1. Breach of Aadhaar Data
  • Section 29 (4) of the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act states that “no Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations”
  • However multiple cases of Aadhaar data breach have been reported recently.
  • On February 17 security researcher Srinivas Kodali brought to the noticeof the authorities that a website had leaked the Aadhaar demographic data of over five lakh minors including their photographs
  • The Unique Identity Authority of India registered a complaint with the Delhi Police against Axis Bank Limited, Suvidha Infoserve, which is a business correspondent with Axis, and esign provider eMudhra for performing multiple Aadhaar transactions using stored biometrics. This is in violation of the Aadhaar Act, 2016, which prohibits the storage of such data.
  • Simple Google search shows that central government ministries and of government-affiliated colleges and universities have uploaded sensitive information about thousands of citizens on their websites. The personal data includes beneficiary name, address, gender, family details, Aadhaar number and bank details (account number, IFSC code).
  1. Conflict of interest
  • In cases of information breach, individuals whose personal data is compromised are not even informed about it.
  • The Aadhaar Act lacks any provision for a mandatory notice to an individual in case of a breach of his or her information. This was recommended by the Justice Shah Committee on Privacy in 2012, which was set up to lay the ground for a comprehensive new privacy law.
  • Moreover under Section 47(1) of the Act: Courts cannot take cognizance of any offence punishable under the Act, unless a complaint is made by the Unique Identification Authority of India, or a person authorised by it.
  • This provision creates conflict of interest as UIDAI is itself responsible for the security and confidentiality of identity information and authentication records. There may be situations in which members or employees of the UID authority are responsible for a security breach.
  • In response to a right to information application filed last year by Scroll.in, the Unique Identification Authority of India refused to share data on how many security breaches, intrusion attempts or security incidents it had detected or been notified of. The authority has also refused to share information regarding security practices followed by it.
  • This is in contrast with international norms on data protection and transparency towards users. In the United States, every time a breach takes place, the authorities have to follow proactive disclosure requirements.
  1. Need for enactment of privacy law
  • India doesn’t have a privacy and data protection law.
  • Article 12 of the Universal Declaration of Human Rights – of which India is one of the signatories – explicitly states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
  • Other countries in the world have already enacted privacy laws to safeguard their citizens. France began ensuring data security from 1978. Canada passed the historic Personal Information Protection & Electronic Documents Act in 2000. Mexico has serious punishments for privacy violators and New Zealand has a Privacy Commissioner.
  • A Group of Experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court was constituted on 29th September 2011 to identify the Privacy issues and prepare a Report to facilitate authoring of the Privacy bill.
  • The Justice A. P. Shah panel had recommended an over-arching law to protect privacy and personal data in the private and public spheres. The report also suggested setting up privacy commissioners, both at the Central and State levels. It had spelt out nine national privacy principles that could be followed while framing the law.
  • The Justice A.P. Shah Panel’s recommendations should be implemented and a strong data privacy law should be enacted by the Government.
  1. Against supreme court order
  • Constitution Bench of the Supreme Court had directed the government in October 2015 that a citizen cannot be compelled to have Aadhaar as a pre-condition to access Centrally sponsored welfare schemes.
  • The Constitution Bench had extended the voluntary use of Aadhaar card to Mahatma Gandhi National Rural Employment Gurantee Scheme, all types of pensions schemes, employee provident fund, the Prime Minister Jan Dhan Yojana, PDS and LPG distribution.
  • The Supreme Court has reiterated its order on March 27, 2017.
  • However, the Government has made Aadhaar mandatory for a number of welfare schemes including the following:
  1. Supplementary nutrition program. Deadline to register to avail benefits is March 31.
  2. For farmers wanting to take crop insurance benefit.
  • People wishing to avail benefits of welfare schemes under Integrated Department of Horticulture, National Apprenticeship Promotion Scheme and Janani Suraksha Yojana
  1. To avail training under Integrated Child Development Services of the Ministry of Women and Child Development. Deadline to register is June 30.
  2. For financial support under National Mission for Empowerment of Women.
  3. For e-panchayat training benefits. Deadline to register is June 30.
  • Soil Health Management Scheme and Soil Health Card Scheme
  • Supplementary meals at crèches. Deadline to register is March 31.
  1. Maternity Benefit Programme and Integrated Child Protection Scheme. Deadline to register is March 31.
  2. Mid Day meal benefit. Cooks-cum-helpers earning out of the scheme must also register with Aadhaar. Deadline set is June 30.
  3. Action Plan for Skill Training of Persons with Disabilities must register by June 30.
  • Bhopal gas tragedy victims need Aadhar to avail compensation from government. Deadline set is June 30.
  1. Threat of Misuse by Private Companies
  • Under Section 57 of the Act: Any public or private person may use the Aadhaar number for establishing the identity of any individual for any purpose. This creates the threat of misuse of Aadhaar information by private companies.
  • When a customer provides his Aadhaar number to the company, the company not only runs a query on the Aadhaar database to verify the name and number, it also downloads other information about the customer held on the server, like address, date of birth and gender.
  • Some companies are using Aadhaar to share customer and business partner information and to create customer profiles by linking Aadhaar data with other data.
  • While companies can use this data to customize pricing and products for us, they can also use this data to deny products, services and information. For instance, an insurance company can ask for the Aadhaar number, and then club that with health records from hospitals, and then deny person insurance.


  • The 2030 Agenda for Sustainable Development recognizes fair and robust systems of legal identity as an important foundation for promoting inclusive societies. Thus Aadhaar has been lauded by many international agencies.
  • In the World Development Report 2016, the World Bank said “a digital identification system such as India’s Aadhaar, by overcoming complex information problems, helps willing governments to promote the inclusion of disadvantaged groups.”
  • The United Nations in its report in 2016 said, “Aadhaar programme to enroll the biometric identifying data of all its 1.2 billion citizens was a critical step in enabling fairer access of the people to government benefits and services. Programmes such as Aadhaar have tremendous potential to foster inclusion by giving all people, including the poorest and most marginalized, an official identity.”
  • Paul Romer, Chief Economist of the World Bank recently said that “The system in India is the most sophisticated that I’ve seen. It’s the basis for all kinds of connections that involve things like financial transactions. It could be good for the world if this became widely adopted”.
  • Thus Aadhaar has great potential to Direct Benefit Transfer and inclusion of disadvantaged groups. The concerns regarding privacy, safety of data and misuse by private companies should be addressed through strong legislations
    Use of Aadhaar