Case law

Justice K.S. Puttaswamy v Union of India (Right to Privacy)

Posted by author-avatar
On December 14, 2025
0 comments
Justice K.S. Puttaswamy v Union of India (Right to Privacy)

This Case Analysis is written by Hitesh Bhootra, he is a 3rd-year LL.B. student at Aishwarya College of Education and Law. He also serves as an author at Lexful Legal.

Court: Supreme Court of India 

Bench: Chief Justice Dipak Misra, A.K. Sikri, A.M. Khanwilkar, D.Y. Chandrachud, Ashok Bhushan 

Citation: AIR 2018 SC (Supp) 1841 

Date of Judgment: 26 September 2018 

Background and facts of the case:

  • The Aadhaar initiative was launched in 2009 by the Government, The Government set up the Unique Identification Authority of India (UIDAI) via an executive notification, rather than an Act of Parliament. 
  • Aadhaar was initially projected as a voluntary identity scheme to remove ghost beneficiaries and improve welfare benefits and reducing leakage and faults in subsidy schemes. 
  • Adhaar provides a 12‑digit unique identity number based on biometric and information (fingerprints, iris scan, photograph). 
  • Various ministries and departments issued notifications making Aadhaar as compulsory for:
    • LPG subsidy,
    • ⁠Pensions,
    • ⁠Bank account opening,
    • ⁠Mobile SIMs, and
    • ⁠PAN linking. 
  • This shift from voluntary to compulsory triggered many constitutional challenges. 
  • Later, in 2012, Justice K.S. Puttaswamy filed a petition, later joined by several petitions, alleging violations of Articles 14, 19, and 21 and raising concerns about data security. 
  • The Aadhaar Bill was passed in 2016 as the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and certified as a Money Bill under Article 110.
  • In 2017, a 9‑Judge Bench in Puttaswamy (Privacy case) held that the right to privacy is a fundamental right under Article 21, which set the standard for testing Aadhaar as also right to privacy. 
  • A 5‑Judge Bench then heard the Aadhaar matters for 38 days, making it one of the longest‑argued cases after Kesavananda Bharati v. State of Kerala. 

Issues

  • The question arises whether the Aadhar and the Aadhaar Act infringe the fundamental right to privacy as stated in Article 21. 
  • Whether the Aadhaar leads to surveillance and profiling. 
  • The question is Whether Aadhaar leads to exclusion from welfare benefits, potentially breaching Articles 14 and 21. 
  • Whether gathering and collection of biometrics data under Aadhaar satisfies the test of proportionality. 
  • The question arises whether the Aadhaar Act, 2016 qualifies as a legitimate Money Bill according to Article 110.
  • The question is whether the Aadhaar can be required for authentication in the private sector as per Section 57.
  • Whether provisions like Section 33(2), allowing disclosure of Aadhaar data for national security, are constitutional. 
  • Whether Aadhaar can be made compulsory for children.

Petitioners’ arguments:

(Petitioners included: Justice Puttaswamy, Activists, Scholars, Advocates)

Privacy and surveillance:

Petitioners argued that Aadhaar enables a centralized, networked identity database (CIDR) storing biometric and demographic data of about 1.2 billion people.

over time this can create a permanent digital footprint enabling like profiling, behaviour analysis, tracking, location which could build a detailed digital profile of an individual.

Petitioners highlighted some incidents like: Leaks of Aadhaar details from government sites, Newspaper reports about sensitive data being sold for 500₹, RTI cases showing Aadhaar numbers being displayed publicly with no privacy law or with no surveillance mechanism that leads to violations of privacy under Article. 21.          

Petitioners argued that the Aadhaar system is discriminatory against the poor. There is a report of 30–40% biometric authentication failure, which leads to thousands of people being unable to access food rations, pensions, and wages due to fingerprint wear & tear in manual labourers, poor internet connectivity, or device inaccuracy. So Aadhaar failure would be arbitrary & violate Article 14.

They also pointed to reported hunger deaths in Jharkhand allegedly linked to Aadhaar-based denial of food.

Petitioners criticized the centralized storage system. They pointed out reports of Aadhaar data leaks from official government sites and reports that Aadhaar details were being traded online. They argued that biometric data, once breached, cannot be changed like passwords. UIDAI’s own statements acknowledging no system is 100% secure were cited to vulnerabilities.

Section 57 and private use:

  • Petitioners argued that permitting Aadhaar to be used by banks, telecom companies, schools, and other private entities for authentication under Section 57 effectively made Aadhaar compulsory for everyday activities, and citizens had no choice. That leads to misuse of data and forced consent, and it is argued that private entities cannot be trusted with that data. They claimed this violated decisional autonomy.
  •  Petitioners argues that Aadhaar enrolment for children was challenged as violating their decisional autonomy and best interests.
  • Making Aadhaar compulsory for school admission or examinations affects Article 21A (right to education).
  • Petitioners also argued that Aadhaar does not satisfy the proportionality test.

Proportionality test:

1. Legitimate purpose- valid public purpose, like preventing fraud, identity fraud, and fake identity elimination.

2. Necessity- no alternative is there.

3. Balancing- strong safeguards.

4. Rational connection- linked to goals, eliminate fraud.

But here Aadhaar fails to prove all these tests. No fraud prevention; middlemen steal information.

There are many alternatives, like offline systems and smart cards.

Also fails necessity, like biometric & iris scans are not essential.

Not linked to goals

National security clause- Section 33(2)

Permitting disclosure of data, violates Article 21 requirements of procedure established by law being fair, just, and reasonable. A joint secretary alone can approve disclosure of the information in the interest of national security. Once identity information is disclosed, it can reveal everything: name, address, and transactions linked to Aadhar. Section 33(2) enables the state to turn Aadhar into a surveillance tool.

Respondent Arguments

  • The government argues that due to subsidy leakages, India loses ₹70,000 crores every year, with the help of Aadhaar schemes, only genuine people receive the benefits of subsidy through Direct Benefit Transfers (DBT).   
  • They also credited Aadhaar for eliminating and removing duplicate LPG connections, fake pensioners, fraudulent scholarship claims, and ghost ration cards.
  • However, the government claims that Aadhaar saves billions of rupees.    
  • The government argues that Aadhaar is well secured, emphasized with multiple layers of encryption. Data is not accessible to public networks.  
  • They also claim that Aadhaar architecture makes hacking virtually impossible and there is no tracking of location through Aadhaar, no behavioural data is collected.
  • Privacy is not violated, and it is proportionate, Government claims through the privacy judgment that Aadhaar passes the proportionality test with:

Legitimate Aim: improving welfare deliveries & preventing fraud.          

Rational nexus: Aadhaar is unique and has a unique 12-digit ID number.

Proportionality: It collects only minimum data and basic biometrics.

No sensitive data like DNA is collected.

  • The Aadhaar Act is a valid money bill:

They said that Section 7 of the Aadhaar Act relates to welfare subsidies funded from the Consolidated Fund of India; thus, it meets the constitutional requirement for a Money Bill.

  • Aadhaar does not do surveillance:

No agency can track where authentication is done, UIDAI stores only limited data, and no transaction records.

The government argued that: In Aadhaar, there are multiple modes of authentication, such as Fingerprints, OTPs, and Iris scans.

  • The government argues that private use of Aadhaar, improves efficiency and protection and, with the help of e-KYC, reduces duplicate SIM frauds, duplicate bank account, other identity-based frauds, it also reduces paperwork and improves digital processing.
  • The government denied large-scale failure of Aadhaar. They claim that authentication failures occur due to not updating information, such as name spellings, old mobile numbers and not due to biometrics
  • The government argued that UIDAI does not disclose core biometric data, even under Section 33(2).      Only limited identity information may be shared when it concerns national security and to prevent serious threats like terrorism and crimes.
  • Section 33(2) is rarely used; therefore, it cannot be seen as a privacy breach. According to the government, the fear of misuse is imaginary.

Judgment (Majority 4:1)

The majority opinion (4:1), with Chandrachud J. dissenting, upheld the Aadhaar Scheme but with some major restrictions. Aadhaar passes the privacy test but with some major safeguards.

Court held that:

  1. Aadhaar has a legitimate aim.
    1. Biometric collection is not excessive.
    1. But the protection of data must be strengthened.

Aadhaar does not create surveillance: Aadhaar does not collect the location where authentication is done.

Aadhaar mandatory for subsidies is valid but with safeguards.

  • Applies only to benefits funded from the Consolidated Fund of India.
  • Aadhaar cannot be mandated for school admissions, exams, scholarships.
  • The State cannot deny benefits to children without having Aadhaar.
  • Aadhaar is not mandatory for children.

Section 57 partially struck down.

Aadhaar cannot be used by private companies, so section 57 Use of Aadhaar by private companies is partially declared unconstitutional.

Section 33(2) struck down:

Court held thatallowing disclosure of Aadhaar data on the order of a Joint Secretary, without judicial oversight, violates Article 21 and it also violates Article 14 arbitrariness. so, Section 33(2) is held unconstitutional.

Data retention reduced: UIDAI can keep authentication logs only for 6 months, not 5 years.

  • Mandating Aadhaar for SIM cards held unconstitutional.
  • No bank can ask or force Aadhaar for opening a bank account or linking a bank account.

Aadhaar Act upheld as Money Bill: The majority accepted Section 7 of Aadhaar as relating to expenditure from the Consolidated Fund of India. So, the Act is valid.

Dissent of Justice D.Y. Chandrachud:

  • Aadhaar Act is not a Money Bill; entire Act is unconstitutional.
  • Rajya Sabha was bypassed.
  • Section 57 shows Aadhaar is not limited to subsidies.
  • Aadhaar violates privacy.
  • No proper data protection law exists.
  • Aadhaar for children is unconstitutional.
  • Entire Act should be struck down.

Ratio Decidendi:

  1. The Court held eliminating welfare fraud is a valid aim.
    1. Aadhaar is constitutional if:
  2. Data collected is minimal.
  3. It does not reveal personal behaviour.
  4. It does not enable surveillance.
    1. Private use of Aadhaar violates privacy: Section 57 held unconstitutional because private companies using Aadhaar is excessive, which violates privacy.
    1. National security clause must have judicial oversight
    1. The executive cannot order disclosure of information without judicial oversight.
    1. Court held Aadhaar fits within Article 110 because Section 7 of Aadhaar relates to the Consolidated Fund of India.
  • Impact of Judgment
    • Aadhaar restricted to government welfare delivery only.Private mandatory Aadhaar demands stopped.Massive changes in banking & telecom services.Stopped forcing Aadhaar KYC.
    • Data protection law recommended.

Newer Virtual Judgement Writing Competition | Gujarat Law Society
Back to list
Older Internship Opportunity at Sandros Law Offices: Apply Now!

Leave a Reply

Your email address will not be published. Required fields are marked *