Menu Close

UIDAI calls for clarity, ‘informed consent’ prior to Aadhaar biometrics submissions

The Unique Identification Authority of India (UIDAI) has unveiled new guidelines for requesting entities (REs) to obtain resident consent on paper or electronically before carrying out Aadhaar biometric authentications.

The guidelines come from the Indian Ministry of Electronics & IT, which highlighted the need for residents to understand the types of data collected when authenticating themselves using their Aadhaar numbers.

From a technical standpoint, “authentication” refers here to the process by which Aadhaar numbers, along with demographic or biometric information of an individual, are compared to data in the Central Identities Data Repository.

The Aadhaar Amendment Act 2019 introduced the necessity for Aadhaar number holders to provide informed consent before authentication. Some REs, UIDAI claimed, such as private company Karza Technologies, did not adhere to such principles and were asked to pause Aadhaar-related services.

The new guidelines now aim to rectify and prevent situations like this in the future, with REs now having to ensure that residents understand the type of data being collected as well as the purpose of Aadhaar authentications.

The Authority has also added that logs of authentication transactions, including the acquired consent, should be kept only for the period as prescribed in the Aadhaar Regulations.

“Purging of such logs after expiry of the said time period shall also be done as per the Aadhaar Act and its regulations,” reads the announcement.

Finally, UIDAI clarified that REs should not store Aadhaar in physical or electronic form without concealing the first eight digits of the Aadhaar number.

The Authority has further asked REs to provide effective grievance-handling mechanisms for residents and cooperate with it and other agencies for any security audit as required under the law.

The new regulations come weeks after UIDAI started rolling out financial services in rural areas, and amid further expansion of Aadhaar’s use.

UIDAI seeks to expand use of Aadhaar

By Ayang Macdonald 

The Unique Identification Authority of India (UIDAI) says it will pursue five key areas of activity, including expanding the use of the Aadhaar biometric digital ID, in order to improve the wellbeing of Indian citizens.

Other activities to focus on include ensuring resident centricity, security and privacy, continuous technology upgrade, and collaboration with global economies to support their efforts in providing legal identity for all, in line with the UN SDG 16.9, according to a UIDAI press release.

“Aadhaar has emerged as a tool of good governance, of empowerment and service delivery. Since the first Aadhaar number was generated in 2010, UIDAI has issued over 1.35 billion Aadhaars and has carried out more than 88 billion authentication transactions so far, indicative of how it is touching resident’s lives,” says UIDAI in the public statement.

“UIDAI has also executed over 710 million Aadhaar updations following requests from residents since 2010. UIDAI will be at the forefront of technology up-gradation to further enhance data security and privacy, seamless service delivery, and proactively address new-age cyber security risks.”

The founding chairman of UIDAI Nandan Nilekani recently echoed the lessons the world can learn from the Aadhaar ID, the world’s largest digital ID ecosystem. The Unique Identification Authority of India (UIDAI) has unveiled new guidelines for requesting entities (REs) to obtain resident consent on paper or electronically before carrying out Aadhaar biometric authentications.

The guidelines come from the Indian Ministry of Electronics & IT, which highlighted the need for residents to understand the types of data collected when authenticating themselves using their Aadhaar numbers.

From a technical standpoint, “authentication” refers here to the process by which Aadhaar numbers, along with demographic or biometric information of an individual, are compared to data in the Central Identities Data Repository.

The Aadhaar Amendment Act 2019 introduced the necessity for Aadhaar number holders to provide informed consent before authentication. Some REs, UIDAI claimed, such as private company Karza Technologies, did not adhere to such principles and were asked to pause Aadhaar-related services.

The new guidelines now aim to rectify and prevent situations like this in the future, with REs now having to ensure that residents understand the type of data being collected as well as the purpose of Aadhaar authentications.

The Authority has also added that logs of authentication transactions, including the acquired consent, should be kept only for the period as prescribed in the Aadhaar Regulations.

“Purging of such logs after expiry of the said time period shall also be done as per the Aadhaar Act and its regulations,” reads the announcement.

Finally, UIDAI clarified that REs should not store Aadhaar in physical or electronic form without concealing the first eight digits of the Aadhaar number.

The Authority has further asked REs to provide effective grievance-handling mechanisms for residents and cooperate with it and other agencies for any security audit as required under the law.

The new regulations come weeks after UIDAI started rolling out financial services in rural areas, and amid further expansion of Aadhaar’s use.
UIDAI seeks to expand use of Aadhaar
By Ayang Macdonald 

The Unique Identification Authority of India (UIDAI) says it will pursue five key areas of activity, including expanding the use of the Aadhaar biometric digital ID, in order to improve the wellbeing of Indian citizens.

Other activities to focus on include ensuring resident centricity, security and privacy, continuous technology upgrade, and collaboration with global economies to support their efforts in providing legal identity for all, in line with the UN SDG 16.9, according to a UIDAI press release.

“Aadhaar has emerged as a tool of good governance, of empowerment and service delivery. Since the first Aadhaar number was generated in 2010, UIDAI has issued over 1.35 billion Aadhaars and has carried out more than 88 billion authentication transactions so far, indicative of how it is touching resident’s lives,” says UIDAI in the public statement.

“UIDAI has also executed over 710 million Aadhaar updations following requests from residents since 2010. UIDAI will be at the forefront of technology up-gradation to further enhance data security and privacy, seamless service delivery, and proactively address new-age cyber security risks.”

The founding chairman of UIDAI Nandan Nilekani recently echoed the lessons the world can learn from the Aadhaar ID, the world’s largest digital ID ecosystem.  Read More   

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami