The Aadhaar Bill of the NDA government has
been introduced as a money bill, which means that it is not possible for the
Congress or the opposition to block it in the Rajya Sabha. These are some key
elements of the bill, likely to become law after the budget session of
parliament passes it.
#1:
Aadhaar is now mandatory for availing oneself
of a subsidy or benefit from the state. The only exception is when the Aadhaar
number is not assigned to an individual. In that case, the individual shall be
offered an alternative. However, considering Aadhaar’s extensive coverage –
close to one billion Aadhaar numbers have been issued - the exceptions insignificant
and will soon be obsolete. It is open for private parties to use Aadhaar for
authentication if they want to.
#2:
“Informed consent” is a must for collecting
identity information. Every individual who submits his identity information for
authentication must be informed about (i) the nature of information that may be
shared upon authentication; the (ii) uses
to which the information received during authentication may be put and the (iii)
alternatives to submission of identity information to the requesting entity.
#3:
Aadhaar is not a proof of citizenship or domicile. It just proves your identity,
not your citizenship. So, the fear that people who do not have Aadhaar may be
ousted from India as illegal migrants is baseless. Nor, equally, is Aadhaar a
claim on citizenship.
#4:
Aadhaar information does not include information related to race, religion,
caste, tribe, ethnicity, language, records of entitlement, income or medical
history.
#5:
Even the Aadhaar number holder has no access to his core bio-metric information
such as iris scan or finger prints stored in the Central Identities Data
Repository though she can request access to her other identity information such
as Aadhaar number, demographic information and photograph.
#6:
This Bill does not allow for sharing of core bio-metric information, not even
for National Security. However, section 29(4)
creates a bit of ambiguity by providing for exceptions “as may be -specified by
regulations”.
#7:
Biometric Information will be considered to
be “sensitive personal data or information”. The Bill makes rules under the Information
Technology Act, 2000, applicable to this information in addition to the penal
provisions provided in the Bill.
#8:
Courts can seek disclosure of information,
including identity information or authentication records, but they must hear
the Unique Identification Authority first. Core bio-metric information is
excluded.
#9:
Similar information can be disclosed to or
accessed by the government in the interest of national security. Core bio-metric
information is excluded. The direction must be issued by an officer of the rank
of Joint Secretary or above authorised by an order of the central government. There is a provision for review of
such direction by an oversight Committee having a cabinet secretary and the secretaries in the Department of Legal Affairs and the Department of
Electronics and Information Technology.
#10:
Undoubtedly, this bill provides protection against
privacy and identity-related crimes and data frauds such as impersonation,
disclosure of identity information, unauthorised access to Central Identities
Data Repository, tampering with data and non-compliance with intimation
requirements.
(Prashant Narang is an Advocate with iJustice, a public interest initiative of the Centre for Civil Society)