, Good Governance and Constitutional Trust. (Majority Opinion)

Constitution of India: Art.14 and 21 – Whether right to food,shelter etc. envisaged under Art.21 shall take precedence on the right to privacy of the beneficiaries – Held: It cannot be accepted that while balancing the fundamental rights one right has to be given preference – State while enlivening right to food, right to shelter etc. envisaged under Art.21 cannot encroach upon the right of privacy of beneficiaries nor former can be given precedence over the latter. (Per Ashok Bhushan, J.)

Constitution of India: Reasonable expectation of privacy –Held: It is well settled that breach of privacy right can be claimed only when claimant on the facts of the particular case and circumstances have “reasonable expectation of privacy”. (Per Ashok Bhushan, J.)

Constitution of India: Art.243G – Whether Aadhaar scheme and its authentication for benefits, subsidies and services militate against Art.243G and hence are ultra vires to the Constitution –Held: Art.243G is an enabling provision, which enable the State Legislature, by law, to endow the Panchayats with such powers and authorities as may be necessary to enable them to function as institutions of self-government – State is fully competent to make laws to authorise the Panchayats to take over all the matters enumerated in Eleventh Schedule – The Aadhaar Act is an Act enacted by Parliament, which is referable to Entry 97 of List I – The Aadhaar Act has been enacted to provide for efficient, transparent,and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals and for matters connectedtherewi th – The Act, thus, has been enacted to regulate the expenditure, which is incurred from the Consolidated Fund of India – No conflict between the Aadhaar Act and any law, which may be enacted by State under List II is seen – Even if any conflict is supposed, the Doctrine of Pith and Substance has to be applied to find out nature of two legislations – In Pith and Substance, the Aadhaar Act cannot be said to be entrenching upon any law, which may be made by the State under Item No.5 of List II – Aadhaar Actis not ultra vires to Art.243G and Eleventh Schedule to the Constitution – Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016 – Doctrines/Principles. (Per Ashok Bhushan, J.)

Constitution of India: Art.110 – Whether Speaker’s decision certifying the Aadhaar Bill as Money Bill contravenes any of the Constitutional provisions – A condition for receipt of a subsidy,benefit or service for which the expenditure is incurred from, or thereceipt therefrom forms part of, the Consolidated Fund of India,has been provided by s.7 – The Preamble of the Act as well as objects and reasons also indicate that the Act has been enacted to provide for, as a good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals and for matters connected therewith or incidental thereto – Thus, the theme of the Act or main purpose and object of the Act is to bring in place efficient, transparent and targeted deliveries of subsidies, benefits and services, which expenditure is out from the Consolidated Fund of India – Thus, the above provisions of the Act is clearly covered by Art.110(1)(c) and (e) – Aadhaar(Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016. (Per Ashok Bhushan, J.)

Constitution of India: Art.110 – Whether Aadhaar Act is a Money Bill and decision of Speaker certifying it as Money Bill is not subject to Judicial Review of Supreme Court – Held: Aadhaar Bill has rightly been certified as the Money Bill by the Speaker,which decision does not violate any constitutional provision, hence does not call for any interference in this proceeding – The decision of Speaker certifying the Aadhaar Bill, 2016 as Money Bill is not immuned from Judicial Review. (Per Ashok Bhushan, J.)

Doctrines/Principles: Doctrine of Proportionality – State’s action – When challenged on the ground that it violates the right to privacy – Held: The action of the State is to be tested on the following parameters: (a) the action must be sanctioned by law; (b) the proposed action must be necessary in a democratic society for a legitimate aim; and (c) the extent of such interference must be proportionate to the need for such interference – Constitution of India – Right to privacy. (Majority Opinion)

Income Tax Act, 1961: s.139AA – Constitutionality of – Whether s.139AA is violative of right to privacy and is, therefore,unconstitutional – Held: In Puttaswamy, the court laid down the triple test to be satisfied for judging the permissible limits for invasion of privacy while testing the validity of any legislation – These are: (a) existence of a law; (b) A legitimate State interest; and(c) Such law should pass the “test of proportionality” – There is no dispute that the first requirement stood satisfied as s.139AA is a statutory provision and, there is a backing of law – Insofar as requirement of ‘legitimate State interest’ is concerned, s.139AA is enacted to link PAN number with Aadhaar number which is issued under the Act for the purpose of eliminating duplicate PANs from the system with the help of robust technology solution – Therefore,those who have PAN number and have already provided the information required to get PAN number cannot claim to have any legitimate expectation of withholding any data required for Aadhaar under the ground of privacy – Also, there was justifiable reason with the State for collection and storage of data in the form of Aadhaar and linking it with PAN insofar as s.139AA of the 1961 Act is concerned – The provisions of s.139AA meet the triple test of right to privacy, contained in Puttaswamy. (Majority Opinion)

Income Tax Act, 1961: s.139AA – Whether s.139-AA of the IT Act, 1961 is unconstitutional in view of the Privacy judgment in Puttaswamy case – Held: s.139-A provide for Permanent Account Number (PAN) and the provision also provided that statutory mandatory provisions as to when “every person” shall quote such number (PAN number) for various purposes as enumerated in s.139A – Introduction of s.139-AA is an extension and implication of s.139A – The introduction of s.139-AA was for the purpose of eliminating duplicate PANs from the system with the help of a robust technology solution – s.139-AA seeks to remove bogus PAN cards by linking with Aadhaar, expose shell companies and thereby curb the menace of black money, money laundering and tax evasion – Linking of PAN with Aadhaar will at least ensure that duplicate and fake PAN cards which are used for the purpose of tax evasion will be eliminated and is one of the many fiscal measures to eliminate black money from the system – s.139-AA also cannot be said to be disproportionate – The section has been enacted to achieve the legitimate State aim s.139-AA is a law framed by Parliament, which require linking ofthe Aadhaar with PAN – s.139-AA is a required first step to weedout fake PANs for individuals; it is perfectly acceptable for the legislature to weed out fake PANs for other tax-paying entities at a later stage – Inclusion of Aadhaar into PAN eliminates the inequality between honest tax payers and non-compliant, dishonest ones who get away without paying taxes – Inclusion of Aadhaar into PAN bolsters equality and is consistent with Art.14 – In result, s.139-AA is fully compliant of three-fold test as laid down in Puttaswamy's case – s.139-AA, thus does not breach fundamental Right of Privacy of an individual and cannot be struck down. (Per Ashok Bhushan, J.)

Interim Orders: As per the petitioners, the Central Government and the State Government have issued certain notifications requiring Aadhaar authentication for benefits, subsidies and schemes mandatory and, therefore, the respondents have violated the orders of this court – Held: The said interim orders were passed by the court when the Aadhaar Act had not come into force – After the enactment, s.7 had altered the position statutorily – The notifications and circulars are issued under this provision – Therefore, it cannot be held that these circulars are issued in contravention of the orders passed by this court – Aadhaar (Targeted Delivery of Financial and other subsidies, benefits and services) Act, 2016. (Majority Opinion)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: The entire Aadhaar programme,since 2009, suffers from constitutional infirmities and violations of fundamental rights – The enactment of the Aadhaar Act does not save the Aadhaar project – The Aadhaar Act, the Rules and Regulations framed under it, and the framework prior to the enactment of the Act are held unconstitutional.(Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.7 – Aadhaar Act challenged on the ground that it could not have been passed as a Money Bill – Held: To be certified a Money Bill, a Bill must contain “only provisions” dealing with every or any one of the matters set out in sub-clauses (a) to (g) of Art.110(1) – A Bill, which has both provisions which fall within sub-clauses (a) to (g) of Art.110(1) and provisions which fall outside their scope, will not qualify to be a Money Bill – Thus, when a Bill which has been passed as a Money Bill has certain provisions which fall beyond the scope of sub-clauses(a) to (g) of Art.110(1), these provisions cannot be severed – The Aadhaar Act creates a statutory framework for obtaining a unique identity number, which is capable of being used for “any” purpose, among which availing benefits, subsidies and services, for which expenses are incurred from the Consolidated Fund of India, is just one purpose provided under s.7 – Clause (e) of Art.110(1) requires that a Money Bill must deal with the declaring of any expenditure to be expenditure charged on the Consolidated Fund of India (or increasing the amount of the expenditure) – s.7 fails to fulfil this requirement – s.7 does not declare the expenditure incurred to be a charge on the Consolidated Fund – It only provides that in the case of such services, benefits or subsidies, Aadhaar can be made mandatory to avail them – Moreover, provisions other than s.7 of the Act deal with several aspects relating to the Aadhaar numbers:enrolment on the basis of demographic and biometric information,generation of Aadhaar numbers, obtaining the consent of individuals before collecting their individual information, creation of a statutory authority to implement and supervise the process,protection of information collected during the process, disclosure of information in certain circumstances, creation of offences and penalties for disclosure or loss of information, and the use of the Aadhaar number for “any purpose” – All these provisions of the Aadhaar Act do not lie within the scope of sub-clauses (a) to (g) of Art.110(1) – Thus, the Aadhaar Act is declared unconstitutional for failing to meet the necessary requirements to have been certified a sa Money Bill under Art.110(1) – Constitution of India – Art.110. (Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Legitimate State aim, insufficient to hold validity of law – Held: The architecture of the Aadhaar Act seeks to create a unique identity for residents on the basis of their demographic and biometric information – The Act sets up a process of identification by which the unique identity assigned to each individual is verified with the demographic and biometric information pertaining to that individual which is stored in a centralised repository of data – Identification of beneficiaries is integral and essential to the fulfilment of social welfare schemes and programmes, which are a part of the State’s attempts to ensure that its citizens have access to basic human facilities – The contention of the Union of India that there is a legitimate state aimin maintaining a system of identification to ensure that the welfare benefits provided by the State reach the beneficiaries who are entitled, without diversion, is accepted – The decision in Puttaswamy recognised that revenue constitutes a legitimate state aim in the three pronged test of proportionality – However, the existence of a legitimate aim is insufficient to uphold the validity of the law, which must also meet the other parameters of proportionality spelt out in Puttaswamy. (Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: Collection of biometric data and its retention – The Aadhaar programme involves application of biometric technology, which uses an individual’s biometric data as the basis of authentication or identification and is therefore intimately connected to the individual – While citizens have privacy interests in personal or private information collected about them,the unique nature of biometric data distinguishes it from other personal data, compounding concerns regarding privacy protections safeguarding biometric information – Once a biometric system is compromised, it is compromised forever – Therefore, it is imperative that concerns about protecting privacy must be addressed when developing a biometric system – Adequate norms must be laid down for each step from the collection to retention of biometric data – At the time of collection, individuals must be informed about the collection procedure, the intended purpose of the collection, the reason why the particular data set is requested and who will have access to their data – Additionally, the retention period must be justified and individuals must be given the right to access, correct and delete their data at any point in time, a procedure familiar toan opt-out option. (Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: The Aadhaar Act and Regulations are bereft of the procedure through which an individual can access information related to his or her authentication record – The Aadhaar Act clearly has no defined options that should be made available to the Aadhaar number holders in case they do not wish to submit identity information during authentication, nor do the regulations specify the procedure to be followed in case the Aadhaar number holder does not provide consent for authentication – To enable the government to initiate steps for ensuring conformity with this judgment, it is directed under Art.142 that the existing data which has been collected shall not be destroyed for a period of one year – During this period, the data shall not be used for any purpose whatsoever – At the end of one year, if no fresh legislation has been enacted by the Union government in conformity with the principles which have been enunciated in this judgment, the data shall be destroyed – Constitution of India – Art.142. (Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: ss.2(g), (j), (k) and (t), 29(1) and(2) – Constitutionality of – Invasion in privacy of an individual – ss.29(1) and (2) of the Act create a distinction between two classes of information (core biometric information and identity information), which are integral to individual identity and require equal protection – s.29(4) suffers from overbreadth as it gives wide discretionary power to UIDAI to publish, display or post core biometric information of an individual for purposes specified by the regulations – ss.2(g), (j), (k) and (t) suffer from overbreadth, as these can lead to an invasive collection of biological attributes –These provisions give discretionary power to UIDAI to define the scope of biometric and demographic information and empower it to expand on the nature of information already collected at the time of enrollment, to the extent of also collecting any “such other biological attributes” that it may deem fit.(Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and other Subsidies,benefits and services) Act, 2016: s.28(5) – Violation of informational privacy – The proviso to s.28(5) of the Aadhaar Act, which disallows an individual access to the biometric information that forms the core of his or her unique ID, is violative of a fundamental principle that ownership of an individual’s data must at all times vest with the individual – UIDAI is also provided wide powers in relation to removing the biometric locking of residents – The analysis of the measures taken by the Government of India prior to the enactment of the Aadhaar Act as well as a detailed analysis of the provisions under the Aadhaar Act, 2016 and supporting Regulations made under it clearly show that the Aadhaar programme violates essential norms pertaining to informational privacy, self-determination and data protection. (Per Dr. D Y Chandrachud, J.)

Aadhaar (Targeted Delivery of Financial and oth