Need for robust law to protect citizens sensitive information, says Supreme Court during Aadhaar hearing 

The Supreme Court asked the UIDAI about the safeguards to restrain private entities, involved in Aadhaar authentication, from parting with it.

Published: 27th March 2018 09:22 PM  |   Last Updated: 27th March 2018 09:22 PM   |  A+A-

Aadhaar cards (Express File Photo)


NEW DELHI: The Supreme Court today said there was a need for a "robust" law to protect the sensitive information of citizens and asked the UIDAI about the safeguards to restrain private entities, involved in Aadhaar authentication, from parting with it.

A five-judge Constitution bench headed by Chief Justice Dipak Misra asked Ajay Bhushan Pandey, the CEO of UIDAI, about the safeguards employed to restrain private entities from parting with sensitive information of citizens for commercial gains while conducting the authentication of Aadhaar.

"There are two ends of authentication. You say that you do not know the purpose of authentication and the data at your (UIDAI) end is safe. AUA may be a private entity, what are the safeguards, if AUA parts with the sensitive information," the bench asked the UIDAI CEO.

"Let us have a robust law to protect the data of citizens. There is no such law in India," the bench, comprising justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan, said.

Authentication User Agency (AUA) is an entity, engaged by the Unique Identification Authority of India (UIDAI), to provide Aadhaar enabled services to Aadhaar number holders by using the authentication.

Justice Chandrachud, during the hearing, gave an illustration and said if, he orders pizza from a pizza chain on regular basis and if that chain shares the information with his health insurance firm, then it will have some bearing because the lifestyle is one of the key factors.

"This is a commercially sensitive information," the judge said and added that there was no "enforceable protection against others" even if the CIDR (data repository of UIDAI) was fully secure.

Such sharing is prohibited under the Aadhaar Act, the CEO said, adding that however, there was no control over such sharing of information by private entities, working as AUAs.

The bench asked the CEO not to bother the court with operational aspects, but to satisfy it as to whether any breach of data was possible.

The CEO said that breaches, if any, might take place from others' end as the UIDAI's CIDR was safe and not connected to the Internet.

"In last seven years, not a single breach of biometric details has taken place," he said, adding that now it has been directed that only the last 4 digits of Aadhaar number would be put in public domain.

"Aadhaar biometrics is shared only for 'national security' reasons. The consent is required at the level of the Cabinet secretary and so far, not a single request has so far come to us," he said.

He said that UIDAI gets a lot of requests from IT department seeking Aadhaar data, he said, adding, "We tell them we don't have 'a lot of data'.

"Sharing of information, except core biometrics, would require permission of the district court concerned," the UIDAI CEO said.

He said the possibility of surveillance with Aadhaar was not there, because the UIDAI did not keep any data that can be misused.

The UIDAI CEO referred to the point raised by the apex court that why the government could not think of giving ID cards as done in Singapore to ensure that the authorities do not aggregate the data of citizens.

In Singapore, there is a smart card with online authentication to enhance security, he said, adding that even they had authentication records.

Moreover, Singapore was also planning to move to biometrics, he said, adding that having too much information on the smart card was risky.

"It's frozen in time. If a new technology develops, you will have to be replace all cards," he said.

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp