The Aadhaar and Other Laws (Amendment) Bill, 2018 was introduced in Lok Sabha on 02-01-2019, and was passed by the lower house on 04-01-2019, to allow voluntary Aadhaar authentication by third-party entities. Now, it is awaiting approval from the Upper House. It amends the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885, and the Prevention of Money Laundering Act, 2002. Now, after this amendment individuals unwilling to share Aadhaar data for authentication cannot be denied services, such as opening a bank account or obtaining a mobile phone SIM card. An individual can submit other government documents like Passport, Voter ID, PAN Card or driving licence for authentication and the procedure will now be voluntary.
The bill was mainly passed to provide legal support to the government’s decision to allow voluntary linkage of Aadhaar with mobile phone numbers and bank accounts. The amendment bill also states that individuals will not be required to submit any biometric or demographic information to data servers of the Unique Identity Authority of India (UIDAI).
The amendment bill states: Offline verification means the process of verifying the identity of the Aadhaar number holder without authentication through such offline modes as may be specified by regulation. During offline verification, the agency must
- obtain the consent of the individual,
- inform them of alternatives to sharing information, and
- not collect, use or store Aadhaar number or biometric information.
The Bill specifies that at the time of enrolling a child to obtain an Aadhaar number, the enrolling agency shall seek the consent of his parent or guardian. The agency must inform the parent or guardian of
(i) the manner in which the information will be used,
(ii) the recipients with whom it will be shared, and
(iii) their right to access the information. After attaining 18 years of age, the child may apply for cancellation of his Aadhaar.
An entity may be allowed to perform authentication through Aadhaar, if the UIDAI is satisfied that it is
(i) compliant with certain standards of privacy and security, or
(ii) permitted by law, or
(iii) seeking authentication for a purpose specified by the central government in the interest of the State.
The bill was proposed by the Union Cabinet, following the Supreme Court’s verdict on 26-09-2018, where the constitutional validity of Aadhaar with certain restrictions was upheld, and the mandatory linking of Aadhaar was ruled out, barring private entities from using the 12-digit number for customer authentication.
Under the Act, restrictions on security and confidentiality of Aadhaar related information do not apply in case the disclosure is pursuant to an order of a District Court (or above). The Bill amends this to allow such disclosure only for orders by High Courts (or above). Further, under the Act, an officer not below the rank of a Joint Secretary may issue directions for disclosing information in the interest of national security. The Bill amends this to allow such disclosure on directions of officers not below the rank of a Secretary.
The amendment bill also proposes to penalise third-party firms for violating Aadhaar authentication rules. A civil penalty of up to Rs 1 crore can be imposed on entities that violate provisions related to authenticating customers using Aadhaar without consent. If non-compliance continues after the initial penalty, a fine of Rs 10 lakh can be charged per day from a company. The bill clearly states that involuntary collection, usage and storage of Aadhaar number or biometric information of any individual are other violations that can attract a penalty.