On March 11, 2016, the Parliament passed the Aadhaar Act 2016, which provides for the smooth distribution of benefits and the management of various social programmes while also giving the Aadhaar project legal support. It aims to target the delivery of subsidies and services to Indian people by assigning them special identification numbers known as Aadhaar numbers. It attempts to reduce the unfair advantages enjoyed by intermediaries in the process and streamline government-funded benefits and services by catering to the targeted distribution of incentives directly to the recipients.
Features of the Aadhaar Card Act
Enrollment
- Every resident is entitled to obtain an Aadhaar number.
- The enrolling agency must inform the applicant of how the information will be used, the types of parties with whom it may be shared during authentication, their rights to access the information, and its procedures before the applicant can enrol.
- Aadhaar can be used as identification documentation. It cannot, however, be used as identification or proof of residency.
Authentication
- The Central or State Government may stipulate that obtaining an Aadhaar authentication is necessary in order to be eligible for a subsidy, benefit, or service.
- It gives asking entities instructions on how to get a person’s permission and advises them of the potential uses of the information they submitted for authentication.
- The agency or requesting party may only use the supplied information in accordance with the individual’s consent.
Establishment & composition of authority
- The Act calls for the establishment of a body known as the Unique Identification Authority of India for enrollment and authentication. (UIAD).
- A chief executive officer, two part-time members, and a chairperson (either full- or part-time) make up the Authority.
- The Authority’s primary responsibilities include creating policies, procedures, and systems for issuing Aadhaar numbers and carrying out authentication of such numbers. A minimum of 10 years of experience in areas like technology, governance, etc. is required of the chairperson and members.
Protection of Information
- The authority must protect the privacy of biometric data and only use it to generate and authenticate Aadhaar.
- Without the concerned Aadhaar holder’s permission, the identity information of the individual undergoing authentication may not be utilised for any other reason than that stated at the time of authentication.
- Except for the purposes prescribed by rules, no Aadhaar number or basic biometric information may be published, exhibited, or uploaded publicly.
- The Authority is not permitted to gather, keep, or manage any data used for authentication.
Circumstances under which information may be revealed
- Only disclosures pursuant to a court order or a disclosure made in the interest of national security on the instruction of an officer not below the rank of a Joint Secretary to the Government of India may be made of identity information or authentication records. A committee made up of the Cabinet Secretary, the Secretaries to the Government of India in the Departments of Legal Affairs and Electronics and Information Technology, shall also evaluate any directive issued on matters of national security. Core biometric information, however, must never be disclosed.
- An individual’s Aadhaar number, picture, and demographic data may be made public by court order.
Eligibility for Aadhaar card
Every Indian “resident” who has lived in the country for at least 182 days in the 12 months before filing for an aadhaar is entitled to receive one. NRIs or foreign nationals who meet these criteria can therefore apply for an Aadhaar Card as well. While enrolling, the person will have to supply basic biometric information, including a photo, fingerprint, and iris scan, to finish the application.
Information based on an Aadhaar number does not show proof of citizenship or address. Nonetheless, the Aadhaar ID number acts as identification documentation.
Offences and Penalties
Penalties apply for violating the Act’s rules. Identity information disclosure, illegal access to the Central Identities Data Repository (CIDR), unlawful use of identity information by the requesting entity, and non-compliance with the intimation requirements are all punishable offences.
If a requesting entity violates the guidelines, it may be penalised with up to a year in jail, a fine of up to Rs. 10,000, or both.
No offence may be brought before a court without a complaint being filed by the UID authority or someone it has authorized.
Some threats hanging over Aadhaar
- There are significant worries about phone Aadhaar cards being produced by dishonest means in order to take advantage of government welfare programmes intended for the truly indigent members of this society.
- The country’s national security is gravely threatened by the issuing of Aadhaar cards through illegal means. It has been noted that illegal immigrants have acquired Aadhaar identities in numerous locations, taking advantage of numerous government programs, and defrauding those with legitimate needs who are left out of social programmes.
- Issue of Identity Theft- It’s frightening to think about identity theft occurring through the theft of iris and finger print biometric data. Biometric information cannot be recreated, only lost or forgotten passwords. Since each person’s biometric data is unique, the UIDAI has undoubtedly developed the highest level of cyber security and several data protection barriers to preserve and safeguard the data.
- Over 1 billion Indians’ biometric and demographic information is stored in the vaults of the Central Identities Data Repository.
- However, without two-factor authentication, the Aadhaar number cannot be implemented or used for any advantages or services.
Cases When Information May Be Revealed
There are two cases in which information about an Individual may be revealed-
In the Interest of National Security
In the interest of national security, a Joint Secretary in the central government may order the release of I an Aadhaar number, (ii) biometric information (including an iris scan, a fingerprint, and other biological characteristics specified by regulations), (iii) demographic information, and (iv) a photograph. Such a decision, which is effective for six months, will be examined by an oversight committee made up of the cabinet secretary, the secretaries of legal affairs, and electronics and information technology..
On the Court’s order: authentication records can be disclosed on the court’s order.
Aadhaar Preliminary Clause
Clause 2(g) defined “Biometric information” as a photograph, a fingerprint, or an iris scan. “Demographic information” such as name, date of birth, and address are mentioned in Clause 2(k). Definition of “resident” eligible is mentioned under Clause 2(v).
Enrolment Clause Of Aadhaar
The central government will be able to verify a person’s identity thanks to the Enrollment Clause. In the future, the central government might issue a notification requesting enrollment from additional groups of people.
Article 6 indicates that further biometric and demographic information may be requested from holders by the Unique Identification Authority of India (UIDAI). Only the biometric data is utilised for authentication. According to the agreement, this data will be kept in a database and never be disclosed to any outside parties.
Aadhaar Authentication Clause
According to the Authentications Clause of the Aadhaar Act of 2016, an organisation may utilise an Aadhaar number to confirm a person’s identity at the time of authentication. The Aadhaar enrolment centre or Aadhaar online services (electronic form) can be used to complete this process.
Clause 7 states that the recipient of a subsidy may be required to have an Aadhaar number. Clause 8 enables UIDAI to verify Aadhaar for other private and public institutions. According to Clause 8(4), UIDAI is permitted to share identification information but not biometric authentications. Clause 9 acknowledges that Aadhaar is not proof of citizenship or domicile.
Penalties For Offences
A requesting organization, enrolling agency, or a private entity that violates the rules could face a criminal penalty of imprisonment of up to 3 years and a fine of up to Rs.10,000 or Rs.1 lakh or even both.
For unapproved access or unauthorized access to the central database, including disclosing any data therein, a court may impose up to three years in prison and the least penalty of up to Rs.10 lakh for the offense.
Cognizance Of Offence
Without a complaint from the UID authority or its authorized representative, no court will take cognizance of offense in adhaar-related matters.
Unique Identification Authority Of India Aadhaar
This distinctive identification is given by the government-established UIDAI (Unique Identification Authority of India). The UIDAI’s job is to authenticate someone’s identity information and assign them a 12-digit unique identification (UID) number.
The CEO, who will be chosen by the Central Government to serve as Member Secretary of the Authority, is one of the three full-time members of UIDAI together with the chairman and two part-time members. UIDAI is in charge of gathering demographic and biometric data from locals, storing it in a central database, and assigning 12-digit random numbers, known as Aadhaar Numbers, to Indian citizens.
The centralised database and the data entered will be checked by the UIDAI’s Central Identities Data Repository. The success of the programme is a top priority for the government. A fantastic mission is ahead of UIDAI. The Central Identities Data Repository of UIDAI was established to safeguard citizens against fraud and other wrongdoings. It has emerged as the leader in giving Indians a means of identifying themselves.
Conclusion
In order to protect personal data from misuse and theft by hackers and to ensure that it is protected and secured with the technology of the highest standard of cybersecurity, a very sound legal framework is required due to the growth of digital commerce, e-payments, e-governance, government projects involving the creation of databases, and increased use of information technology by both government and corporations.
The Aadhaar Act 2016 is a positive start towards securing the PII and SPII (biometric information like fingerprints, iris scans, and addresses) of India’s billion-plus citizens and creating a strong legal framework to prevent its abuse, fabrication, or fraud.
References
https://www.datasecure.ind.in/blogs/aadhaar-act-2016-and-its-salient-features/
https://blog.theleapjournal.org/2016/07/privacy-concerns-in-aadhaar-act-2016.html#gsc.tab=0