New Delhi: In a historic judgement, the Supreme Court on Wednesday laid down the blueprint of a revamped legal framework for Aadhaar, fine-tuning the scheme’s focus from inclusion—its original raison d’etre—to the prevention of exclusion.

The five-member Constitution bench headed by Chief Justice of India Dipak Misra, while taking into consideration the concerns of the petitioners, struck down and re-worked some of the provisions of the Aadhaar Act and Aadhaar Regulations. This move is also expected to make the legal architecture of Aadhaar more citizen-friendly by addressing concerns around privacy of personal data, including biometrics.

In the last few years, the 12-digit unique identity project has been targeted by critics over the security of data collected by the issuing body Unique Identification Authority of India (UIDAI) and over concerns that its compulsory use for availing most services was leading to people being excluded.

While affirming the constitutional validity of Aadhaar, the apex court in a move aimed at protecting data said the Aadhaar Regulations which permits authentication records to be archived for a period of five years is “bad in law". However, the part of the same provision which mandates authentication records to be kept for a period of six months was upheld by the court.

The apex court also sought amendments to the regulations on “metabase relating to transactions" that needs to be maintained by the UIDAI, calling it “impermissible". This will ensure that no one can replicate the information to create a fake profile of the Aadhaar number holder and conduct transactions, said a privacy expert who did not wish to be named.

“The limitations about time of storage, on metadata analysis and state interference are important developments for privacy. Also, the striking down of Section 57 that gave access to private companies puts a stop to this mission creep of Aadhaar. This gives much-needed relief to the common public," said Prasanth Sugathan, legal director, Software Freedom Law Centre, a Delhi-based non-profit working to protect and promote civil liberties in the digital space.

Section 57 of the Aadhaar Act, 2016, which allows the use of the 12-digit Aadhaar number for establishing the identity of an individual for any purpose—whether by the State or any corporate or person— has been read down.

“That portion of Section 57 of the Aadhaar Act which enables body corporate and individual to seek authentication is held to be unconstitutional," the bench said in its judgement.

This will ensure that private companies using Aadhaar data for authenticating customers will no longer be able to do so. This is likely to adversely impact the fintech industry and payment banks, which rely on Aadhaar-based KYC (know-your-customer).

Highlighting the need for hearing individuals whose Aadhaar details are being used, the apex court also read down Section 33 of the Aadhaar Act, saying: “An individual, whose information is sought to be released, shall be afforded an opportunity of hearing." Section 33 defines the procedure for sharing demographic information and photographs, and the authentication records of an Aadhaar number holder by the issuing authority when required to do so.

The judges also struck down Section 33(2) which permits disclosure of information, including identity and authentication information, made in the interest of national security in pursuance of a direction of an officer not below the rank of joint secretary specially authorized by an order of the central government.

The apex court’s move to modify the existing Aadhaar law was welcomed by UIDAI. “Some reasonable conditions and restrictions on private usages have been imposed as safeguards that would further strengthen Aadhaar as the unique identity in the service of the people especially the poor," A.B. Pandey, chief executive of UIDAI said in a statement.

Close