- Both Rajya Sabha and Lok Sabha have passed the Aadhaar and Other Laws (Amendment) Bill, 2019.
- After the act came into force, the government issued notifications requiring individuals to link their phone numbers and bank accounts with their Aadhar numbers.
- It also required individuals to link their Aadhar number to their PAN cards and quote their number while filing their Income tax returns.
Supreme Court’s assessment of Aadhar
- In August 2017, the Supreme Court held that the right to privacy is a fundamental right under Article 21 of the constitution. Following this judgement, the SC examined several claims against the Aadhar act’s validity.
- While the court ruled that the Aadhar act does not violate a person’s right to privacy, it struck down some provisions.
- The court barred service providers, such as mobile companies and financial service providers from using Aadhar number for the purpose of identification, unless there was a law permitting it. It also disallowed the mandatory use of Aadhar for this purpose.
- In this background, the Aadhar and other laws amendment bill 2019 was introduced in the Parliament, replacing an ordinance which was issued in March 2019.
- The Aadhaar and Other Laws (Amendment) Bill, 2019 passed in the Parliament allows voluntary use of Aadhaar as proof of identity for users to open bank accounts and get mobile phone connection.
- The Bill amends the Aadhaar act, the Telegraph Act and the Prevention of Money Laundering Act.
- The Aadhaar Act provides targeted delivery of subsidies and benefits to individuals residing in India by assigning them unique identity numbers, called Aadhaar numbers.
Provisions of the Aadhaar Amendment Bill:
- Voluntary use: The changes provide for voluntary use of Aadhaar number. Subsequent to this amendment, no individual shall be compelled to provide proof of possession of Aadhaar number or undergo authentication for the purpose of establishing his/her identity unless it is so provided by a law made by Parliament.
- Offline identification: It allows for a system of offline identification, I.e. without biometric verification.
- Private entities: It proposes deletion of section 57 of the Aadhaar Act relating to use of the biometric identifier by private entities. The amendment will also prevent denial of services for refusing to, or being unable to, undergo authentication.
- Children: Children would be enrolled in Aadhar only with the consent of the parents/guardians and it gives an option to children to cancel their Aadhaar on attaining 18 years.
- UIDAI Fund: It provides for establishment of Unique Identification Authority of India Fund, and confers enhanced regulator-like power on the UIDAI to give directions as it may consider necessary to any entity in the Aadhaar ecosystem.
- The changes proposed include a civil penalty of up to Rs 1 crore on entities that violate the provisions of the Aadhaar Act, with an additional fine of up to Rs 10 lakh per day in case of continuous non-compliance.
- Unauthorised use of identity information by a requesting entity or offline verification seeking entity would be punishable with imprisonment of up to three years with a fine that may extend to Rs 10,000 or in case of a company with a fine of up to Rs 1 lakh.
- Punishment for unauthorised access to the Central Identities Data Repository as well as data tampering is proposed to be extended to 10 years each from the current three years.
Concerns about the Bill
- The sheer amount of private and confidential data amassed in one singular database has given rise to concerns over data security and its privacy.
- The opposition claims that Aadhaar is vulnerable in the absence of the right to data portability, right to object and right to erase.
- Over the last one year, there have been multiple instances of Aadhaar data leaking online through government websites or its mobile app. The most recent case was when an RTI query pushed UIDAI to reveal that about 210 government websites made the Aadhaar details of people with Aadhaar, public on the internet.
- Centre for Internet and Society (CIS) also pointed out that about 130 million Aadhar numbers along with other sensitive data were available on the internet.
- Allaying the Opposition’s fears on data leakages, the government claims that the Aadhaar system has enough safeguards to ensure privacy.
- Aadhaar data can only be shared if there is a threat to national security or a court order.
- Encryption: For banks, it needs 256-bit encryption and for Aadhaar data it is 2048-bit encryption, which is safe and secure and would be difficult to breach Prasad said.
- Cancellation of licences: In its attempts to protect privacy, the government has cancelled licences of around 50,000 Aadhaar centre operators for violations.
- Data protection law to come soon: Moreover, the data protection law is a work in progress and the government is considering the Justice Srikrishna Committee report along with consultations with stakeholders in this regard.