UID/Aadhaar
Is your Aadhaar information being used without your consent?
As Aadhaar is increasingly used coercively to seek your identity information from Unique Identification Authority of India (UIDAI), the provisions of the Aadhaar Act that require you to provide consent are being pushed aside. Here is a quick guide to your consent rights and how to protect them.
 
Why does consent matter?
 
In a civilised society, each individual is entitled to dignity. Dignity of an individual is one of the basic rights of a human being and is guaranteed by the Constitution. When you interact with a person, be it a family member, friend or an outsider, both parties are expected to honour the dignity of the other. A person's willingness to interact is considered as consent. Consent, therefore, is essential to preserve dignity in civilised societies. Consent is also important to preserve the security of individuals.
 
Is Aadhaar Authentication legal without your consent?
 
When your Aadhaar number is used to authenticate you, the organisation requesting your Aadhaar information from the UIDAI is expected to obtain your consent. According to Chapter III 8 (2) (a) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016, consent has to be restricted for purposes of authentication.  
 
According to the Act (section 8(2)) and Authentication Regulations (section 5), before authenticating, the service provider is expected to provide you the nature of the information that will be available to the requesting organisation  upon authentication from the UIDAI, the ways in which the information shall be used by the requesting organisation and alternatives to submission of identity information, should you not wish to use an Aadhaar number. 
 
Once you understand the nature of the information and manner in which it shall be used, according to the Authentication Regulations (section 6), the service provider is supposed to hand you a consent form, which you shall fill. The authentication regulations mandate that the service provider use a template provided by UIDAI to take your consent. The consent may be recorded either in paper form or electronic form. In either case, the requesting organisation is required to offer alternate methods of identification, should you not wish to use Aadhaar. The service provider is supposed to keep a log of consent information. And, according to Aadhaar Act (section 32(2)), you have a right to access that information, if you wish to, in case you are willing to undergo Aadhaar authentication.
 
The Aadhaar Authentication Regulations (section 16 (5)) gives you the right to revoke your consent to the organisation that has obtained your identity information from the UIDAI. When you revoke your consent, the requesting organisation would be required to delete your identity information that it obtained from the UIDAI. For example, if you decide to stop using your once favourite mobile connection for whatever reason, you can revoke the consent you granted them and inform them accordingly. Once they receive your request for revoking consent, they shall delete all your information received during e-KYC (know-your-customer) process, which you followed to get the connection in the first place. This ensures that your identity information is not misused. 
 
Interestingly, UIDAI, which provides the e-KYC service to authenticate you, does not provide any means to revoke your consent. UIDAI does not mention the turnaround time for completing the revocation request, too. The UIDAI-supplied consent form template does not mention any method to revoke your authentication. There is, therefore, no best practice available to requesting organisations to allow you to revoke your consent. This amounts to denial of your legal rights. 
 
On a related note, neither the UIDAI nor Government of India has defined standards to irrevocably delete your data from a service provider’s systems. Ask a cyber forensic expert, and he will show you how the deleted data can be recovered from disks. Even our Information Technology (IT) Act and subsequent rules are silent on this matter.
 
So it is illegal use of your Aadhaar number if your Aadhaar number has been used to obtain your identity information from UIDAI without your consent.
 
Can your identity information be used for any purpose?
 
There are three actors in the process of your authentication -- you, the service provider and UIDAI. Only two of the actors (you and service provider) know the purpose. You have a right to know how the data will be used by the service provider. The purpose of authentication has to be recorded by the service provider, but it is not sent to UIDAI (Aadhaar Act, section 32(3)). Since you do not digitally sign the purpose, it may be difficult to prove in a court of law whether your identity information obtained from UIDAI has been misused.
 
Organisations requesting your identity information from the UIDAI cannot include a phrase like “the usage will be subject to privacy policy and terms and conditions”, as the purpose of using the identification information must be explicit and unchanging under the Aadhaar Act.
 
Although, the Act says that the information can be used only for the purpose for which it is granted, there is no way for the UIDAI to enforce such requirements. The Act does not provide for an alternate redressal mechanism in case an organisation requesting your identity information misuses it. This leaves the users at the mercy of the service provider, without any remedies. Under section 47 of the Aadhaar Act, you are not allowed to approach courts except under authorisation of the UIDAI. It, therefore, leaves those with grievances without any remedies.
 
What UIDAI should do?
 
UIDAI should advertise in the media about the rights of citizens to provide and revoke consent for obtaining and retaining identity information using the Aadhaar number. In addition, UIDAI should learn from the experiences of other regulators to protect the Aadhaar holder from phishing and other frauds that illegally obtain and misuse identity information. 
 
UIDAI should acknowledge the design flaws in the Aadhaar framework, its application-programming interface (API) and various systems and processes built around it. The UIDAI cannot live in denial any longer. The rights of those with Aadhaar numbers depends on the actions of UIDAI to protect them. If users’ identity information is used without consent, it is UIDAI’s problem too. Such unauthorised use amounts to a leak of data from the UIDAI.
 
Various authentication agencies are audited as required under the Regulations. UIDAI should make the audit findings, particularly on consent, public. Such actions will enhance the trust of ordinary citizens in the processes of UIDAI.
 
Section 139AA of the Income Tax Act violates the Aadhaar Act and Regulations requirement to obtain consent, to specify purpose of use of identity information as well providing an alternative to authentication using Aadhaar. The UIDAI should move the courts to prohibit such illegal use of the Aadhaar number. 
 
How can you protect your right to informed consent?
 
You can deny any requesting organisation the use of your Aadhaar number to obtain the identity information stored with the UIDAI if they do not provide you with a form asking for your consent, or do not state the specific purposes to which the information will be used and do not provide you a mechanism to revoke your consent anytime. You can demand an alternate way to submit identity information if you do not wish to use the Aadhaar number. 
 
Now that you are aware of your rights, it is time to demand your rights. Always ask for clarifications, in written mode. When you leave a service, revoke your consent to the service provider and demand that it acknowledge the deletion of all records from its systems. If you have an Aadhaar, call 1947 now and ask them questions. If you are on social media, tweet to @uidai and @ceo_uidai with the hashtag #AadhaarFailures #NoConsent.
 
(Derick Thomas is a communication engineer with expertise in network architecture, privacy and secure communication technologies. He can be reached on https://twitter.com/derick_thomas)
 

User

COMMENTS

Dinesh

6 months ago

UIDAI does not authenticate about 90% of the private organizations, which were collected the aadhar card. I was still wondering how this could be possible. As most of the third parties are gathering the public data under the aadhar card status enquiry Portal, even they were not authorized as a common service center(CSC). As per the term consent, at the end who else cares.

Mahesh S Bhatt

6 months ago

We are following US model of surveillance of common man & USA is failed Economic/Social ( 58% divorcee+ 74% out of wedlock kids) + war mongering economy using abusing power.We copy paste US model without good privacy laws/

our PM went to USA & got H1 B visa reduced even Infosys & Cognizant are hiring USA citizens &

Legal FM who protected Godhra is busy guiding a illiterate /failed economic PM to become Policeman who left his Wife and now he is busy attacking middle class/


After winning 325 seats in UP Yogi from of Lok Sabha who is hungry to rule but wears saffron all confused inexperienced
Only IIT Engineer MBA Parikkar demoted as CM from Defence because an Engineer will understand less technology than a Lawyer who defends.

Beautifully Illiterate Education Minister without degree was posted & now is doing textile.
Land Ordinance failed/Demonetization truths untold/all parties are corrupt &

Bully Jokular Party is Swatch Bharat Abhiyan cleaning Holy Ganges with sauchalayas.
Mahesh Bhatt

Mr Jitendra

6 months ago

5 crore EPFO Provident Fund members are being connected to their UAN and all 5 crore people have to submit their Aadhaar to their employer. Then either mostly the Employer must have all their employee's Aadhaar authenticated with UIDAI. Unless Aadhaar is authenticated with UIDAI, merely submitting Aadhaar number to EPFO is of no use. 5 crore PF members to authenticate their Aadhaar? System may fail! Any other mode of authenticating the Aadhaar is not available on the new UAN Member portal that was recently launched to replace the old UAN portal.
Complete mess by EPFO and the Labour Ministry. Now 5 crore PF members remain stuck. They are somehow trying to sabotage the PF money of the PF members.

vswami

6 months ago

Use of Aadhaar information, with certain, inherent potential and regressive consequence of misuse (that is, use strictly for any specific purpose other than for which it is consented to and parted with) has lately been a matter of the most concern to one and all. What, however, by and large, appears to have been glossed over, hence not seriously agitated against, is a similar concern in no less measure which, it is believed, does exist in respect of all other personal information parted with, simply for the asking of it. One has in mind several of them, address proof (say, copy of sale deed, or the like), mobile number, bank account number (s), so on; asked for say, opening of a new bank account , or online remittance of legal dues, e.g. payment of annuity by LIC.
Over to experts for an eminent opinion on such aspects as well.

SC to hear May 17 pleas against making Aadhaar mandatory

The Supreme Court will hear on May 17 a petition against notifications making Aadhaar mandatory for availing benefits under government schemes, including mid-day meal and for disability pension.

Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

COMMENTS

Dinesh

6 months ago

Wow!

This is really great, hope everyone will get benefit under this scheme.

SC tags petition challenging 18 notifications on Aadhaar to earlier pending petition
The Supreme Court on Tuesday tagged to earlier pending petitions, a petition challenging 18 notifications issued by several departments, which have made Aadhaar mandatory for availing any benefits and entitlements. The Bench of Justice AK Sikri and AK Bhushan also recorded in the order that there is urgency in the case since several of these notifications would become effective by 30 June 2017. 
 
The Bench also indicated that as the matter was already pending for constitution of a Bench to determine the validity of the Aadhaar scheme and Aadhaar Act, the petitioner may mention this matter again to the Chief Justice. 
 
The notifications challenged in the apex court include making Aadhaar mandatory for hot cooked meals, several scholarships for disabled students and students in scheduled cast (SC), scheduled tribe (ST) and other backward community (OBC) categories, schemes for women rescued from trafficking, bonded labourers, and relief for Bhopal gas leak victims. 
 
The notifications making possession of an Aadhaar number, or proof of enrolment in Aadhaar database, mandatory would have resulted in denial of benefits to persons who are otherwise legally entitled to the benefits, the petitioners contended.
 
The petitioners, Shanta Sinha, former chairperson of the National Commission for Protection for Child Rights, and an activist campaigning against child labour and human rights activist Kalyani Menon Sen prayed that imposing enrolling in Aadhaar as a pre-condition for availing social benefits violates the fundamental rights of citizens. Senior advocate Shyam Divan appeared for the petitioners.
 
As per the notifications of the Ministry of Chemicals and Fertilizers, Bhopal gas victims will not be able to seek relief - including compensation for death, permanent disability, cancer, renal failure, permanent or temporary disability - unless they submit an Aadhaar or an enrolment proof. In another notification by the Ministry of Labour and Employment without an Aadhaar number or Aadhaar enrolment slip, workers rescued from bonded labour, will not get any cash or non-cash assistance unless they show an Aadhaar number by 30 June 2017.
 
The petitioners have pointed out that since 30th June is the deadline for enrolment, it is important that the case be heard at the earliest.
 
The petitioners have stated that making Aadhaar mandatory in mid-day meal scheme, scholarship schemes availed by children below the age of 18, and disabled persons implies that the, "State is securing bio-metric and demographic data even before the age of consent in so far as children are concerned…..it is irrational and per se unconstitutional for the government to insist on Aadhaar as mandatory pre-condition for availing hot cooked meals under the mid-day meal scheme."
 
In addition, "making Aadhaar mandatory for the Ujjwala Scheme which provides for rehabilitation of victims of trafficking or commercial sexual exploitation and for Bhopal Gas Tragedy victims to claim compensation goes against the very objects of the said schemes," the petitioners say. 
 
The petitioners had made a slew of prayers, including a plea to strike down the Act as unconstitutional.

User

COMMENTS

Dinesh

6 months ago

Ujjwala Scheme:It is an ambitious social welfare scheme which aims to provide free LPG connections to BPL households in the country. The scheme is aimed at replacing the unclean cooking fuels mostly used in the rural India with the clean and more efficient LPG (Liquefied Petroleum Gas).
And, making aadhar card is mandatory for this scheme.

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)