The Aadhaar Amendment Bill was passed by the Rajyasabha today and brought in many important changes that would off set the restrictions that the Supreme Court had placed on the use of Aadhaar.
The main objection of the Supreme Court was that Aadhaar should not be used by the private sector since it could compromise the privacy of the individual. Even during the time the Supreme Court considered the objections raised by the opposition that sought to attack the Aadhaar scheme as a proxy attack on Mr Modi, UIDAI had introduced the “Virtual Aadhaar ID” as well as offline authentication. If these had been considered by the Supreme Court, at the time of its earlier decision, it would not have been necessary for the Court to send shock waves through the industry by banning the use of Aadhaar by private sector.
Now in the amendment, the Virtual Aadhaar ID has been also recognized as the “Aadhar Number” making it usable instead of the original aadhaar number. Since the virtual Aadhaar ID can be changed from time to time, the user can use different Virtual IDs for different transactions and protect the real ID.
The system of “Offline verification” has been defined as a process of “Verifying” the identity of the Aadhaar holder without authentication. The system which UIDAI has implemented requires the Aadhaar holder to download the Offline e-KYC document and submit the same to an agency which needs to conduct a KYC. The document downloaded is an XML document with the digital signature of the UIDAI which should be used by the verifier. Where demographic information is shared the user will be obligated not to use it for any purpose other than for which it was provided.
Further the Aadhaar holder can voluntarily use Aadhaar number to provide his authentication to the user agency based on an “Informed Consent”. This enablement will meet most of the requirements of the user industries though the Privacy Activists may still raise issues of whether an “Informed” consent was obtained or not. Once the PDPA comes into effect, the agency using the Aadhaar number for authentication will have a larger responsibility as a “Significant Fiduciary”.
The Act will by a regulation mandate user agencies that would use only a Virtual Aadhaar ID and not the main Aadhaar ID. It is expected that most of the private sector players may be placed under this mandatory use of Virtual Aadhaar ID which should satisfy the Supreme Court on the Privacy protection. This notification may come as rules that will follow.
The Aadhaar authenticating agency is also expected to indicate alternate measures other than the use of Aadhaar for the purpose of authentication and does not make it a mandatory condition for delivery of any service.
The Act also makes some changes in the penalty clauses to deter any misuse. Disputes would be settled through Adjudication followed by the appeal with TDSAT.
Additionally the amendment to the Telegraph Act indicates that the Telecom operators may use the Aadhaar as a means of authentication for their services. This will be part of the telecom licensing provision as if it is a special category of license. It is expected that the TRAI will specify further safeguards as may be necessary when licenses are issued with the use of Aadhaar as an identity parameter. It appears that the current license holders may have toseek for a special endorsement for the use of Aadhaar agreeing to whatever additional conditions that TRAI may place.
In summary, it can be stated that one of the dark phases of Aadhaar usage has perhaps passed off. Hopefully the Fintech industry which had been severely hit by the Supreme Court judgement can feel more comfortable now.
(P.S: This is the immediate impression on the Bill as passed and may need a review when more details are available)
Naavi