Aadhaar related articles 13790 – draft data-protection bill proposes offline verification for aadhaar; strengthens uidai and weakens rti provisions – caravan

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty – Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation.

The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation .” -A three judge bench headed by Justice J Chelameswar said in an interim order.

I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

For instance, if there is no authentication with the CIDR, against what database is the identity of an Aadhaar card holder purportedly verified? More importantly, would every OVSE have access to this database? The proposed amendments define an OVSE as “any entity desirous of undertaking offline verification.” While this definition is similar to that of a requesting entity under the Aadhaar Act, a requesting entity does not officially gain access to any Aadhaar data, since it is verified online with the central database at the CIDR. But will the offline verification system introduce the decentralisation of Aadhaar data? If so, how would it seek to prevent potential security breaches, if any entity may seek offline verification? The draft bill also fails to clarify whether offline verification will be treated as a measure of last resort—in case an individual is able to provide the information through an alternative manner—or if an OVSE can insist on offline verification. The most critical omission, perhaps, is the nature of the relationship and exchange of information between an OVSE and the UIDAI. After an offline verification of Aadhaar is complete, will an OVSE relay all its transaction information to the UIDAI?