Voluntary use of Aadhaar for SIMs, bank accounts: Govt tables bill
It also provides for stiff penalties for violation of norms set for the use of Aadhaar.
The Aadhaar and Other Laws (Amendment) Bill 2018, moved by Law and IT Minister Ravi Shankar Prasad in the Lok Sabha, bans storing of core biometric information as well as Aadhaar number by service providers in cases of individuals who have voluntarily offered the national ID as a means of authentication.
It also makes it clear that anyone not offering Aadhaar cannot be denied any service, be it a bank account or a SIM card.
The bill seeks to amend the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002.
The legislation proposes telecom service providers, apart from using Aadhaar for authentication, can also leverage offline verification, use of passport, or any other officially valid document or modes of identification as notified by the central Government.
The amendments, according to the objects and reasons for the Bill, will “provide for 12-digit Aadhaar number and its alternate numbers to be generated” in a manner so as to conceal the actual Aadhaar number.
It would also “permit the entities performing authentication only when they are compliant with the standards of privacy and security,” it said. The Bill also seeks to lay down the procedure for offline verification of an Aadhaar number holder, and confers enhanced regulator-like power on Unique Identification Authority of India (UIDAI) to give directions as it may consider necessary to any entity in the Aadhaar ecosystem.
It says that every requesting entity to whom an authentication request is made, will inform the Aadhaar number holder of alternate and viable means of identification and shall not deny any service to them for refusing to, or being unable to undergo authentication.
Mandatory authentication of an Aadhaar holder for the provision of any service will take place if such authentication is required by a law made by Parliament.
The bill proposes a civil penalty of up to Rs 1 crore on entities that violate the provisions of the Aadhaar Act, with an additional fine of up to Rs 10 lakh per day in case of continuous non-compliance.
Unauthorised use of identity information by a requesting entity or offline verification seeking entity would be punishable with imprisonment of up to three years with a fine that may extend to Rs 10,000 or in case of a company with a fine of up to Rs 1 lakh.
Punishment for unauthorised access to the Central Identities Data Repository as well as data tampering is proposed to be extended to 10 years each from the current three years. The bill also seeks to omit Section 57 of the Aadhaar Act relating to the use of Aadhaar by private entities.
There will be a provision to file an appeal before the TDSAT (Telecom Disputes Settlement and Appellate Tribunal), and against the orders of TDSAT an appeal can be made in the Supreme Court.
The Supreme Court, in a landmark verdict in September last year, had upheld the constitutional validity of ‘Aadhaar’ but limited the scope of the controversial biometric identity project, ruling it is not mandatory for bank accounts, mobile connections or school admissions.
Holding there was nothing in the Aadhaar Act that violates right to privacy of an individual, the SC had cleared the use of Aadhaar (world’s largest biometric ID programme) for welfare schemes. The court had held that Aadhaar will remain mandatory for filing of Income Tax (IT) returns and allotment of Permanent Account Number (PAN) but struck down Section 57 of the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 that permitted private entities like telecom companies or other corporate to avail of the biometric Aadhaar data.
Following this, the Cabinet last month approved amendments to Aadhaar Act, the Indian Telegraph Act and the Prevention of Money Laundering Act.
The bill says that “every Aadhaar number holder to establish his identity, may voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification or in such other form as may be notified…”
It also says offline verification can be performed only with the consent of Aadhaar number holder.