AADHAR : SC Final Verdict

Are you the ONE who don't like to take chances and waste one precious year by failing in Prelims?

Do you want to test your knowledge after reading a particular topic? Then The MCQ Factory (TMF) is for you! It provides topic wise high quality MCQs for testing your knowledge in a particular topic. More details here

The Supreme Court, in a majority opinion, upheld Aadhaar as a reasonable restriction on individual privacy that fulfils the government’s legitimate aim to provide dignity to a large, marginalised population living in abject poverty.



  • The Constitution does not exist for a few or minority of the people of India, but ‘We the People’.
  • Aadhaar is a document of empowerment. An unparalleled identity proof. A document that cannot be duplicated, unlike PAN, ration card, and passport.
  • Technology had become a vital tool for ensuring good governance in a social welfare state. Schemes such as the PDS, scholarships, mid-day meals and LPG subsidies involve a huge amount of money, and fool proof Aadhaar helped welfare reach the poor.



  • Majority opinion upheld the constitutionality of Aadhaar.



  • Aadhaar is a reasonable restriction on individual privacy.
  • The Supreme Court quashed or read down several provisions in the Aadhaar Act in order to de-fang any possibility of the state misusing data.
  • Court held that authentication records should not be retained for more than six months. It declared the archiving of records for five years as bad in law.
  • It also prohibited the creation of a metabase for transactions.
  • It read down Section 33 (1), which allowed the disclosure of Aadhaar information on the orders of a District Judge. This cannot be done now without giving the person concerned an opportunity to be heard.
  • The Supreme Court struck down Section 33(2), which allowed the disclosure of Aadhaar information for national security reasons on the orders of an officer not below a Joint Secretary.



  • The Supreme Court said neither were individuals profiled nor their movements traced when Aadhaar was used to avail government benefits under Section 7 of the Aadhaar Act, 2016.
  • The statute only sought minimal biometric information, and this did not amount to invasion of privacy.
  • Authentication transactions through Aadhaar did not ask for the purpose, nature or location of the transaction.
  • The collection of personal data and its authentication was done through registered devices. The Authority did not get any information related to the IP address or the GPS location from where authentication was performed.


Passing as Money Bill constitutional:

  • The SC upheld the passage of the Aadhaar Act as a Money Bill.



  • Section 7 of the Aadhaar Act requires authentication by Aadhaar card if beneficiaries wanted to access subsidies, benefits and services.
  • Since all these were welfare measures sought to be extended to the marginalised sections, a collective reading would show that the purpose is to expand the coverage of all kinds of aid, support, grant, advantage, relief provisions, facility, utility or assistance which may be extended with the support of the Consolidated Fund of India with the objective of targeted delivery.
  • Aadhaar was vital to ensure that government aid reached the targeted beneficiaries, and hence, the Act was validly passed as a Money Bill.


Aadhar linkages

  • The majority opinion upheld the PAN-Aadhaar linkage, but declared linking Aadhaar with bank accounts and mobile SIM cards unconstitutional.
  • The Election Commission may resume the voluntary linking of voter identification cards with the Aadhaar database, given that, prima facie, the judgment by the Supreme Court’s five-judge Bench does not have any adverse remarks on the issue.



  • The court insulated children from the Aadhaar regime.
  • The card was not necessary for children aged between six and 14 under the Sarva Shiksha Abhiyan as right to education was a fundamental right.
  • Statutory bodies such as the CBSE and the UGC cannot ask students to produce their Aadhaar cards for examinations like the NEET and the JEE.
  • Permission of parents and guardians was a must before enrolling children into Aadhaar.
  • Once they attained the age of majority, children could opt out of Aadhaar.


Section 57

  • The Supreme Court held the portion, which gives a free hand to private entities to demand Aadhaar from individuals, unconstitutional.
  • Section 57 allows not only the state but also any body corporate or person or private entity to demand Aadhaar from citizens for the purpose of identification.
  • This provision had offered statutory support to mobile companies and private service providers to seek individuals’ Aadhaar card for identification purposes.


  • A mere contract between a private entity and an individual was not enough to demand Aadhaar from the latter.


Directions to the Government

  • The court further directed the government and the Unique Identification Authority of India (UIDAI) to bring in regulations to prevent rightfully entitled people from being denied benefits.



  • The resident has been recognised as being at the heart of the project, and they have gained new rights that help them assert their ownership over their data.
  • It will bolster good governance, and the delivery of services to the poorer sections of society.



  • Lakhs of people would continue to be denied their universal rights for not having Aadhaar.
  • The majority opinion in the Aadhaar verdict is silent on deleting biometric data already collected by phone companies.
  • The judgment would help little in protecting the right to privacy because the Centre had privatised or outsourced many of its responsibilities. Such companies would have access to Aadhaar data.
  • The Supreme Court ruling that Aadhaar is not mandatory for opening bank accounts could affect online opening of accounts.
  • The bankers say that since there are no other officially valid documents apart from Aadhaar for use digitally, accounts cannot be opened online if the customer decides not to share the number.


Untitled picture

B N Srikrishna Committee (Data Protection)

Are you the ONE who don't like to take chances and waste one precious year by failing in Prelims?

Do you want to test your knowledge after reading a particular topic? Then The MCQ Factory (TMF) is for you! It provides topic wise high quality MCQs for testing your knowledge in a particular topic. More details here

The Union Ministry of Electronics & Information Technology (MEITY) has constituted an expert Committee to study and identify key data protection issues and recommend methods for addressing them.


Why needed?

There is a need to ensure growth of the digital economy while keeping personal data of citizens secure and protected. Even though the Information Technology Act contains certain provisions about data protection and handling, experts are of the opinion that India needs a fresh data protection law with the increased digitisation led by Aadhaar, the Goods and Service Tax and the push towards a digital economy. IT Act may also be inadequate to deal with the current requirements since it was drafted almost 17 years ago in 2000 and was amended last in 2008.

Also, in the last 5-6 years there has been a quantum leap in the world of technology which has been driven by trends such as proliferation of social media, growth of ecommerce leading to boom in transactions over the Internet and demonetisation, which has pushed more people into the digital economy, so the IT act may have to be obviously reconsidered in the light of these developments.

The government’s decision to focus on data protection comes on the back of a wave of privacy and data breaches– from corporates such as McDonalds, Reliance Jio and Zomato to government agencies that have leaked the

personal data and Aadhaar of over 100 million citizens.


Draft Data Personal Data Protection Bill

  • For data processors not present in India, the Act will apply to those carrying on business in India or other activities, such as profiling, which could cause privacy harms to data principals in India.
  • The draft also provides for penalties for the data processor as well as compensation to the data principal to be imposed for violations of the data protection law.
  • It has suggested a penalty of ₹15 crore, or 4% of the total worldwide turnover of any data collection/processing entity, for violating provisions.
  • Failure to take prompt action on a data security breach can attract up to ₹5 crore or 2% of turnover in penalty.
  • Personal data, the draft law states, may be processed on the basis of the consent of the data principal, given no later than at the commencement of the processing.
  • The processing of sensitive personal data should be on the basis of explicit consent.
  • The law will not have retrospective application and will come into force in a structured and phased manner.
  • Processing that is ongoing after the coming into force of the law would be covered.
  • Other personal data may be transferred outside the territory of India with some riders. However, at least one copy of the data will need to be stored in India.
  • On right to be forgotten, the draft states that data principal will have the right to restrict or prevent continuing disclosure of personal data by a data processor.
  • The committee has not treated data as property as the relationship between the individual and entities with whom the individual shares his personal data is one that is based on a fundamental expectation of trust.
  • The draft law will go through the process of inter-ministerial discussions and the Cabinet as well as parliamentary approval.



Data Protection Authority

  • The Justice Srikrishna committee has recommended the creation of a Data Protection Authority that will be in charge of ensuring that entities processing data do so in keeping with the law.
  • The DPA, a sector agnostic body, will ensure that every entity that handles data is conscious of its obligations and that it will be held to account in case of failure to comply.
  • The authority will be governed by a board consisting of six whole-time members and a chairperson appointed by the Union government on the recommendation of a selection committee.
  • The selection committee shall consist of the Chief Justice of India or her nominee (who is a judge of the Supreme Court of India), the Cabinet Secretary, Government of India, and one expert of repute who has special knowledge of, and professional experience in, areas related to data protection, information technology, data management, data science, cyber and Internet laws and related subjects.
  • The members of the DPA are to be individuals of integrity and ability with special knowledge of, and professional experience of not less than 10 years in, areas related to data protection, information technology, data management, data science, cyber and internet laws and related subjects.
  • The DPA members will have a five-year term, subject to a suitable retirement age and their salaries will be prescribed by the Central government.
  • Broadly, the DPA will have four departments and related functions: monitoring and enforcement; legal affairs, policy and standard setting; research and awareness; and inquiries, grievance handling and adjudication.
  • The DPA will be stating codes of practice, conducting inquiries, and issuing warnings and injunctions.



  • The expert committee has recommended that processing of data for certain interests such as security of the state, legal proceedings, research and journalistic purpose, may be exempt from certain obligations of the proposed data protection law.
  • For the creation of a truly free and fair digital economy, it is vital to provide certain exemptions from obligations that will facilitate the unhindered flow of personal data in certain situations.
  • These exemptions derive their necessity from either a state or societal interest.
  • It, however, added that adequate security safeguards must be incorporated in the law to guard against potential misuse.
  • The processing of personal data in the interests of the security of the state shall not be permitted unless it is authorised pursuant to a law and is in accordance with the procedure established by such law, made by Parliament and is necessary for, and proportionate to, such interests being achieved.
  • It has been recommended in the report that the Central government should expeditiously bring in a law for the oversight of intelligence gathering activities.
  • The research exemption has not been envisaged as a blanket one and only those obligations that are necessary to achieve the object of the research will be exempted by the Data Protection Authority (DPA).
  • It further added that to strike a balance between freedom of expression and right to informational privacy, the data protection law would need to signal what the term ‘journalistic purposes’ signifies, and how ethical standards for such activities would need to be set.


Protecting the data of children

  • The committee on data privacy has made specific mention of the need for separate and more stringent norms for protecting the data of children, recommending that companies be barred from certain types of data processing such as behavioural monitoring, tracking, targeted advertising and any other type of processing which is not in the best interest of the child.
  • It is widely accepted that processing of personal data of children ought to be subject to greater protection than regular processing of data.
  • The justification for such differential treatment arises from the recognition that children are unable to fully understand the consequences of their actions.