AADHAAR Act: Introduction

Hello law knowledge seekers. In this article you will find some introductory information about AADHAAR Act.


Image Credit: www.businesstoday.in

The Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act):

Main purpose of the Act:

The Aadhaar Act enables the Government to collect identity information from citizens including their biometrics, issue a unique identification (UID) number or an Aadhaar Number on the basis of such biometric information, and thereafter provide targeted delivery of subsidies, benefits and services to them. 

Aadhaar Based Authentication Service:

The Aadhaar Act also provides for Aadhaar based authentication services wherein a requesting entity (government / public and private entities / agencies) can request the Unique Identification Authority of India (UIDAI) to verify / validate the correctness of the identity information submitted by individuals to be able to extend services to them. The requesting entity is required to obtain the consent of the individual before obtaining his / her identity information for the purpose of authentication and must use his / her identity information only for the purpose of authentication.

The Aadhaar Act establishes an authority, namely, the UIDAI, which is responsible for the administration of the said Act. It also establishes a Central Identities Data Repository (CIDR) which is a database holding Aadhaar Numbers and corresponding demographic and biometric information. Under the Aadhaar Act, collection, storage and use of personal data is a precondition for the receipt of a subsidy, benefit or service. Though the Aadhaar Act does not per se make application for an Aadhaar Number mandatory (it is specifically provided as an entitlement under Section 3) except for availing of certain benefits, subsidies and services funded from the Consolidated Fund of India, in practice, taking of Aadhaar Number is becoming mandatory for availing most services through a range of cognate laws.

Data Protection Principles:

The Aadhaar Act and its regulations recognise various data protection principles, to ensure the security of information and privacy of Aadhaar Number holders.

1) There is an obligation on the UIDAI to ensure security and confidentiality of the identity information and authentication records of individuals which includes taking all necessary steps to protect such information against unlawful access, use or disclosure, and accidental or intentional destruction, loss or damage.

2) The Aadhaar Act prohibits the sharing of core biometric information, and the use of it for a purpose other than the generation of Aadhaar Numbers and authentication.

3) The sharing of information other than core biometric information is permissible under certain conditions.

4) The Aadhaar Act also permits an individual to make a request to the UIDAI to provide his / her access to his / her identity information (excluding his / her core biometric information) and his / her authentication records.

5) Individual can also seek rectification of his / her demographic data if it changes or is incorrect, and his / her biometric information if it is lost or changes.

6) Finally, the UIDAI will have no knowledge of the purpose of any authentication.

Aadhaar (Data Security) Regulations:

Data protection norms for personal information collected under the Aadhaar Act are also found in the Aadhaar (Data Security) Regulations, 2016 (Aadhaar Security Regulations). The Aadhaar Security Regulations impose an obligation on the UIDAI to have a security policy which sets out the technical and organisational measures which will be adopted by it to keep information secure.

Criticism:

Despite its attempt to incorporate various data protection principles, Aadhaar has come under considerable public criticism. Such as

1) though seemingly voluntary, possession of Aadhaar has become mandatory in practice, and has been viewed by many as coercive collection of personal data by the State. Concerns have also been raised vis-a-vis the provision on Aadhaar based authentication which permits collection information about an individual every time an authentication request is made to the UIDAI.

2) despite an obligation to adopt adequate security safeguards, no database is 100% secure.

In light of this, the interplay between any proposed data protection framework and the existing Aadhaar framework will have to be analysed.

Thanks for reading. Please share this blog and follow this. You can comment your subject of interest below.