Karnataka High Court
The State By Police Inspector vs Ministry Of Electronics And ... on 18 November, 2025
Author: Suraj Govindaraj
Bench: Suraj Govindaraj
-1-
NC: 2025:KHC:47442
WP No. 25182 of 2024
HC-KAR
IN THE HIGH COURT OF KARNATAKA AT BENGALURU
DATED THIS THE 18TH DAY OF NOVEMBER, 2025
BEFORE R
THE HON'BLE MR. JUSTICE SURAJ GOVINDARAJ
WRIT PETITION NO. 25182 OF 2024 (GM-RES)
BETWEEN:
THE STATE BY POLICE INSPECTOR,
BYATARAYANAPURA POLICE STATION,
BENGALURU,
REPRESENTED BY
STATE PUBLIC PROSECUTOR,
HIGH COURT BUILDING,
BENGALURU - 560 001.
...PETITIONER
(BY SRI. SIDARTH BABU RAO, AGA)
AND:
Digitally signed
by SHWETHA
RAGHAVENDRA
Location: HIGH 1. MINISTRY OF ELECTRONICS AND
COURT OF
KARNATAKA INFORMATION TECHNOLOGY
(MEITY),
GOVERNMENT OF INDIA,
NEW DELHI - 110 003,
BY ITS PRINCIPAL SECRETARY.
2. UNIQUE IDENTIFICATION AUTHORITY OF
INDIA (UIDAI),
NO.49,
-2-
NC: 2025:KHC:47442
WP No. 25182 of 2024
HC-KAR
3RD FLOOR,
SOUTH WING,
KHANIJA BHAVAN,
RACE COURSE ROAD,
BENGALURU - 560 001,
BY ITS CHIEF EXECUTIVE OFFICER.
...RESPONDENTS
(BY SRI. SHANTHI BHUSHAN H,
DSGI FOR R1 AND R2)
THIS WRIT PETITION IS FILED UNDER ARTICLES 226
AND 227 OF THE CONSTITUTION OF INDIA PRAYING TO
DIRECT THE 2ND RESPONDENT TO DISCLOSE THE
INFORMATION WITH REGARD TO THE VICTIM DECEASED AS
PROVIDED UNDER SECTION 33 OF THE AADHAR ACT AND
AMENDMENT THERETO AS PER SECTION 33(1) OF THE
AADHAR ACT 2016 AS AMENDED BY THE AADHAR AND OTHER
LAWS (AMENDMENT) ACT 2019 (NO 14/2019) DTD.
07.02.2024 VIDE ANNEXURE-D, IN THE INTEREST OF JUSTICE.
THIS PETITION, COMING ON FOR PRELIMINARY
HEARING, THIS DAY, ORDER WAS MADE THEREIN AS UNDER:
-3-
NC: 2025:KHC:47442
WP No. 25182 of 2024
HC-KAR
CORAM: HON'BLE MR. JUSTICE SURAJ GOVINDARAJ
ORAL ORDER
1. The petitioner is before this Court seeking for the following reliefs:
"DIRECT the 2nd Respondent to disclose the information with regard to the victim deceased as provided under Section 33 of the Aadhar Act and amendment thereto as per Section 33(1) of the Aadhar Act 2016 as [amended by the Aadhar and other laws (Amendment) Act 2019 (No.14/2019), dtd:07/02/2024 vide Annexure-D, in the interest of justice."
2. The petitioner is the Byatarayanapura Police Station represented by the Police Inspector, who is undertaking an investigation in Crime No.267/2023, registered for offences under Sections 302 and 201 of the Indian Penal Code, wherein a dead body of woman lying in a canal, aged about 25 to 30 years, was found without any identification. The investigation could not proceed further on account of the identity of the deceased not being capable of verification. In that view of the matter, the Station House Officer/Investigating Officer had made out -4- NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR an application to the Unique Identification Authority of India (UIDAI) for matching the fingerprint of the deceased with the database of respondent No.2 to ascertain the identity of the deceased.
3. The said request was declined by letter dated 07.02.2024 on the ground that unless there is an order passed by a court not inferior to a Judge of the High Court, no details under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, could be made available. It is in that background that the petitioner/Investigating Officer is before this court seeking for the aforesaid reliefs.
4. Notice having been ordered, Shri.Shanti Bhushan H, learned DSGI has entered appearance for respondent Nos.1 and 2. Today he has filed an affidavit of the Deputy Director at the UIDAI, Regional Office, Bangalore, which reads as under:
"I, Priya Sreekumar D/o Late Mr. K.B.Nair, aged 54 years, working as Deputy Director at Unique Identification Authority of India (UIDAI), Regional -5- NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR Office (RO), Bengaluru, having office at 3rd Floor, South Wing, Khanija Bhavan, Racecourse Road, Bengaluru -560001 do hereby state on solemn affirmation as under:
1. It is submitted that I am aware about the facts and circumstances of the instant case on the basis of the records maintained by the Answering Respondent in its usual course of business. It is further submitted that I am authorized by the Answering Respondent and being aware of the facts and circumstances of the present case and I am competent to swear this Affidavit in official capacity. The Answering Respondent crave leave of this Hon'ble Court to file a detailed Affidavit at a later stage in the present matter or as and when directed by this Hon'ble Court.
2. At the outset, I deny all and singular averments, allegations and submissions made in the petition, save and except the ones which are in conformity with the facts stated therein. I submit that non-denial of any averment specifically may not amount to admissions on my part.
3. It is submitted that the Unique Identification Authority of India ("UIDAI"), is a statutory body established under the provisions of the aforesaid Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (as amended) by the Government of India under the Ministry of Electronics and Information Technology vide it's notification dated 12th July, 2016. I say that the said Act was then amended through the Aadhaar and Other Laws (Amendment) Act, 2019 vide a Govt. of India, Notification No. 14 of 2019 dated 24.07.2019 ("Aadhaar Act").
4. It is submitted that the objective of the Aadhaar Act is to empower residents of India with a unique identity and digital platform only for the purpose of "identity proof". The 12-digit identification number is issued to a resident after he or she undergoes the process of Aadhaar enrolment -6- NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR inter-alia by submitting his/her demographic and biometric information.
5. The Aadhaar Act was enacted to provide for good governance, efficient, transparent, and targeted delivery of subsides, benefits and services, the expenditure for which is incurred from the consolidated fund of India, to individual residing in India through assigning unique identity numbers to such individuals and for matter connected therewith or incidental thereto.
6. It is submitted that since the information collected from the individuals at the time of enrolment/update is sensitive in nature, Chapter VI of the Aadhaar Act, mandates the Authority to ensure protection and maintain security and confidentiality of the identity information and authentication records of individuals..
7. It is further submitted that, the Aadhaar Act read along with the Aadhaar (Sharing of Information) Regulations 2016 (No.5 of 2016), provides several safeguards in the form of security and confidentiality of information, restrictions on sharing information, disclosure of certain information and offences and penalties for breach of the Aadhaar Act or Regulations. Under Chapter VI of the Aadhaar Act, the Authority is under an obligation to ensure the confidentiality and security of identity information and authentication records of individuals, in this regard, attention is invited to the following Sections:
Section 28- Security and confidentiality of information:- (1) The Authority shall ensure the security of identity information and authentication records of individuals.
(2) Subject to the provisions of this Act, the Authority shall ensure confidentiality of identity information and authentication records of Individuals.-7-
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR (3) The Authority shall take all necessary measures to ensure that the information in the possession or control of the Authority, including information stored in the Central Identities Data Repository ("CIDR"), is secured and protected against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.
(4) Without prejudice to sub-sections (1) and (2), the Authority shall-
(a) adopt and implement appropriate technical and organisational security measures;
(b) ensure that the agencies, consultants, advisors or other persons appointed or engaged for performing any function of the Authority under this Act, have in place appropriate technical and organisational security measures for the information; and
(c) ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors and other persons to act only on instructions from the Authority.
(b) disclosed further, except with the prior consent of the individual to whom such information relates, (4) No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations."
8. It is submitted that the only provision which enables the Authority to disclose the identity information or authentication records of the resident is Section 33 of the Aadhaar Act (read with Regulation 3 of the Aadhaar (Sharing of -8- NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR Information) Regulations, 2016), which states that the identity information or authentication records of an Aadhaar Number Holder (defined below) can be disclosed by the Authority only after an order to that effect is passed by the Judge of a High Court. The said Section 33 (1) also provides that such Order of disclosure can only be passed, after an opportunity of hearing is provided to the Authority and the concerned Aadhaar Number Holder. As per second proviso to Section 33 (1) of the Act, the core biometric information. shall not be disclosed under the said sub-section. Section 33 of the Act reads as follows:
"Section 33- Disclosure of information in certain cases:-
(1) Nothing contained in sub-section (2) or sub-
section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a [Judge of a High Court]: Provided that no order by the court under this sub-section shall be made without giving an (5) Notwithstanding anything contained in any other law for the time being in force, and save as otherwise provided in this Act, the Authority or any of its officers or other employees or any agency that maintains the CIDR shall not, whether during his service or thereafter, reveal any information stored in the CIDR or authentication record to anyone: Provided that an Aadhaar number holder may request the Authority to provide access to his identity information excluding his core biometric information in such manner as may be specified by regulations.
"Section 29- Restriction on sharing information:-
(1) No core biometric information, collected or created under this Act, shall be--9-
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR
(a) shared with anyone for any reason whatsoever; or
(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.
(2) The identity information, other than core biometric information, collected or created under this Act may be shared only in accordance with the provisions of this Act and in such manner as may be specified by regulations.
(3) No identity information available with a requesting entity shall be-
(a) used for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication; or opportunity of hearing to the Authority 3 (and the concerned Aadhaar number holder]. [Provided further that the core biometric information shall not be disclosed under this sub- section.) (2) Nothing contained in sub-section (2) or sub- section (5) of section 28 and clause (b) of sub- section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of [Secretary] to the Government of India specially authorised in this behalf by an order of the Central Government:
Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect: Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of
- 10 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR three months after the review by the Oversight Committee.
9. As per Aadhaar (Sharing of Information) Regulations, 2016, Chapter II Restrictions on Sharing of Identity information states as under:
Regulation 3- Sharing of information by the Authority:- (4) The Authority may share demographic information and photograph, and the authentication records of an Aadhaar number holder when required to do so in accordance with Section 33 of the Act.
10. It is most respectfully submitted that it is pertinent to note that "core biometric information"
has been defined in Section 2(j) of the Aadhaar Act. 2016 to mean finger print, iris scan or such other biological attribute of an individual as may be specified by Regulations Therefore, there is a clear prohibition against sharing or using core biometrics for any reason whatsoever under Section 33(2) of the Aadhaar Act.
11. It is further submitted that Aadhaar Number is generated by submitting the demographic and biometric information and the same is issued digitally signed by UIDAI which can be verified on the secure QR CODE. The Secure QR CODE contains Name, Gender, Date of Birth, Mobile number (masked), Email id (masked), Address and Photograph. Aadhaar QR Code is available on Aadhaar Letter, e-Aadhaar and m-Aadhaar can be read through mobile Apps.
12. As stated above, Aadhaar and its platform offers a unique opportunity for the government to streamline its delivery mechanism under welfare schemes, thereby ensuring transparency and efficiency. The use of Aadhaar as an identity document enables beneficiaries to get their entitlements directly in a convenient and seamless/hassle free manner by obviating the need to produce multiple documents to prove one's identity. Aadhaar Number is not used to track other activities of the resident.
- 11 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR
13. Further, it is most respectfully submitted that, UIDAI does not collect biometric information, i.e. iris scan and fingerprints, based on technologies, standards or procedures suitable for forensic purposes. The Aadhaar technology only permits biometric authentications which are done on a 1:1 basis for which it is necessary to have the Aadhaar number of an individual (1:1 means where one's biometric is matched against its own biometrics for verification or authentication), further there are technology constraints to match the static fingerprint collected through imprint of fingerprint on the paper or other material with the Aadhaar database.
14. It is most respectfully submitted that the core biometric information i.e iris and fingerprints are stored in the Aadhaar data base with UIDAI. The said biometric Information is used through an authentication mechanism for authenticating the identity of Aadhaar Number Holder. The biometric information is stored in binary mode in the data base of the authority. A biometric authentication can be done only by an Aadhaar Number Holder by providing his Aadhaar Number and along with his live biometric information for verification on the authentication system as provided under the Aadhaar Regulations. The authentication takes place once the Aadhaar data base recognizes the identity of the Aadhaar Number Holder with that of his biometric information stored in a binary mode in the Aadhaar data base.
15. In the light of the legal provisions of the Aadhaar Act, 2016 mentioned in para 7 & 8 and the technology constraints mentioned in para 13 and 14, it is most respectfully submitted that it is legally and technically challenging for UIDAI to compare the sample fingerprints of the deceased with the finger print data of UIDAI and provide the information to the Petitioner. It is most respectfully submitted that the Orders passed, actions taken, etc. by the Respondent do not
- 12 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR violate the fundamental right of individual nor statutory orders.
16. Wherefore, respondent No.2 most respectfully prays that this Hon'ble Court be pleased to reject the writ petition as against the respondent No.2, in the interest of justice."
5. Placing his reliance on the said affidavit, he submits that for usage of the biometric identification system under the UIDAI, firstly there is required to be a live biometric information. That is to say that the person has to be alive when the fingerprint is used for the purpose of identification. The fingerprint of a dead person cannot be used for the purpose of identification of a person on the UIDAI database. This is on account of security inasmuch as only a finger cannot be used for the purpose of identification, the person has to be alive at the time when the identification is to be done.
6. Secondly, he submits that there is no search which could be made as regards the fingerprint on the entire database inasmuch as it is only identification which is made on a one is to one basis i.e., the Aadhaar number with the fingerprint or biometric information. Only Aadhaar
- 13 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR number or the biometric information cannot be used for the purpose of searching the database. His submission is that a fingerprint cannot be used to search on the database to identify the corresponding Aadhaar number.
An Aadhaar number cannot be used for the purpose of identifying the corresponding fingerprint. If only both of them are available that the identification could be done.
7. He however submits that the information as regards the usage of the Aadhaar card if made available, could be given because there is no identification which is required to be made. His submission therefore is that this system has been implemented to protect the privacy of the Aadhaar card holders in terms of decision of the Hon'ble Apex Court in JUSTICE K.S.PUTTASWAMY (RETD) AND ANOTHER vs. UNION OF INDIA1 and as such, in the present case, both on account of security and privacy as also on account of a search not being available in the UIDAI system for matching a fingerprint with a Aadhaar number, without Aadhaar number being available, the 1 (2017) 10 SCC 1
- 14 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR respondents are unable to process the request of the petitioner and would not be able to identify the deceased on the basis of the fingerprint.
8. Heard Shri.Sidarth Babu Rao learned Additional Government Advocate, appearing for the petitioner and Shri.Shanthi Bhushan H, learned Deputy Solicitor General of India, appearing for the respondents.
9. Section 29 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 reads as under:
"29. Restriction on sharing information.--
(1) No core biometric information, collected or created under this Act, shall be--
(a) shared with anyone for any reason whatsoever; or
(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.
(2) The identity information, other than core biometric information, collected or created under this Act may be shared only in accordance with the provisions of this Act and in such manner as may be specified by regulations.
- 15 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR (3) No identity information available with a requesting entity or offline verification-seeking entity shall be--
(a) used for any purpose, other than the purposes informed in writing to the individual at the time of submitting any information for authentication or offline verification; or
(b) disclosed for any purpose, other than purposes informed in writing to the individual at the time of submitting any information for authentication or offline verification:
Provided that the purposes under clauses (a) and
(b) shall be in clear and precise language understandable to the individual.
(4) No Aadhaar number [demographic information or photograph] collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations."
A perusal of Section 29 indicates that there is a restriction on sharing the core biometric information collected or created under the Act. However, the same is subject to Section 33 which reads as under:
"33. Disclosure of information in certain cases.--(1) Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity
- 16 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR information or authentication records, made pursuant to an order of a court not inferior to that of a [Judge of a High Court]:
Provided that no order by the court under this sub-section shall be made without giving an opportunity of hearing to the Authority [and the concerned Aadhaar number holder].
[Provided further that the core biometric information shall not be disclosed under this sub- section.] (2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of [Secretary] to the Government of India specially authorised in this behalf by an order of the Central Government:
Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:
Provided further that any direction issued under this sub-section shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee."
- 17 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR
10. In terms of Section 33, either the information including identity information or authentication records could be made available on an order passed by a court not inferior to that of a High Court Judge. Thus, the information which is available with in the UIDAI database would be shared by the UIDAI subject to orders being passed by a court not inferior to that of a High Court Judge.
11. In the present matter, it is not that respondent No.2 does not want to share the information which has been sought for by the petitioner inasmuch as the fingerprint cannot be matched with the Aadhaar number to disclose the identity of the deceased. If that be so, there would be no purpose in issuing a mandamus as sought for by the petitioner.
12. There being technical constraints in such matching of the fingerprint with the Aadhaar number, as also there being a requirement to maintain privacy of individuals and also on account of security that a live fingerprint is required for the purpose of authentication, I am of the opinion that
- 18 -
NC: 2025:KHC:47442 WP No. 25182 of 2024 HC-KAR the dead person's fingerprint cannot be directed to be identified through a search on the UIDAI database. As such, directing the petitioner to ascertain and identify the deceased in any other manner which may be possible and in the event of any Aadhaar card being made available directing respondents to furnish details of the usage thereof, the petition stands dismissed.
SD/-
(SURAJ GOVINDARAJ) JUDGE CBC List No.: 1 Sl No.: 1