2019 SCC Vol. 1 January, 2019 Part 1

Constitution of India — Pt. III — Right to privacy — Right to Informational Privacy and Data Protection: Informational privacy deals with person’s mind and personal information. It includes right to control dissemination of personal information and protection from its unauthorised use. Where data is ubiquitous, an all-encompassing presence, every transaction of an individual user leaves electronic tracks without her knowledge. Individually these information silos may seem inconsequential, in aggregation, with data mining and metadata, etc. the information enables profiling of individuals, and other impermissible infringements of the right to informational privacy. Every individual has a right to be able to exercise control over their own life and image as portrayed in the world and to control commercial use of their image/identity, and be protected from unauthorised use of such information by State or non-State entities. Hence, State must bring into being a viable data protection regime which recognises, respects, protects and enforces informational privacy both against State and non-State entities. Informational privacy requires legal protection because the individual cannot be left to an unregulated marketplace. Data collection, usage and storage (including biometric data) require adherence to the principles of consent, purpose and storage limitation, data differentiation, data exception, data minimisation, substantive and procedural fairness and safeguards, transparency, data protection and security. Only by such strict observance of these principles can State successfully discharge the burden of proportionality while affecting the privacy rights of its citizens. Apprehension, however legitimate it may be, cannot override the justification of the project once the justification test is satisfied. When the project is for a larger public benefit, consequently, individual interest or smaller public interest must yield. In such a situation, adequate care, caution, and monitoring at every stage and constant vigil are necessary. Maintaining safety is an ongoing process not only at the design level but also during the operation of a project. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 is a beneficial legislation which is aimed at empowering millions of people in this country.  Justification of this project has been adequately demonstrated. In such a scenario only on apprehension, the project cannot be shelved. At the same time, data protection and data safety is also to be ensured to avoid even the remote possibility of data profiling or data leakage. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, is valid and not violative of the fundamental right to privacy. Further, S. 57 of the Aadhaar Act, permitting the mandate of Aadhaar based authentication by private entities, is unconstitutional. Furthermore, Aadhaar cannot be made compulsory for opening bank accounts or for procuring mobile phone connections; however, the mandate of Aadhaar-PAN linkage under section 139-AA of the Income Tax Act is valid. [K.S. Puttaswamy v. Union of India, (2019) 1 SCC 1]