As the Ministry of Electronics and Information Technology recently recommended revisions to existing rules to allow private firms to use Aadhaar authentication for specific purposes, experts explained whether this move is a boon or bane.
As of now, only government ministries and departments are permitted to carry out Aadhaar authentication. Apart from that only businesses such as banks and telecom firms were permitted to provide authentication.
According to the existing scenario, such non-government firms are only allowed to conduct the authentication only if the Unique Identification Authority of India (UIDAI) is satisfied that they meet the privacy and security standards outlined in the rules.
However, as per the new draft, the government wants to broaden the scope for enterprises to utilise Aadhaar authentication to verify the identity of their users, if they do so for certain purposes.
For these private entities, the government also stated that they may be allowed to perform authentication if the UIDAI is satisfied that the requesting entity is compliant with standards of privacy and security specified by regulations.
It is also said that entities must submit a proposal to the Centre detailing why it wishes to conduct Aadhaar authentication and whether it is in the “interest of the state”. However, the government has given time till May 5 for the submission of all the feedback on the draft.
Companies and users
This can simplify their identification procedures and offer a rapid and practical means of confirming a person’s identity while enhancing the trust with the customer.
Additionally, improving service access would also help private firms grow their consumer base.
Similarly, customers may find it simpler to acquire services from private entities because of the Aadhaar authentication since there will be no need for several identity documents for verification, speeding the process of receiving the benefits of respective services.
Supreme Court judgment
However, Section 57 of the Aadhaar Act, which enabled the use of Aadhaar data by corporates or individuals, to establish an individual’s identity, was declared “unconstitutional” by the Supreme Court in 2018. So, after the new proposal, the concern about going against the judgment appeared.
But government officials apparently stated that the new move doesn’t violate the SC ruling, also known as the Puttuswamy judgment, saying that these entities will not have access to the Aadhaar details of any individual.
News18 spoke to legal expert Rishi Anand, Partner at DSK Legal, who explained this ruling, saying that the existing law on privacy as set forth under the SC judgment is pedestalled on three pillars—existence of law, legitimate state interest, and test of proportionality.
“The Aadhaar authentication rules clarify that authentication shall be done by the requesting entities on a voluntary basis, any argument that the proposed amendments may be in violation of the Puttuswamy ruling may not completely stand,” he said.
Another expert, Abhinay Sharma, Managing Partner at ASL Partners, told News18 that the Centre has bypassed the judgment by consequently passing an amendment to Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, Aadhaar authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020, and the new draft.
According to him, “The government has tried to legitimise its actions under the garb of rules, which in law terms qualifies as Colorable Legislation.”
However, Sharma stated that although modalities of the draft rules are yet not clear, a simpliciter reading of the rules, would mean that the Aadhaar authentication by private entities would be limited for the purpose of promoting ease of living and enabling better access to services, usage of digital platforms to ensure good governance, preventing dissipation of social welfare benefits, or enabling innovation and spread of knowledge.
Data privacy
Sharma believes that the proposed rules are concerning when the country doesn’t have a data privacy law.
He said that with the lack of a data safety net and consequent erosion of privacy, not only will cases of identity theft and fraud be on the rise but the nation’s sovereignty will itself be at stake, with a surge in cases of terrorism and laundering, owing to easy access and manipulation of biometric data.
As per Sharma: “There are also concerns with respect to entities making authentication mandatory in practicality even as the rule is limited authentication on a voluntary basis.”
Anand said, “Data safety and privacy-related concerns are triggered in light of the permission being granted to undertake Aadhaar authentication for purposes as vague and encompassing as ‘promotion of ease of living of residents and enabling better access to services for them’ under the proposed amendments.”
He also believes that the lack of a structured data privacy law creates an opportunity for misuse by private entities.
However, he further noted that as of now, the authentication is facilitated by two mechanisms – the yes or no authentication, where UIDAI provides yes or no responses to the entity requesting Aadhaar authentication of its customers, and e-KYC authentication, where UIDAI provides demographic data along with photographs to the entity seeking Aadhaar authentication.
“Under both the mechanisms, the identity information of an Aadhaar number holder is verified from the data available at the CIDR (where UIDAI stores the data), and no personal data is actually transferred or disclosed to the requesting entity,” he added.
Read all the Latest Explainers here
Comments
0 comment