(a) What is the magnitude of protection that need to be accorded to collection, storage and usage of biometric data?
(b) Whether the Aadhaar Act and Rules provide such protection, including in respect of data minimisation, purpose limitation, time period for data retention and data protection and security?
(a) The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state. This is ensured by the manner in which the Aadhaar project operates.
(b) We have recorded in detail the powerpoint presentation that was given by Dr. Ajay Bhushan Pandey, CEO of the Authority, which brings out the following salient features:
(i) During the enrolment process, minimal biometric data in the form of iris and fingerprints is collected. The Authority does not collect purpose, location or details of transaction. Thus, it is purpose blind. The information collected, as aforesaid, remains in silos. Merging of silos is prohibited. The requesting agency is provided answer only in Yes’ or ‘No’ about the authentication of the person concerned. The authentication process is not exposed to the Internet world. Security measures, as per the provisions of Section 29(3) read with Section 38(g) as well as Regulation 17(1)(d) of the Authentication Regulations, are strictly followed and adhered to.
(ii) There are sufficient authentication security measures taken as well, as demonstrated in Slides 14, 28 and 29 of the presentation.
(iii) The Authority has sufficient defence mechanism, as explained in Slide 30. It has even taken appropriate protection measures as demonstrated in Slide 31.
(iv) There is an oversight by Technology and Architecture Review Board (TARB) and Security Review Committee.
(v) During authentication no information about the nature of transaction etc. is obtained.
(vi) The Authority has mandated use of Registered Devices (RD) for all authentication requests. With these, biometric data is signed within the device/RD service using the provider key to ensure it is indeed captured live. The device provider RD service encrypts the PID block before returning to the host application. This RD service encapsulates the biometric capture, signing and encryption of biometrics all within it. Therefore, introduction of RD in Aadhaar authentication system rules out any possibility of use of stored biometric and replay of biometrics captured from other source. Requesting entities are not legally allowed to store biometrics captured for Aadhaar authentication under Regulation 17(1)(a) of the Authentication Regulations.
(vii) The Authority gets the AUA code, ASA code, unique device code, registered device code used for authentication. It does not get any information related to the IP address or the GPS location from where authentication is performed as these parameters are not part of authentication (v2.0) and e-KYC (v2.1) API. The Authority would only know from which device the authentication has happened, through which AUA/ASA etc. It does not receive any information about at what location the authentication device is deployed, its IP address and its operator and the purpose of authentication. Further, the authority or any entity under its control is statutorily barred from collecting, keeping or maintaining any information about the purpose of authentication under Section 32(3) of the Aadhaar Act.
(c) After going through the Aadhaar structure, as demonstrated by the respondents in the powerpoint presentation from the provisions of the Aadhaar Act and the machinery which the Authority has created for data protection, we are of the view that it is very difficult to create profile of a person simply on the basis of biometric and demographic information stored in CIDR. Insofar as authentication is concerned, the respondents rightly pointed out that there are sufficient safeguard mechanisms. To recapitulate, it was specifically submitted that there was security technologies in place (slide 28 of Dr. Pandey’s presentation), 24/7 security monitoring, data leak prevention, vulnerability management programme and independent audits (slide 29) as well as the Authority’s defence mechanism (slide 30). It was further pointed out that the Authority has taken appropriate pro-active protection measures, which included disaster recovery plan, data backup and availability and media response plan (slide 31). The respondents also pointed out that all security principles are followed inasmuch as: (a) there is PKI-2048 encryption from the time of capture, meaning thereby, as soon as data is given at the time of enrolment, there is an end to end encryption thereof and it is transmitted to the Authority in encrypted form. The said encryption is almost foolproof and it is virtually impossible to decipher the same; (b) adoption of best-in-class security standards and practices; and (c) strong audit and traceability as well as fraud detection. Above all, there is an oversight of Technology and Architecture Review Board (TARB) and Security Review Committee. This Board and Committee consists of very high profiled officers. Therefore, the Act has endeavoured to provide safeguards.
(d) Insofar as use and protection of data is concerned, having regard to the principles enshrined in various cases, Indian and foreign, the matter is examined from the stand point of data minimisation, purpose limitation, time period for data retention, data protection and security (qua CIDR, requisite entities, enrolment agencies and Registrars, authentication service agency, hacking, biometric solution providers, substantive procedural or judicial safeguards). After discussing the aforesaid aspect with reference to certain provisions of the Aadhaar Act, we are of the view that apprehensions of the petitioners stand assuaged with the striking down or reading down or clarification of some of the provisions, namely:
(i) Authentication records are not to be kept beyond a period of six months, as stipulated in Regulation 27(1) of the Authentication Regulations. This provision which permits records to be archived for a period of five years is held to be bad in law.
(ii) Metabase relating to transaction, as provided in Regulation 26 of the aforesaid Regulations in the present form, is held to be impermissible, which needs suitable amendment.
(iii) Section 33(1) of the Aadhaar Act is read down by clarifying that an individual, whose information is sought to be released, shall be afforded an opportunity of hearing.
(iv) Insofar as Section 33(2) of the Act in the present form is concerned, the same is struck down.
(v) That portion of Section 57 of the Aadhaar Act which enables body corporate and individual to seek authentication is held to be unconstitutional.
(vi) We have also impressed upon the respondents, to bring out a robust data protection regime in the form of an enactment on the basis of Justice B.N. Srikrishna (Retd.) Committee Report with necessary modifications thereto as may be deemed appropriate.
(a) After detailed discussion, it is held that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21. This can be discerned from the reading of Paras 297 to 307 of the judgment.
(b) The Court is also of the opinion that the triple test laid down in order to adjudge the reasonableness of the invasion to privacy has been made. The Aadhaar scheme is backed by the statute, i.e. the Aadhaar Act. It also serves legitimate State aim, which can be discerned from the Introduction to the Act as well as the Statement of Objects and Reasons which reflect that the aim in passing the Act was to ensure that social benefit schemes reach the deserving community. The Court noted that the failure to establish identity of an individual has proved to be a major hindrance for successful implementation of those programmes as it was becoming difficult to ensure that subsidies, benefits and services reach the unintended beneficiaries in the absence of a credible system to authenticate identity of beneficiaries. The Statement of Objects and Reasons also discloses that over a period of time, the use of Aadhaar number has been increased manifold and, therefore, it is also necessary to take measures relating to ensuring security of the information provided by the individuals while enrolling for Aadhaar card.
(c) It may be highlighted that the petitioners are making their claim on the basis of dignity as a facet of right to privacy. On the other hand, Section 7 of the Aadhaar Act is aimed at offering subsidies, benefits or services to the marginalised section of the society for whom such welfare schemes have been formulated from time to time. That also becomes an aspect of social justice, which is the obligation of the State stipulated in Para IV of the Constitution. The rationale behind Section 7 lies in ensuring targeted delivery of services, benefits and subsidies which are funded from the Consolidated Fund of India. In discharge of its solemn Constitutional obligation to enliven the Fundamental Rights of life and personal liberty (Article 21) to ensure Justice, Social, Political and Economic and to eliminate inequality (Article 14) with a view to ameliorate the lot of the poor and the Dalits, the Central Government has launched several welfare schemes. Some such schemes are PDS, scholarships, mid day meals, LPG subsidies, etc. These schemes involve 3% percentage of the GDP and involve a huge amount of public money. Right to receive these benefits, from the point of view of those who deserve the same, has now attained the status of fundamental right based on the same concept of human dignity, which the petitioners seek to bank upon. The Constitution does not exist for a few or minority of the people of India, but “We the people”. The goals set out in the Preamble of the Constitution do not contemplate statism and do not seek to preserve justice, liberty, equality an fraternity for those who have the means and opportunity to ensure the exercise of inalienable rights for themselves. These goals are predominantly or at least equally geared to “secure to all its citizens”, especially, to the downtrodden, poor and exploited, justice, liberty, equality and “to promote” fraternity assuring dignity. Interestingly, the State has come forward in recognising the rights of deprived section of the society to receive such benefits on the premise that it is their fundamental right to claim such benefits. It is acknowledged by the respondents that there is a paradigm shift in addressing the problem of security and eradicating extreme poverty and hunger. The shift is from the welfare approach to a right based approach. As a consequence, right of everyone to adequate food no more remains based on Directive Principles of State Policy (Art 47), though the said principles remain a source of inspiration. This entitlement has turned into a Constitutional fundamental right. This Constitutional obligation is reinforced by obligations under International Convention.
(d) Even the petitioners did not seriously question the purpose and bona fides of the Legislature enacting the law.
(e) The Court also finds that the Aadhaar Act meets the test of proportionality as the following components of proportionality stand satisfied:
(i) A measure restricting a right must have a legitimate goal (legitimate goal stage).
(ii) It must be a suitable means of furthering this goal (suitability or rationale connection stage).
(iii) There must not be any less restrictive but equally effective alternative (necessity stage).
(iv) The measure must not have a disproportionate impact on the right holder (balancing stage).
(f) In the process, the Court has taken note of various judgments pronounced by this Court pertaining to right to food, issuance of BPL Cards, LPG connections and LPG cylinders at minimal cost, old age and other kind of pensions to deserving persons, scholarships and implementation of MGNREGA scheme.
(g) The purpose behind these orders was to ensure that the deserving beneficiaries of the scheme are correctly identified and are able to receive the benefits under the said scheme, which is their entitlement. The orders also aimed at ensuring ‘good governance’ by bringing accountability and transparency in the distribution system with the pious aim in mind, namely, benefits actually reached those who are rural, poor and starving.
(h) All this satisfies the necessity stage test, particularly in the absence of any less restrictive but equally effective alternative. (i) Insofar as balancing is concerned, the matter is examined at two levels:
(i)Whether, ‘legitimate state interest’ ensures ‘reasonable tailoring’? There is a minimal intrusion into the privacy and the law is narrowly framed to achieve the objective. Here the Act is to be tested on the ground that whether it is found on a balancing test that the social or public interest and the reasonableness of the restrictions outweigh the particular aspect of privacy, as claimed by the petitioners. This is the test we have applied in the instant case.
(ii) There needs to be balancing of two competing fundamental rights, right to privacy on the one hand and right to food, shelter and employment on the other hand. Axiomatically both the rights are founded on human dignity. At the same time, in the given context, two facets are in conflict with each other. The question here would be, when a person seeks to get the benefits of welfare schemes to which she is entitled to as a part of right to live life with dignity, whether her sacrifice to the right to privacy, is so invasive that it creates imbalance?
(j) In the process, sanctity of privacy in its functional relationship with dignity is kept in mind where it says that legitimate expectation of privacy may vary from intimate zone to the private zone and from the private to public arena. Reasonable expectation of privacy is also taken into consideration. The Court finds that as the information collected at the time of enrolment as well as authentication is minimal, balancing at the first level is met. Insofar as second level, namely, balancing of two competing fundamental rights is concerned, namely, dignity in the form of autonomy (informational privacy) and dignity in the form of assuring better living standards of the same individual, the Court has arrived at the conclusion that balancing at the second level is also met. The detailed discussion in this behalf amply demonstrates that enrolment in Aadhaar of the unprivileged and marginalised section of the society, in order to avail the fruits of welfare schemes of the Government, actually amounts to empowering these persons. On the one hand, it gives such individuals their unique identity and, on the other hand, it also enables such individuals to avail the fruits of welfare schemes of the Government which are floated as socio-economic welfare measures to uplift such classes. In that sense, the scheme ensures dignity to such individuals. This facet of dignity cannot be lost sight of and needs to be acknowledged. We are, by no means, accepting that when dignity in the form of economic welfare is given, the State is entitled to rob that person of his liberty. That can never be allowed. We are concerned with the balancing of the two facets of dignity. Here we find that the inroads into the privacy rights where these individuals are made to part with their biometric information, is minimal. It is coupled with the fact that there is no data collection on the movements of such individuals, when they avail benefits under Section 7 of the Act thereby ruling out the possibility of creating their profiles. In fact, this technology becomes a vital tool of ensuring good governance in a social welfare state. We, therefore, are of the opinion that the Aadhaar Act meets the test of balancing as well.
(k) Insofar as the argument based on probabilistic system of Aadhaar, leading to ‘exclusion’ is concerned, the Authority has claimed that biometric accuracy is 99.76% and the petitioners have also proceeded on that basis. In this scenario, if the Aadhaar project is shelved, 99.76% beneficiaries are going to suffer. Would it not lead to their exclusion? It will amount to throwing the baby out of hot water along with the water. In the name of 0.232% failure (which can in any case be remedied) should be revert to the pre-Aadhaar stage with a system of leakages, pilferages and corruption in the implementation of welfare schemes meant for marginalised section of the society, the full fruits thereof were not reaching to such people?
(l) The entire aim behind launching this programme is the `inclusion’ of the deserving persons who need to get such benefits. When it is serving much larger purpose by reaching hundreds of millions of deserving persons, it cannot be crucified on the unproven plea of exclusion of some. It is clarified that the Court is not trivialising the problem of exclusion if it is there. However, what we are emphasising is that remedy is to plug the loopholes rather than axe a project, aimed for the welfare of large section of the society. Obviously, in order to address the failures of authentication, the remedy is to adopt alternate methods for identifying such persons, after finding the causes of failure in their cases. We have chosen this path which leads to better equilibrium and have given necessary directions also in this behalf, viz:
(i) We have taken on record the statement of the learned Attorney General that no deserving person would be denied the benefit of a scheme on the failure of authentication.
(ii) We are also conscious of the situation where the formation of fingerprints may undergo change for various reasons. It may happen in the case of a child after she grows up; it may happen in the case of an individual who gets old; it may also happen because of damage to the fingers as a result of accident or some disease etc. or because of suffering of some kind of disability for whatever reason. Even iris test can fail due to certain reasons including blindness of a person. We again emphasise that no person rightfully entitled to the benefits shall be denied the same on such grounds. It would be appropriate if a suitable provision be made in the concerned regulations for establishing an identity by alternate means, in such situations.
(m) As far as subsidies, services and benefits are concerned, their scope is not to be unduly expanded thereby widening the net of Aadhaar, where it is not permitted otherwise. In this respect, it is held as under:
(i) `Benefits’ and ‘services’ as mentioned in Section 7 should be those which have the colour of some kind of subsidies etc., namely, welfare schemes of the Government whereby Government is doling out such benefits which are targeted at a particular deprived class.
(ii) It would cover only those ‘benefits’ etc. the expenditure thereof has to be drawn from the Consolidated Fund of India.
(iii) On that basis, CBSE, NEET, JEE, UGC etc. cannot make the requirement of Aadhaar mandatory as they are outside the purview of Section 7 and are not backed by any law.
(a) For the enrolment of children under the Aadhaar Act, it would be essential to have the consent of their parents/guardian.
(b) On attaining the age of majority, such children who are enrolled under Aadhaar with the consent of their parents, shall be given the option to exit from the Aadhaar project if they so choose in case they do not intend to avail the benefits of the scheme.
(c) Insofar as the school admission of children is concerned, requirement of Aadhaar would not be compulsory as it is neither a service nor subsidy. Further, having regard to the fact that a child between the age of 6 to 14 years has the fundamental right to education under Article 21A of the Constitution, school admission cannot be treated as ‘benefit’ as well.
(d) Benefits to children between 6 to 14 years under Sant Shiksha Abhiyan, likewise, shall not require mandatory Aadhaar enrolment.
(e) For availing the benefits of other welfare schemes which are covered by Section 7 of the Aadhaar Act, though enrolment number can be insisted, it would be subject to the consent of the parents, as mentioned in (a) above.
(f) We also clarify that no child shall be denied benefit of any of these schemes if, for some reasons, she is not able to produce the Aadhaar number and the benefit shall be given by verifying the identity on the basis of any other documents. This we say having regard to the statement which was made by Mr. K.K. Venugopal, learned Attorney General for India, at the Bar.
(i) Sections 2(c) and 2(d) read with Section 32
(ii) Section 2(h) read with Section 10 of CIDR
(iii) Section 2(l) read with Regulation 23
(iv) Section 2(v)
(v) Section 3
(vi) Section 5
(vii) Section 6
(viii) Section 8
(ix) Section 9
(x) Sections 11 to 23
(xi) Sections 23 and 54
(xii) Section 23(2)(g) read with Chapter VI & VII –Regulations 27 to 32
(xiii) Section 29
(xiv) Section 33
(xv) Section 47
(xvi) Section 48
(xvii) Section 57
(xviii) Section 59
(a) Section 2(d) which pertains to authentication records, such records would not include metadata as mentioned in Regulation 26(c) of the Aadhaar (Authentication) Regulations, 2016. Therefore, this provision in the present form is struck down. Liberty, however, is given to reframe the regulation, keeping in view the parameters stated by the Court.
(b) Insofar as Section 2(b) is concerned, which defines `resident’, the apprehension expressed by the petitioners was that it should not lead to giving Aadhaar card to illegal immigrants. We direct the respondent to take suitable measures to ensure that illegal immigrants are not able to take such benefits.
(c) Retention of data beyond the period of six months is impermissible. Therefore, Regulation 27 of Aadhaar (Authentication) Regulations, 2016 which provides archiving a data for a period of five years is struck down.
(d) Section 29 in fact imposes a restriction on sharing information and is, therefore, valid as it protects the interests of Aadhaar number holders. However, apprehension of the petitioners is that this provision entitles Government to share the information ‘for the purposes of as may be specified by regulations’. The Aadhaar (Sharing of Information) Regulations, 2016, as of now, do not contain any such provision. If a provision is made in the regulations which impinges upon the privacy rights of the Aadhaar card holders that can always be challenged.
(e) Section 33(1) of the Act prohibits disclosure of information, including identity information or authentication records, except when it is by an order of a court not inferior to that of a District Judge. We have held that this provision is to be read down with the clarification that an individual, whose information is sought to be released, shall be afforded an opportunity of hearing. If such an order is passed, in that eventuality, he shall also have right to challenge such an order passed by approaching the higher court. During the hearing before the concerned court, the said individual can always object to the disclosure of information on accepted grounds in law, including Article 20(3) of the Constitution or the privacy rights etc.
(f) Insofar as Section 33(2) is concerned, it is held that disclosure of information in the interest of national security cannot be faulted with. However, for determination of such an eventuality, an officer higher than the rank of a Joint Secretary should be given such a power. Further, in order to avoid any possible misuse, a Judicial Officer (preferably a sitting High Court Judge) should also be associated with. We may point out that such provisions of application of judicial mind for arriving at the conclusion that disclosure of information is in the interest of national security, are prevalent in some jurisdictions. In view thereof, Section 33(2) of the Act in the present form is struck down with liberty to enact a suitable provision on the lines suggested above.
(g) Insofar as Section 47 of the Act which provides for the cognizance of offence only on a complaint made by the Authority or any officer or person authorised by it is concerned, it needs a suitable amendment to include the provision for filing of such a complaint by an individual/victim as well whose right is violated. (h) Insofar as Section 57 in the present form is concerned, it is susceptible to misuse inasmuch as: (a) It can be used for establishing the identity of an individual ‘for any purpose’. We read down this provision to mean that such a purpose has to be backed by law. Further, whenever any such “law” is made, it would be subject to judicial scrutiny. (b) Such purpose is not limited pursuant to any law alone but can be done pursuant to `any contract to this effect’ as well. This is clearly impermissible as a contractual provision is not backed by a law and, therefore, first requirement of proportionality test is not met. (c) Apart from authorising the State, even ‘any body corporate or person’ is authorised to avail authentication services which can be on the basis of purported agreement between an individual and such body corporate or person. Even if we presume that legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of an individual biometric and demographic information by the private entities. Thus, this part of the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals. This part of the section, thus, is declared unconstitutional.
(i) Other provisions of Aadhaar Act are held to be valid, including Section 59 of the Act which, according to us, saves the pre-enactment period of Aadhaar project, i.e. from 2009-2016.
Aadhaar Act meets the concept of Limited Government, Good Governance and Constitutional Trust.
(a) We do recognise the importance of Rajya Sabha (Upper House) in a bicameral system of the Parliament. The significance and relevance of the Upper House has been succinctly exemplified by this Court in Kuldip Nayar’s case. The Rajya Sabha, therefore, becomes an important institution signifying constitutional fedaralism. It is precisely for this reason that to enact any statute, the Bill has to be passed by both the Houses, namely, Lok Sabha as well as Rajya Sabha. It is the constitutional mandate. The only exception to the aforesaid Parliamentary norm is Article 110 of the Constitution of India. Having regard to this overall scheme of bicameralism enshrined in our Constitution, strict interpretation has to be accorded to Article 110. Keeping in view these principles, we have considered the arguments advanced by both the sides.
(b) The petitioners accept that Section 7 of the Aadhaar Act has the elements of ‘Money Bill’. The attack is on the premise that some other provisions, namely, clauses 23(2)(h), 54(2)(m) and 57 of the Bill (which corresponds to Sections 23(2)(h), 54(2)(m) and 57 of the Aadhaar Act) do not fall under any of the clauses of Article 110 of the Constitution and, therefore, Bill was not limited to only those subjects mentioned in Article 110. Insofar as Section 7 is concerned, it makes receipt of subsidy, benefit or service subject to establishing identity by the process of authentication under Aadhaar or furnish proof of Aadhaar etc. It is also very clearly declared in this provision that the expenditure incurred in respect of such a subsidy, benefit or service would be from the Consolidated Fund of India. It is also accepted by the petitioners that Section 7 is the main provision of the Act. In fact, introduction to the Act as well as Statement of Objects and Reasons very categorically record that the main purpose of Aadhaar Act is to ensure that such subsidies, benefits and services reach those categories of persons, for whom they are actually meant.
(c) As all these three kinds of welfare measures are sought to be extended to the marginalised section of society, a collective reading thereof would show that the purpose is to expand the coverage of all kinds of aid, support, grant, advantage, relief provisions, facility, utility or assistance which may be extended with the support of the Consolidated Fund of India with the objective of targeted delivery. It is also clear that various schemes which can be contemplated by the aforesaid provisions, relate to vulnerable and weaker section of the society. Whether the social justice scheme would involve a subsidy or a benefit or a service is merely a matter of the nature and extent of assistance and would depend upon the economic capacity of the State. Even where the state subsidizes in part, whether in cash or kind, the objective of emancipation of the poor remains the goal.
(d) The respondents are right in their submission that the expression subsidy, benefit or service ought to be understood in the context of targeted delivery to poorer and weaker sections of society. Its connotation ought not to be determined in the abstract. For as an abstraction one can visualize a subsidy being extended by Parliament to the King; by Government to the Corporations or Banks; etc. The nature of subsidy or benefit would not be the same when extended to the poor and downtrodden for producing those conditions without which they cannot live a life with dignity. That is the main function behind the Aadhaar Act and for this purpose, enrolment for Aadhaar number is prescribed in Chapter II which covers Sections 3 to 6. Residents are, thus, held entitled to obtain Aadhaar number. We may record here that such an enrolment is of voluntary nature. However, it becomes compulsory for those who seeks to receive any subsidy, benefit or service under the welfare scheme of the Government expenditure whereof is to be met from the Consolidated Fund of India. It follows that authentication under Section 7 would be required as a condition for receipt of a subsidy, benefit or service only when such a subsidy, benefit or service is taken care of by Consolidated Fund of India. Therefore, Section 7 is the core provision of the Aadhaar Act and this provision satisfies the conditions of Article 110 of the Constitution. Upto this stage, there is no quarrel between the parties.
(e) On examining of the other provisions pointed out by the petitioners in an attempt to take it out of the purview of Money Bill, we are of the view that those provisions are incidental in nature which have been made in the proper working of the Act. In any case, a part of Section 57 has already been declared unconstitutional. We, thus, hold that the Aadhaar Act is validly passed as a ‘Money Bill’.
Validity of this provision was upheld in the case of Binoy Viswam by repelling the contentions based on Articles 14 and 19 of the Constitution. The question of privacy which, at that time, was traced to Article 21, was left open. The matter is reexamined on the touchstone of principles laid down in K.S. Puttaswamy. The matter has also been examined keeping in view that manifest arbitrariness is also a ground of challenge to the legislative enactment. Even after judging the matter in the context of permissible limits for invasion of privacy, namely: (i) the existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’, we come to the conclusion that all these tests are satisfied. In fact, there is specific discussion on these aspects in Binoy Viswam’s case as well.
(a) We hold that the provision in the present form does not meet the test of proportionality and, therefore, violates the right to privacy of a person which extends to banking details.
(b) This linking is made compulsory not only for opening a new bank account but even for existing bank accounts with a stipulation that if the same is not done then the account would be deactivated, with the result that the holder of the account would not be entitled to operate the bank account till the time seeding of the bank account with Aadhaar is done. This amounts to depriving a person of his property. We find that this move of mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality. To recapitulate, the test of proportionality requires that a limitation of the fundamental rights must satisfy the following to be proportionate: (i) it is designated for a proper purpose; (ii) measures are undertaken to effectuate the limitation are rationally connected to the fulfilment of the purpose; (iii) there are no alternative less invasive measures; and (iv) there is a proper relation between the importance of achieving the aim and the importance of limiting the right.
(c) The Rules are held to be disproportionate for the reasons stated in the main body of this Judgment.
Circular dated March 23, 2017 mandating linking of mobile number with Aadhaar is held to be illegal and unconstitutional as it is not backed by any law and is hereby quashed.
This question is answered in the negative.