Rediff.com« Back to articlePrint this article

Aadhaar: Private entities can't store individuals' data anymore

January 03, 2019 17:47 IST

The amendment says that UIDAI can now give directions as it may consider necessary to any entity in the Aadhaar ecosystem

Illustration: Uttam Ghosh/Rediff.com

The government on Wednesday introduced amendments to the Aadhaar Act in the Lok Sabha, allowing individuals to voluntarily offer the biometric identification card as a means of verification for obtaining services like opening a bank account and getting a mobile phone connection.

 

The amendment, however, makes it clear that anyone not offering Aadhaar as an identification card cannot be denied any service.

Mandatory usage of Aadhaar as a form of identity for any service given by the state will be allowed only if such authentication is required by a law made by Parliament.

The amendment also proposes to confer enhanced regulator-like powers on Unique Identification Authority of India (UIDAI).

The amendment says that UIDAI can now give directions as it may consider necessary to any entity in the Aadhaar ecosystem.

The Aadhaar ecosystem will now contain enrolling agencies, entities which request data from UIDAI for verification, or any other entity as specified from time to time.

This move to give UIDAI such authority may create confusion as it gives wide ranging powers to yet another agency.

It is akin to electronic profiling as the entities which are under now UIDAI have not been defined properly, Salman Waris, the head of TMT and IP practice groups at TechLegis.

Though authorities have been allowed to perform authentication only when they are compliant with the standards of privacy and security, it could create more confusion as the government has failed to specify these standards either in the bill or the draft personal data protection bill, Waris said.

The government has also introduced stiff penalties such as Rs 1 crore on entities that violate the provisions of the Aadhaar Act, with an additional fine of up to Rs 10 lakh per day in case of continuous non-compliance.

It may not, however, deter agencies which have already stored private citizens’ data with them, experts said.

“Use of Aadhaar by private entities in any form should have been totally disallowed post the Supreme Court order. Such entities can indirectly force you to give consent for use of Aadhaar by them,” Waris said.

The amendment also proposes to extend punishment for unauthorised access to the Central Identities Data Repository as well as data tampering to 10 years each from the current three years.

The Supreme Court, had in a landmark verdict in September last year, upheld the constitutional validity of Aadhaar.

The apex court, had however, limited the scope of the controversial biometric identity project, ruling it is not mandatory for bank accounts, mobile connections or school admissions.

The court had then held that Aadhaar would remain mandatory for filing of Income Tax (IT) returns and allotment of Permanent Account Number (PAN).

It had, however, Section 57 of the Aadhaar Act 2016 that permitted private entities like telecom companies or other corporate to avail of the biometric Aadhaar data.

The latest amendment proposed by the government has also chosen to abolish the act, as well as proposed that storing of core biometric information as well as Aadhaar number by service providers in cases of individuals who have voluntarily offered the national ID as a means of authentication be banned.

Additional inputs from PTI

Aashish Aryan
Source: source image