HOW THE AADHAAR ACT, 2016, PROTECTS DATA
What are the obligations of the Unique Identification Authority of India (UIDAI) in protecting data?
According to the Aadhaar Act, 2016, the UIDAI has to ensure confidentiality of identity, information and authentication records of individuals. It has to take all necessary measures to ensure that the information in its possession or control, including those stored in the Central Identities Data Repository, is secured and protected against access, use or nonpermitted disclosure under the Act
Does the Act allow an individual access to his or her own identity data?
No person can collect, store or use the Aadhaar number without the owner’s consent. Further, the Act prohibits publishing the Aadhaar number. An Aadhaar number holder may request the UIDAI to provide access to his or her identity information in a manner specified through regulations. But, the Act does not give the holder access to core biometric information
What is the recourse for an individual in case of breach or misuse of personal data?
According to the Act, only the UIDAI is authorised to file a complaint of any breach or misuse of the data. The aggrieved individual has to first approach the authority with the complaint. Only after verifying its validity can UIDAI file the complaint with the investigating agencies. Only a Chief Metropolitan Magistrate or a Chief Judicial Magistrate can try any offence punishable under this Act.
What are the offences and penalties for any breach or misuse of data?
Any person who causes harm or mischief to an Aadhaar number holder or impersonates by providing any false demographic or biometric information is punishable with imprisonment up to three years or with a fine up to ~10,000 or both. Similarly, unauthorised collection of identity information could attract jail term up to three years or a fine up to ~10,000. In case of a company, the fine could go up to ~100,000