A significant legal ruling on privacy came out of India Thursday when the nation's top court ruled that citizens have a fundamental right to privacy under Article 21 of India's constitution. The decision could limit the government's plans to further develop what is now the world's largest biometric database, Aadhaar, and how technology companies integrate products and services related to the system. The ruling could also affect other controversial laws, like the criminalization of homosexuality.  

The rare nine-judge bench, which convened to resolve this specific question as a result of a separate case involving constitutional questions about the nature of privacy that have been raised by Aadhaar, unanimously issued the ruling after weeks of testimony from pro-government and pro-privacy lawyers. While reading out the verdict, Chief Justice J.S. Khebar said, "Right to privacy is an intrinsic part of right to life." In the 547-page ruling (scroll to the bottom), the judges wrote, "The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution." 

Privacy lawyer and Trilegal Partner Rahul Mattan said, "Now that the Supreme Court has ruled that the right to privacy is a fundamental right, the court can examine whether Aadhaar violates this fundamental right." 

Ravi Shankar Prasad, India's minister of law and justice and information technology, said of Thursday's ruling that "today's judgment of the Supreme Court is a welcome judgment as it strengthens fundamental rights and personal liberty."

The case was referred to the Supreme Court from a smaller panel hearing in which the Aadhaar program was being challenged for allegedly compromising citizens' privacy. So far, the biometric identity program has enlisted 1.13 billion Indian identities, making it the largest such system in the world. 

Thursday's ruling does not directly affect the legality of Aadhaar, but it does set a precedent for lower courts to consider when ruling on the privacy implications of Aadhaar in the future. 

Meaning "foundation" in Hindi, Aadhaar was originally introduced in 2009 as a way to get around chronic corruption to ensure needed welfare services made it out to the countryside's poorest citizens. One study found that approximately 84 percent of every rupee paid for welfare was lost to corruption.

The system applies a 12-digit number to each citizen after the collection of demographic and contact information, as well as biometric data, including fingerprints and iris scans. In addition to providing needed services to the nation's poor, the government has also seen Aadhaar as a way to save money. 

Perhaps a master case in mission creep, however, the Aadhaar program has taken on more significance under the Modi government. The government started storing identification records in 2014, and under Prime Minister Narendra Modi, India has been moving toward a cashless society, making Aadhaar compulsory for citizens to acquire several government services, including school meals, filing taxes and other financial transactions. The system also became mandatory for opening bank accounts, acquiring loans, purchasing and selling property, and making purchases greater than 50,000 rupees (about $780 USD). 

Government agencies and some private companies also have access to Aadhaar IDs, The Washington Post reports, causing concerns about the potential for hacking and data leaks of immensely sensitive information. There have been several claims this year alone that Aadhaar data had been compromised

The ruling could also affect how technology companies integrate their products and services with the biometric framework. According to Bloomberg, the ruling could impact Google, Facebook, and WhatsApp, as well as other services provided by Apple and Uber. Samsung, for example, offers embedded, Aadhaar-compliant iris scanners, while Microsoft offers integrated biometric authentication solutions for Skype. 

In a separate case involving WhatsApp, which currently has 160 million users in India, the Supreme Court is considering the privacy implications of the messaging service sharing data with its parent company, Facebook. 

Thursday's decision comes after weeks of in-depth testimony in which case law going back to the 1950s was debated. Indian Attorney General KK Venugopal, who argued against privacy being a fundamental right on behalf of the government, contended that "privacy was too vague a concept to be considered a fundamental right," according to the Guardian, and that citizens' right to food and shelter trumped their privacy rights. 

Apar Gupta, who advised on the case, described the verdict as "very, very positive" but tempered expectations as it is not yet clear how other cases will be decided. “The case is a victory, but it still needs to be applied — not only to Aadhaar, but to a lot of other cases,” he said. “This case was essentially on the existence of the right to privacy, but the true test of a constitutional doctrine is its application. Unless it’s applied effectively, we might get something purely academic.”

In a blog post, the World Privacy Forum said this "is a landmark decision for India," and that it "comes at a time when (Aadhaar) has been deeply criticized for its lack of fundamental privacy protections. Since 2010, the program has moved from voluntary to mandatory, and has profoundly expanded in uses." WPF also predicted the decision will "very likely set a changed course for Aadhaar." 

Top image: India's Supreme Court, courtesy of Wikipedia