The Aadhaar Bill of the NDA government has been introduced as a money bill, which means that it is not possible for the Congress or the opposition to block it in the Rajya Sabha. These are some key elements of the bill, likely to become law after the budget session of parliament passes it.

#1: Aadhaar is now mandatory for availing oneself of a subsidy or benefit from the state. The only exception is when the Aadhaar number is not assigned to an individual. In that case, the individual shall be offered an alternative. However, considering Aadhaar’s extensive coverage – close to one billion Aadhaar numbers have been issued - the exceptions insignificant and will soon be obsolete. It is open for private parties to use Aadhaar for authentication if they want to.

#2: “Informed consent” is a must for collecting identity information. Every individual who submits his identity information for authentication must be informed about (i) the nature of information that may be shared upon authentication; the (ii) uses to which the information received during authentication may be put and the (iii) alternatives to submission of identity information to the requesting entity.

#3: Aadhaar is not a proof of citizenship or domicile. It just proves your identity, not your citizenship. So, the fear that people who do not have Aadhaar may be ousted from India as illegal migrants is baseless. Nor, equally, is Aadhaar a claim on citizenship.

#4: Aadhaar information does not include information related to race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.

#5: Even the Aadhaar number holder has no access to his core bio-metric information such as iris scan or finger prints stored in the Central Identities Data Repository though she can request access to her other identity information such as Aadhaar number, demographic information and photograph.

#6: This Bill does not allow for sharing of core bio-metric information, not even for National Security. However, section 29(4) creates a bit of ambiguity by providing for exceptions “as may be -specified by regulations”.

#7: Biometric Information will be considered to be “sensitive personal data or information”. The Bill makes rules under the Information Technology Act, 2000, applicable to this information in addition to the penal provisions provided in the Bill.

#8: Courts can seek disclosure of information, including identity information or authentication records, but they must hear the Unique Identification Authority first. Core bio-metric information is excluded.

#9: Similar information can be disclosed to or accessed by the government in the interest of national security. Core bio-metric information is excluded. The direction must be issued by an officer of the rank of Joint Secretary or above authorised by an order of the central government. There is a provision for review of such direction by an oversight Committee having a cabinet secretary and the secretaries in the Department of Legal Affairs and the Department of Electronics and Information Technology.

#10: Undoubtedly, this bill provides protection against privacy and identity-related crimes and data frauds such as impersonation, disclosure of identity information, unauthorised access to Central Identities Data Repository, tampering with data and non-compliance with intimation requirements.

(Prashant Narang is an Advocate with iJustice, a public interest initiative of the Centre for Civil Society)