Aadhaar-issuing authority UIDAI is proposed to assume a regulatory role with enhanced power to take enforcement actions on misuse of the national biometric ID and impose stiff penalties for violations such as failure to obtain consent for authentication and in case of data breaches, a top source said.
In the backdrop of the landmark Supreme Court verdict that imposed restrictions on use of Aadhaar by private companies, the Cabinet Monday evening approved amending the Aadhaar Act to enhance powers of Unique Identification Authority of India (UIDAI), and ensure stringent safeguards against any violation of norms. The amendments proposed are in compliance of the recent order of the apex court, the source pointed out.
Also, the Telegraph Act and Prevention of Money Laundering Act (PMLA) rules will be amended to provide for voluntary use of Aadhaar for obtaining SIMs and opening bank accounts.
The amendments will go to Parliament for approval.
The proposed amendments in Aadhaar Act are also in sync with the Srikrishna panel recommendations that had asserted that UIDAI should not only be autonomous in its decision-making, but also be vested with powers akin to traditional regulators for enforcement actions.
The suggested amendments, which will be placed before Parliament, will give UIDAI more powers to crackdown on violation, the source said adding that the Section 57 of Aadhaar Act -- that previously allowed sharing of data with private entities and was subsequently struck down by the apex court -- is proposed to be removed altogether as part of the proposed changes.
"Against the UIDAI orders, there will be provision to file appeal before TDSAT (Telecom Disputes Settlement and Appellate Tribunal), and against the orders of TDSAT an appeal can be made in the SC," the source said citing the planned changes.
The amendments talk about enhanced powers to UIDAI to issue directions, and also impose penalty if the directions are not followed.
Entities that can request for authentication will primarily belong to two categories, those mandated by law made by Parliament, and those entities "working in the interest of the State", for which the rules will be framed by the Centre in consultation with the UIDAI. Such authentication will be on a voluntary basis.
Other proposed amendments include specific provision for allowing use of Virtual IDs, QR (Quick response) code, and offline verification modes, as well as giving option for opt out of Aadhaar database after a person attains the age of 18 years.
The Aadhaar Act amendments suggested by the Srikrishna panel included penalty for failure to obtain consent for authentication or offline verification (up to three year imprisonment or fine of upto Rs 10,000); penalty for unauthorised use of core biometric information (imprisonment between 3-10 years and fine of up to Rs 10,000) amongst others.