Misusing Aadhaar Data Is Now A Punishable Offense; User Consent A MUST For Sharing Aadhaar Details
Government of India is slowly but gradually comprehending the dangers of identity thefts and misusing of data when it comes to Aadhaar cards. In one of the strongest worded warnings ever issues, Govt. has stopped public agencies from any unauthorized usage of Aadhaar card data, and have declared that consent of the user is must before using the data for any purpose.
Violation of this rule can attract heavy penalty as well as prison term.
Earlier, Govt. had stopped merchants from unauthorized collection of Aadhaar data, and had issued warning for the same.
As per the new notification under Aadhaar Act 2016 (Targeted Delivery of Financial, and Other Subsidies, Benefits and Services), data related to Aadhaar ‘shall not be shared with anyone for any reason whatsoever’.
UIDAI has acknowledged the fact that keeping Aadhaar details safe is their responsibility, and every possible step would be taken to do so.
Unique Identification Authority of India (UIDAI) CEO Ajay Bhushan Pandey said, “The data he (resident) has given, that data is now also secure and protected… it casts responsibility on UIDAI and other agencies that use his Aadhaar number for various purposes to protect his identity and data and maintain confidentiality,”
User Consent Is Must For Collecting/Sharing Aadhaar Details
UIDAI, the organization which issues and maintains Aadhaar data has laid special emphasis on the user’s consent before using the data. And once the consent has been issued, the external agency which collects the data can only use the data for the specific purpose for which consent has been provided.
The notification clearly stated, “Any individual, agency or entity which collects Aadhaar number or any document containing it, shall obtain consent of the holder for collection, storage and use of his Aadhaar number for specified purposes.”
Besides, the agency which collects Aadhaar data will need to inform the user whether this collection is mandatory or voluntary.
The notification further said, “Such individual, agency or entity shall not use the Aadhaar number for any purpose other than those specified to the holder at the time of obtaining his consent..”
Besides, once the data is collected, with consent, the agency cannot publicly share the data with any other entity or organization.
In case the Aadhaar Act is violated by unauthorized usage of Aadhaar data, then Govt. cas impose a fine of Rs 1 lakh and/or prison term of three years. In case the violator has tampered with Central Identities Data Repository (CIDR), the database containing all Aadhaar data, then penalty upto 10 years is mentioned.
Using Aadhaar card data for identity theft is also punishable by law now.
This strict warning was long overdue, especially in the wake of increasing Aadhaar related fraud and identity thefts.
At a time when all railways tickets will have compulsory Aadhaar authentication and when people are going to use Aadhaar based digital lockers, then such diktat on public usage of data is indeed commendable.
Aadhaar Encryption Servers Should Be In India
The notification also mentions a crucial decision, which can make far-reaching consequences for IT companies and ecommerce merchants, besides smartphone makers: The server to validate Aadhaar card details needs to be present in India.
This decision was taken to protect the data from being misused, as every authentication needs to be routed via CIDR, which is the main database of Aadhaar cards.
Last week, we had reported that Govt. can force Apple, Google and other digital companies to mandatorily integrate Aadhaar authentication in their software and hardware. Smartphones with instant authentication of Aadhaar details have been a major Govt. plan since long.
Besides, Aadhaar Act has now a legal backing as well, and Govt. can actually enforce its usage.
The requirement to deploy the authentication servers inside India can pose a big problem for digital firms and smartphone majors; and being a mandatory requirement, it has to be implemented as well.
The ball is in the court of digital companies now, and it would be interesting to observe their reaction now.