This is a continuation of the earlier articles on the topic
Continuing our discussion on the Judgement of the three Judges, Dipak Mishra, A K Sikri and A W Khanwilkar, responding to the first issue answered by them namely,
(1) Whether the Aadhaar Project creates or has tendency to create surveillance state and is, thus, unconstitutional on this ground?
Incidental Issues:
(a) What is the magnitude of protection that need to be accorded to collection, storage and usage of biometric data?
(b) Whether the Aadhaar Act and Rules provide such protection, including in respect of data minimisation, purpose limitation, time period for data retention and data protection and security?
the judges have responded….
(iv) Insofar as Section 33(2) of the Act in the present form is concerned, the same is struck down.
The relevant section as it stands today and is being struck down is:
(33)(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government:
Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:
Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.
The objection to this section was perhaps the Court considered that “Joint Secretary” was not the appropriate level at which this responsibility could be vested with.
The Government can therefore through the PDPA 2018 raise this level of intervention to the Secretary to meet the objections.
The Court has also pointed out in its answer that
(vi) We have also impressed upon the respondents, to bring out a robust data protection regime in the form of an enactment on the basis of Justice B.N. Srikrishna (Retd.) Committee Report with necessary modifications thereto as may be deemed appropriate.
As a result of this push, Government will have to bring up the PDPA 2018 for discussion as early as possible and get it passed. Alternatively, Government may have to resort to an ordinance to make PDPA 2018 effective immediately.
Naavi
Disclaimer: The views expressed here and elsewhere on this site are the personal views of Naavi and not the views of any organization or group that he may be associated with.
Pingback: Aadhaar Judgement-7… Can the Private Sector use Aadhaar for Authentication? | Naavi.org
Pingback: Recent Developments in PrivacyProtection in India – Privacy Knowledge Center