This morning’s news carried stories (samples here and here) of the Cabinet’s approval to a set of amendments to the Prevention of Money Laundering Act, 2002 (the “PMLA”), the Telegraph Act, 1885, and the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016 (the “Aadhaar Act”).
While specifics are still unavailable (the website of the Parliament of India here does not list an amendment bill in relation to those three Acts yet), some WhatsApp warriors claim that biometric Aadhaar-based eKYC will be re-introduced, while others think this heralds a push toward the adoption of Aadhaar XML or other alternative technologies. The only thing most stories seems to agree upon is that any such use of Aadhaar for telephone connection or bank account opening KYC purposes will be voluntary.
We’ve tried to put down a few possible scenarios here (which we will, of course, update as the amendment bills become available for public viewing), and how we see them playing out; but first, it is important that we clear the air on a question that’s being asked a lot today:
“The news stories say that Aadhaar eKYC was banned because there’s no law backing it; is it enough for the Government to introduce a law to permit the use of Aadhaar eKYC again?”
Consider that one of the main grounds of attack on Aadhaar in Writ Petition (Civil) No 494 of 2012, Justice K.S. Puttaswamy v. Union of India and Others, decided on September 26, 2018 (the “Aadhaar Case”) was that the use of mandatory biometric Aadhaar authentication in relation to bank accounts, phone connections, etc., was an unreasonable invasion upon the right to privacy, now recognised as part of our fundamental rights.
To be constitutionally valid, any law that impinges on the fundamental right to privacy would have to meet the ‘Proportionality Test’, summarised as follows in para 433 of the majority judgment in the Aadhaar Case:
“To recapitulate, the test of proportionality requires that a limitation of the fundamental rights must satisfy the following to be proportionate: (i) it is designated for a proper purpose; (ii) measures are undertaken to effectuate the limitation are rationally connected to the fulfilment of the purpose; (iii) there are no alternative less invasive measures; and (iv) there is a proper relation between the importance of achieving the aim and the importance of limiting the right.”
It is not enough, therefore, that a law be passed permitting the use of biometric Aadhaar eKYC to render it permissible for any purpose – that law must also pass the standard of the Proportionality Test.
So what does that mean for these proposed amendments?
Well, it’s difficult to imagine that the Supreme Court would suo moto chase down these amendments to test whether or not they pass the standards laid down in the Aadhaar Case; their validity (or otherwise) would only be confirmed if someone were to challenge them in court. Considering it was the mandatory use / linking of Aadhaar that most petitioners in the Aadhaar Case found problematic, it remains to be seen whether someone would challenge even the voluntary use of biometric Aadhaar eKYC.
Now that we’ve got that bogey out of the way, let’s look at some possible combinations that may emerge from these amendments, and how they may play out:
- Aadhaar eKYC (biometric or OTP) voluntary, other forms of KYC (paper-based) also permitted: One likely scenario is where alternative mechanisms will be permissible, but the sheer relative convenience of a paperless Aadhaar eKYC may convince most people to continue shelling out their Aadhaar numbers every time they want a phone connection or a new bank account. Unless someone challenges this in court, practically speaking, we’re back to where we were on September 25.
- ‘Offline’ Aadhaar paperless KYC (e.g., XML- or QR-Code based) voluntary, other forms of KYC (paper-based) also permitted: Relatively speaking, this presents fewer opportunities for challenge in court, and again, if Aadhaar XML verification is to be adopted (no matter that the process is not without holes), then people may prefer it over a cumbersome paper-based process that involves having to provide attested photocopies by the bushel.
- Aadhaar eKYC (biometric or OTP) voluntary, other forms of KYC (paperless) also permitted: This evens out matters substantially, and ‘voluntary’ begins to look like a real choice now. If alternative forms of KYC are permitted that are paperless and reliable (such as those that rely on the use of live photos, face match, and photos of ‘Officially Valid Documents’), then people have a real choice, and can decide whether or not they still want to use their Aadhaar number to establish their identity for KYC purposes.
- ‘Offline’ Aadhaar paperless KYC (e.g., XML- or QR-Code based) voluntary, other forms of KYC (paperless) also permitted: Much like the previous scenario, this seems to provide a real choice to individuals conscious of protecting their privacy. Given that the Supreme Court read down Section 57 of the Aadhaar Act to, in effect, disallow the use of Aadhaar authentication services by private parties, this combination would also be safer from challenge in court. (Note here that ‘authentication’ is a defined term in the Aadhaar Act, and implies, among other things, checking the CIDR database to ‘authenticate’ Aadhaar details).
We will only know the details of what’s being proposed once the amendment bills are available for public viewing, but until then, we hope this helps you make more sense of everything you’re reading in the papers today!