The Supreme Court today asked the Unique Identification Authority of India (UIDAI) why it needed to collect ‘meta data’ of personal transactions of citizens which go for Aadhaar authentication to avail services and benefits. A five-judge Constitution bench headed by Chief Justice Dipak Misra, hearing a clutch of petitions challenging Aadhaar and its enabling 2016 law, was responding to the submission of UIDAI that it collected only “limited technical meta data.” “Why do you (UIDAI) have to retain meta data of personal transacations of persons entered through Aadhaar authentication,” the bench, also comprising Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan, asked. Meta data is a set of data that describes and gives information about other data. Senior advocate Rakesh Dwivedi, appearing for UIDAI and the Gujarat government, said the petitioners, opposing the Aadhaar scheme, have completely “misunderstood the concept of meta data” and the UIDAI collected “limited technical meta data” to have control over the requesting entities (REs) which seek Aadhaar authentication for granting services and benefits.
He said that on one hand, the petitioners were saying that UIDAI had no control over requesting entities, but simultaneously, they were also alleging that UIDAI will have so much control over the meta data that may lead to surveillance. While it was important to exercise control over the REs, there was no data about the location or purpose of transaction or authentication which was being collected by UIDAI, he said. The bench then asked him “So you are not collecting meta data about the person but only about the machine,” to which Dwivedi replied in affirmative. The senior lawyer referred to foreign judgments and said there was reasonable and legitimate expectation of privacy, but the context was “very important”.
“A criminal might not have any expectation of personal autonomy whereas a common man will,” he said, adding that there will be different levels of privacy rights when a person was inside home and when he ventured out in “relational world”. “Individuals live in communities and their personality is shaped by imbibing cultural and social values of the society. Regulations are designed to protect objective principles that define reasonable expectation of privacy,” he said. He said the possibility of data breaches cannot be a ground to strike down the Aadhaar law and efforts should be to make it work and not to strike it off. He then referred to the example of doctors trying to save a patient and asked the court to adopt the same approach in saving the Aadhaar law and suggest it measures to strengthen the statute. The bench said there was one area which required consideration was the provision of remedies for the breaches.
The lawyer said the Information Technology Act provided for penalties and recently, UIDAI had imposed penalties on Airtel and Axix Bank for the breaches. Dwivedi will conclude his submissions tomorrow. Earlier, the bench had said it was not sure whether bringing people “face to face” with the authorities through Aadhaar was the best model as the State should reach them to accord the benefits of the welfare schemes. “We are not sure if that is the best model. The individual should not be a supplicant. The State should go to him and give him benefits,” the bench had said. The bench had also said that if biometric authentication is attached to every transaction entered into by a person, it would “form a wealth of information” necessitating the need for data protection.