The Delhi High Court has granted UIDAI 4 weeks’ time to file a response to a plea seeking damages for the losses due to an Aadhaar data leak, reports PTI. A two judge bench of Justice Ravindra Bhat and Prateek Jalan has listed the matter for hearing on February 14, 2019.

The court was hearing a plea filed by SpicyIP founder and law scholar Shamnad Basheer where he alleged a violation of the fundamental right to privacy as affirmed in Justice KS Puttaswamy v Union of India due to Aadhaar data breaches (see more information below). The plea also urged the court to direct the Centre to either allow people to opt out of the system or delete the entire existing UIDAI data in view of alleged security breaches.

While hearing the matter on August 21, the court gave six weeks time to UIDAI, Union of India (UOI), National Informatics Centre (NIC) and Ministry of Communications and Information Technology  to respond to it. Basheer filed the petition on May 19, before the Delhi HC. But at that time, the bench comprising of Justice Sanjiv Khanna and Justice Chandrashekhar  had opined that it would wait for the outcome of the petition on Aadhaar pending before the Supreme Court.

Basheer’s petition and the plea before the HC

  • Basheer’s petition traces the journey of Aadhaar as a voluntary scheme which was gradually made near compulsory. The petition does not intend to challenge the constitutional validity of the Aadhaar Act.
  • The petition further reads that UIDAI and the government “continue to compromise the security of Aadhaar data through their negligent acts/omissions and consequently violate the fundamental privacy rights of the Petitioner and that of the public at large.”
  • He cited The Tribune’s news report where it claimed to have “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the 1 billion Aadhaar numbers created in India. He raised the concern of misuse of data for personal gain by unauthorized third parties.
  • UIDAI’s conduct violates the Aadhaar Act and associated regulations, as well as the Information Technology Act, 2000 and associated rules. It also violates the  fundamental right to privacy; and is actionable and compensable.
  • In the petition, Basheer asks for compensation for security breaches provisioned under Section 43A of the IT Act.

Basheer, in his petition, sought information on the number of data breaches since the inception of UIDAI and Aadhaar scheme. He also sought exemplary damages and liberty to opt out of the Aadhaar system. In addition, the petition also sought a Writ of Mandamus directing the Centre to permanently delete all existing Aadhaar numbers and reissue a new Aadhaar number. (Mandamus is a mandate issued by a superior court to compel a lower court or a government officer to perform mandatory or purely ministerial duties correctly.)