The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
Devising a robust legal framework for Aadhaar
Vidhi assisted the Unique Identification Authority of India (UIDAI) in drafting the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act) and incorporating a robust privacy framework for the protection of the information collected.
The Aadhaar Act provides a statutory framework for assigning Aadhaar numbers and the manner in which they can be used. The primary aim of this law is to secure targeted delivery of benefits, subsidies and services funded from the Consolidated Fund of India to rightful beneficiaries, for receiving which Aadhaar may be required. While ensuring that, the Act also incorporates strong privacy and security measures, drawing from internationally accepted principles including purpose, collection and use limitation. These measures encompass the following aspects:
- Information is to be collected by the UIDAI only for generation of Aadhaar numbers and authentication purposes.
- Limited biometric and demographic information is to be collected. Information relating to race, religion, caste, tribe, ethnicity, etc. cannot be collected.
- Individual’s consent has to be obtained by any entity before collecting his information and submitting it to the UIDAI for authentication.
- Core biometric information (fingerprints and iris scan) cannot be shared with anyone for any reason whatsoever. There are no exceptions to this rule.
- UIDAI is required to adopt security measures for protection of information, and ensure that any agencies or advisors engaged by it also comply with strict security norms.
The Act provides a national security exception for disclosure of demographic information and non-core biometric information, with detailed procedural safeguards. There is provision for stringent penalties for unauthorised disclosure, access, tampering, etc.