Aadhaar card- A name that is heard time and again, a name that has been the talk of the town since its inception and a name that is helpful for different purposes.
It is not only serving its purpose for the common man but, nowadays, the telecom operators do rely on the data of this card for completing customer verification before they finally activate SIM cards. This technology brought to you by Reliance is creating ripples in the telecom sector and many are making its use to the fullest. Not only Reliance but other telecom giants like Vodafone and Airtel too have started making use of it.
Have you ever given it a thought about how the giants of the private telecom sector are making its use or how Aadhaar card contains our personal as well as sensitive information? We do not bother to even think that are there any sort of regulations to make sure that nothing wrong happens when the secret information is passed on to these private agencies.
No worries. In this article, we have compiled all possible legal information where the private entities are making use of data of the Aadhar card to provide you the benefits of the service.
When the Aadhaar Act was passed?
In March 2016, the Parliament passed the Aadhaar Act (Targeted Delivery of Financial and Other Subsidies, Benefits and Services). And, to make proper use of the Aadhaar number so that the identity of the person could be established for any purpose pursuant to a law or contract, Section 57 of the Act enabled persons as well as the corporates other than the government.
What Section 57 contains?
Nothing enclosed in this Act shall stop the use of Aadhaar number for creating the identity of a particular individual for any “purpose, whether by the State or any corporate or person, pursuant to any law, for the time being in force, or any contract to this effect.”
And, how is it possible?
It’s possible on the condition that under this section the use of Aadhaar number shall be subject to the procedure and obligations under section 8 and Chapter VI of the Act.
What are Section 8 and Chapter VI based upon?
Section 8 and Chapter VI are grounded upon two essential principles that is accepted by the Aadhaar Act: ‘individual consent’ and ‘confidentiality of information’.
This Act knows biometric data as ‘sensitive personal information’, as per Section 30.
Chapter VI of the Act, which comprises Sections 28 to 33, deals with safeguarding the protection and security of the confidential information.
Whereas, Section 8 better deals with the method where the consent of the individual should be acquired before making use of the Aadhaar number for the ‘authentication’ process.
Now, let us be clear about a few concepts regarding several schemes of the Act that is important for us to know to get Mobile SIM connections making use of the Aadhaar card:
Where is the information stored?
The biometric, as well as the demographic information of the persons collected under this Act, is put in storage in a consolidated database called ‘Central Identities Data Repository’(CIDR) that is under the direct control of Unique Identification Authority of India (UIDAI).
An entity that wants to make use of the Aadhaar data to ascertain the identity of a person for giving any service or benefit is called a ‘requesting entity’ (Sec.2(u)). And, this ‘requesting entity’ could be any government department such as Income Tax Dept., banks or PSUs, telecom operators etc, whether it’s in public or private sector that comes under Section 57.
Then the Aadhaar number and biometric data of the aiming customer are passed on by the requesting entity to the central depository. If the respective data abounding by the requesting entity matches the information in the central database, an optimistic answer is returned by the authority to the requesting entity, verifying the accuracy of identity. But, if the information does not match, the undesirable response is returned back. And, this process is called ‘authentication’ (2(c)).
The mandate of Section 8:
A requesting entity can make use of the aadhaar number and biometric data of the individual for the purpose of authentication only with the conversant consent of the individual. The individual then has to be well-versed about the nature of the information shared. And, then the related information should be provided and consent is gained in the method specified in the regulations.
And, here comes the important part that completes the information to get the Aadhaar for mobile SIM connections.
Aadhaar (Authentication) Regulations 2016:
The informed consent of the individual should be acquired in the way as it is specified in the said Rules. The requesting entity then should list itself with the authority as per the regulations as an ‘Authentication User Agency (AUA)’.
The AUA will only get a response in the form of ‘Yes/No’ from the authority regarding the supplied data. The authority won’t be sharing the demographic as well as the biometric information of the customer with the AUA, on the basis of verification search excluding a Yes/No response.
But, if the AUA is registered as ‘e-KYC user agency aka (KUA)’, (The resident service agency is called KUA), the biometric, as well as the demographic information of the customer stored in the central depository, would be shown to the agency in a transparent manner.
Now, as that you know the scheme of the registration process that comes under the Registration, do make sure that you also know about Regulation 6:
The consent of the Aadhaar card holder i.e the number- (1) “After communicating the information in accordance with regulation 5, a requesting entity shall obtain the consent of the Aadhaar number holder for the authentication”.
Then, the requesting entity shall attain the consent mentioned in sub-regulation (1) above in physical or most preferably in the electronic form and maintain logs or records of the consent acquired in the method as may be specified by the Authority for this purpose.
It is crystal clear from the above that the oral consent of the individual alone won’t fulfill the mandate of the regulation. Thus, the consent has to be recorded in electronic form. The requesting entity also has to make sure that persons working for it to perform authentication functions and to maintain needed systems, structure and methods, possess mandatory qualifications for undertaking such works (Reg.14(f)).
And, side by side, the requesting entity has to maintain logs or records of the consent acquired, and preserve them for two years as the Aadhaar cardholder has the right to access such logs and records (Reg.18). The Act also permits the number-holder to fully access the authentication records (Sec.32).
Though the Act and regulations recommend required guidelines to be followed while using demographics as well as biometric information of the individual, the ground realities display that such guidelines are frequently observed in the breach by the agents of the telecom operators.
So, it’s not surprising that when the telecom giants like Reliance Jio offer many free internet packages, the customer will definitely swarm to mobile shops for activating the new SIM cards. And, when they are required to provide their biometric data to get a new connection, they without hesitating will do so.