× Close
Identity Project

Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush)

Critics say the Aadhaar Bill does not address concerns over privacy, even as government is rushing the Bill without adequate parliamentary scrutiny.

Since it was launched by the United Progressive Alliance government in 2009, the Unique Identification project called Aadhaar has functioned without a legal framework. The project, which aims to assign a biometric-based number to every Indian resident, has been run under an executive order, which means Parliament has no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns.

For long, critics have expressed concerns over collecting and centralising citizens' biometric data ‒ such as fingerprints and retina scans ‒ on a mass scale in the absence of a privacy law. The Supreme Court in several orders in 2014 and 2015 affirmed that the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number. The Supreme Court is now set to form a constitution bench to examine the contours of the right to privacy flowing from the government's arguments in the Aadhaar case.

Before the bench begins its work, however, the Modi government has introduced a new Bill on Aadhaar, which could override the court's orders.

The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill was introduced on March 3 in Lok Sabha. Finance minister Arun Jaitley said the new Bill addresses concerns over privacy and the security and confidentiality of information.

But a close examination of the Bill shows several questions remain.

1. Does the Bill make it mandatory for you to get an Aadhaar number?
Yes, you may have to compulsorily enrol under Aadhaar, despite the privacy concerns explained in the sections below.

Four-time member of the Lok Sabha, Bhartruhari Mahtab of the Biju Janata Dal, was on the parliamentary committee on finance that examined the previous Aadhaar Bill introduced in 2010. He said the new Aadhaar Bill does not specify that it will not be made mandatory.

“There is duplicity over this issue,” said Mahtab. “Nandan Nilekani [the former chairperson of the Unique Identification Authority of India] repeatedly told us in the parliamentary committee that Aadhaar is not mandatory. The Supreme Court also said, 'You cannot make it mandatory.'”

But if a service agent asks for Aadhaar mandatorily, then as a beneficiary, citizens have no option but to get an Aadhaar number, Mahtab explained. “The government, or a private company, cannot force me to get an Aadhaar number," he said. "The government should bring a law that clearly says Aadhaar is not mandatory.”

A committee of experts on privacy, chaired by Justice AP Shah, had recommended in 2012 that the Bill should specify that individuals have the choice to opt-in or out-of providing their Aadhaar number, and a service should not be denied to individuals who do not provide their number. The Unique Identification Authority of India had then stated to the committee that the enrolment in Aadhaar is voluntary.

But the new Aadhaar Bill does not incorporate a categorical clause on opt-in and opt-out. Instead, it broadens the scope of Aadhaar. Jaitley said the Bill will allow the government to ask a citizen to produce an Aadhaar number to avail of any government subsidy. But section 7 of the Bill is phrased more broadly, and refers to not just subsidies but any “subsidy, benefit or service” for which expense is incurred on the Consolidated Fund of India, or the government treasury.

7. The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment: Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.

As noted above, the proviso in section 7 is premised on the phrase: “if an Aadhaar number is not assigned”. This, along with language preceding in the section, indicates that a citizen may be compulsorily required to apply for enrolment.

Section 8 permits a “requesting entity” to utilise identity information for authentication with the Central Identities Data Repository. A “requesting entity” is defined under Section 2(u), and will include private entities.

2. Does the Bill allow Aadhaar authorities to share your personal data?
Yes, in the "interest of national security", a term that remains undefined.

Both legal experts and members of Parliament have flagged the provisions in the Bill on the circumstances in which users' data, including core biometrics information, can be shared.

The debate centres over the interception provisions in section 33.

In a piece in The Indian Express, Nandan Nilekani, the former chairperson of the issuing authority, stated that the Aadhaar Bill provides that no core biometric information can be shared, a principle without exception. “...Clause 29(1) is not overridden by Clause 33(2),” he noted.

However, a closer reading of the Bill shows this is not the case. Clause 33(2), in fact, does provide an exception to clause 29(1)(b):

33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government

where, Section 29(1)(b) states:

29. (1) No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Pranesh Prakash, a lawyer and policy director of the Centre for Internet and Society said: “This implies that the core biometric information, collected or created under the Aadhaar Act, may be used for purposes other than the generation of Aadhaar numbers and authentication 'in the interest of national security.'"

Legal experts point out that the phrase “national security” is undefined in the present bill, as well as the General Clauses Act, and thus the circumstances in which an individual's information may be disclosed remains open to interpretation.

Section 33(1) permits the disclosure of an individual's demographic information (but not biometrics) following an order by a district judge. It says that no such order shall be made without giving an opportunity of hearing to the UIDAI , but not to the person whose data is being disclosed.

3. Does the Bill protect you from interception and surveillance?
No, the Bill does not provide for transparency concerning covert surveillance.

Section 33(2), which permits disclosure of demographic and biometric pursuant to directions of the joint secretary in interest of national security, says such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals.

This can lead to a user being under continuous surveillance, and without any notification to the user even after the surveillance ceases, violating one of necessary and proportionate principles on communications surveillance related to user notification and right to effective remedy. In some countries, this principle has been incorporated in law. For example, in Canada, the law limits the time of wiretapping surveillance, and imposes an obligation to notify the person under surveillance within 90 days of the end of the surveillance, extendable to a maximum of three years at a time.

“The interception provisions are severely problematic," said Apar Gupta, a technology lawyer. "They are not open to independent scrutiny and even derogate from the already deficient practices which relate to phone tapping (Rule 419-A of the Telegraph Rules) and interception of data (Interception Rules, 2011).”

Legal scholar Usha Ramanathan pointed out that the Bill lacks provisions on giving notice to a person in case of breach of information, in case of third party use of data, or change in purpose of use of data – which were among provisions recommended by the Justice Shah Committee on Privacy in 2012.

4. Does the Bill allow you to seek redress in case of breach of information?
Yes, but the provisions are weak.

Government officials overseeing the project said that the 2016 Bill is an improvement over the 2010 Bill as it safeguards the information of those enrolled as per sections of the Information Technology Act, 2000.

But technology law experts say the adjudicatory system for disclosure of sensitive personal data under the IT Act has structural flaws and is not functional.

“Initial complaints against the disclosure of sensitive personal data go to an adjudicating officer who is usually the IT Secretary of the state government and may not be trained in law,” said Gupta, the technology lawyer. “There is no court infrastructure and no permanent seat for such cases. The appellate body, the Cyber Appellate Tribunal, has not been made operational in the last three years. Hence, the civil remedies offered [in the Aadhaar Bill] are at best illusionary and unenforceable.”

5. Does the Bill give you the right to alter your information?
No, it leaves you to the mercy of the Unique Identification Authority of India.

Imagine a situation where a user simply wants to change their first or last name, or say, not use their caste name. Under Section 31 of the Bill, individuals can only request the UID authority, which may do so “if it is satisfied”. There is no penalty on the authority if it fails to respond. The Bill does not provide for a user to even be able to approach a court to ask for their information relating to Aadhaar to be corrected.

International norms for data protection give individuals the right to correct and alter information, if their demographic data changes. They provide for individuals to have a copy of their information, and to approach courts for an order to rectify, block, erase inaccurate information.

In an interview to Mint, Sunil Abraham, director of the Centre for Internet and Society, compared the rights of Aadhaar users to the rights we now take for granted as internet users. “Authentication factors [biometrics in the case of Aadhaar], commonly known as passwords, should always be revocable,” noted Abraham. “That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid.” In its current form, the Aadhaar Bill gives users no such rights.

6. Is the current Bill an improvement over the previous one?
Not really.

The Aadhaar Bill 2016 provides that the renewals of requests for disclosure of data will be reviewed by an oversight committee consisting of the cabinet secretary and the secretaries in the department of legal affairs and the department of electronics and information technology.

This is a watered down version of the provisions in the previous Unique Identification Authority of India 2010 Bill, said Chinmayi Arun, executive director, Centre for Communication Governance at the National Law University Delhi.

“The previous version or the 2010 Bill provided for a three-member review committee, consisting of the nominees of the prime minister, the leader of the opposition, and a third nominee of a union cabinet minister, with the restriction that these nominees could not be a member of parliament or a member of a political party,” Arun said. “This would be a more independent committee than the one proposed now, wherein there will be executive oversight for executive orders."

Regarding penalties, the previous 2010 Bill made copying, deleting, stealing, or altering information in the Central Identities Data Repository, punishable with a jail term of upto three years and a fine not less than Rs 1 crore.

Section 38 of the new Aadhaar Bill now makes the same offence punishable with a jail term of upto three years and reduces the upper limit of the fine to “not less than ten lakh rupees”.

7. Finally, does the Aadhaar Bill have enough parliamentary scrutiny?
The government has introduced the legislation on Aadhaar in the form of a Money Bill, which means the power of the Rajya Sabha to review and amend the Bill is curtailed ‒ if the Speaker Sumitra Mahajan certifies that this is a Money Bill.

The parliamentary committee on finance under Bharatiya Janata Party MP Yashwant Sinha had rejected the previous Bill in December 2011 citing legislative, security, and privacy concerns. Despite this, two successive Prime Ministers – Manmohan Singh and Narendra Modi – have pushed ahead with Aadhaar project.

A common refrain has been that the unique biometric identity will resolve the problem of the poor in India to prove identity and overcome "one of the biggest barriers preventing the poor from accessing benefits and subsidies." But last April, the UIDAI in response to an RTI application revealed that of 83.5 crore Aadhaar numbers issued till then, 99.97% were issued to people who already had at least two existing identification documents, only 0.21 million (0.03%) used the "introducer system" that provides an exception to those lacking identity proof.

More recently, there has been no public consultation by the government over the latest Bill.

What two governments have failed to do over the last 1,520 days since the parliament committee sent back the Bill to the drawing board, the Modi government is now trying to ram through over the budget session's 43 days.

We welcome your comments at letters@scroll.in.
Sponsored Content BULLETIN BY 

45% consumers purchase financial products online according to our survey. Here’s why

How one of the last bastions of offline transactions is rapidly moving online.

With flight bookings, shopping and buying movie tickets all moving online, it was only a matter of time before purchasing financial products followed suit. In fact, with greater safety, better user interfaces, simpler processes and of course, busier lives, many Indians are opting to buy financial products like insurance and bank deposits online and on-the-go rather than at a bank branch.

We conducted a survey among 150 consumers in 4 metro cities (Mumbai, New Delhi, Bangalore and Ahmedabad) and 2 tier-II cities (Indore and Bhopal) to understand the financial products Indians are buying online and their needs.

The market for financial products still has huge potential for growth with 29% respondents reporting that they owned no financial instruments. Insurance is without a doubt the most widely owned financial instrument for Indians. Nearly half the sample—45% of the respondents—reported investing in insurance. Apart from that, around 27% invested in bank deposits like Fixed and Recurring Deposits and only 13% opted for mutual funds, 13% bought stocks, and just 10% took home loans. While many people still consume financial products only at their bank branches, a large number have started seeking financial information and buying financial instruments online.

The shifting tide

We found that 45% of the survey respondents bought financial products online, indicating that a large chunk of Indians is trusting the internet to manage something as sensitive as their financial investments. It is clear that Indians value the distinct advantages of transacting online. Convenience is an integral part of the experience—60% of those who bought financial products online felt that convenience played an important role in choosing to purchase online. Multiple aspects of convenience resonate with buyers—over 40% felt that the availability of 24/7 services and the ease of comparing different products from drove them to buy online.

However, findings also reveal some concerns that even tech-savvy Indians have with the online medium.

Security is king

Understandably, security is a key factor for buyers of financial products. Even among the 45% who purchased financial products online, almost half felt that the lack of security prevented them from buying more financial products online. Tellingly, the most commonly bought financial product online is general insurance. It has to be bought (in the case of travel) or renewed (in the case of car insurance) regularly and quickly, which is easier done online. It also doesn’t require the submission of too many personal documents—another­ factor reported by many as a barrier to online purchase of financial products.

To overcome these security concerns, many companies are taking concrete steps to improve the online security of their portals. They are setting up SSL security systems that encrypt and protect the user’s data and payments and are educating customers on how to recognize online payment scams. Thus, people are slowly moving towards buying high involvement financial items like life insurance as well online.

The human factor

Research is a crucial part of the buying process, and most buyers seek information from multiple sources. While research for several consumer products like electronics and furniture has moved online even if purchase is offline, financial products have been slower to move, especially due to the need for expertise. From the sample, 55% rated talking to financial consultants and advisors as very important. Similarly, 55% rated advice from friends and family as very important.

As is evident, while the world is going online, there is something to be said for the familiarity and comfort of human interaction. Even online buyers value non-digital channels of communication. Of those who bought financial products online, 25% felt that visiting bank branches was important, 30% felt that recommendations from friends and family was important, and 33% felt that discussing it with financial advisors was important.

However, we find that online forums and aggregators are also gaining in terms of people using them to research products. According to a BCG report, search queries on life and health insurance have grown 4.5 times from 2008 to 2013, showing that digital is certainly influencing the research part of the buying cycle. Many life insurance companies and banks have caught on to this trend and are finding ways of making customer service executives available online through chat facilities on their portals. Additionally, companies are also investing in a better online user experience by designing their websites to be simple, attractive and easy-to-understand, so that the process of purchase becomes easier for customers.

When it comes to buying insurance, finding an appropriate plan is not an easy process. Life insurance companies are using technology and algorithms to overcome these human biases with innovative products like life insurance calculators. An example of this is the HDFC Life insurance profiler which simplifies the process of choosing an insurance plan. A person can enter five to six parameters and get an objective opinion on the best insurance plan suited to his or her time and status in life.

HDFC Life Insurance has also taken detailed note of its customers’ requirements as they move towards the digital age. Its product website has been designed to ensure consumers feel secure and well attended to when transacting online. All payment gateways have SSL security and are ISO 27001 certified to ensure optimum security. Additionally, to facilitate easy query resolution, it offers an online chat function along with co-browsing where a user can give control of her or her system to the chat executive so that details can be filled in for them. To solve for the barrier of document submission, HDFC Life even allows users to submit documents through e-mail or upload files on Google drive in place of hard copies. Easy e-KYC facilities allow for the Aadhar card and address proof to be uploaded online to quickly verify identity. To find the right insurance plan for yourself and experience the innovative services that the organization has to proffer head to their insurance profiler to start your journey towards buying a life insurance plan.


This article was produced by the Scroll marketing team on behalf of HDFC Life and not by the Scroll editorial team.

× Close