Analysis of the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Bill, 2016
Finance Minister Arun Jaitley in his recent budget speech had assured of providing a statutory backing to the Aadhaar program that this NDA government plans to use as a means to curtail wasteful expenditure on subsidies and government service delivery by using the unique identification feature of Aadhaar for identification of intended beneficiaries and targeted disbursement of such benefits. First mooted by Mr. Nandan Nilekani in 2009, the concept of using a citizen centric unique identification mechanism was embraced by the UPA government via an executive notification. However as the gamut of citizen’s personal information collected by the government began increasing there were demands to make this process more accountable and transparent in its operations.
After two failed attempts in 2010 and 2013 to establish the National Identification Authority of India (NIAI) by the UPA Government, the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Bill, 2016 presented by Mr. Jaitley provides for establishment of a Unique Identification Authority of India (UIDAI). Coming on the back of a pending Supreme Court case underway to address the apprehensions about lack of adequate provisions to protect privacy of citizens, this Bill is expected to have far reaching impacts on the way citizen’s data is collected, used, shared and protected from misuse by Government agencies.
First, let us look at how the present bill compares with the earlier bill of 2010.
The Bill while defining a subsidy as any form of aid, support, grant, subvention, or appropriation, in cash or kind, to an individual or a group of individuals provided by the Central Government, mandates that the beneficiary should furnish or enroll for an Aadhaar number while seeking benefits. However, it goes on to inform that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy or service by the Government.
The Bill draws heavily from the National Identification Authority of India (NIAI) Bill (2010) in nature and scope, but has some significant additions, primarily focused on bringing in more clarity in definitions, incorporating provisions protecting citizen data privacy and widening the scope of penal provisions for unauthorized access to citizen’s personal information. It categorizes the personal information collected from citizens in four main categories.
In an attempt to incorporate privacy principles in the legislation, the Bill mandates that the agency in charge of enrolling the citizens in the Aadhaar database is supposed to inform the citizen about how the information will be used, with whom it might be shared and the citizen’s right to access this information for making changes if necessary. As for storage of information the Bill mandates the creation of a Central Identities Data Repository (CIDR) by the UIDAI and set in place measures to ensure security of this database. The Bill also introduces the concept of ‘Requesting Agency’ i.e. the agency that collects identity information from the citizens to authenticate it against the CIDR. The requesting agency is supposed to obtain explicit consent of the individual before collecting information for purpose of authentication. Further, it should also ensure that the information is only sent to the CIDR and inform the user about how this information will be used.
The government has already been reprimanded by the Supreme Court over the possible misuse of citizen information and the lessons learnt are reflected in the various clauses of the bill. The Bill puts the entire onus of ensuring the security of citizen’s identity information and authentication records on the UIDAI. It strictly mandates that Core Biometric information cannot be shared with anyone for any reason and should not be used for any reason other than generating an Aadhaar number. More importantly, the bill has provisions against government agencies disclosing citizen’s identity information in the public domain. Interestingly, these penal provisions apply for offences committed outside India by any person, irrespective of his nationality.
There are special clauses in the Aadhaar Bill that allow for access to the CIDR through a court order issued by a District Magistrate or above after a hearing has been granted to the UIDAI in this regards. There is also a special “National Interest” clause inserted that allows for an officer above the rank of Joint Secretary to the Government of India to issue directives on behalf of the Central Government for access to information with the CIDR. Such a directive however needs to be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology and would be valid only for a period of three months. It is expected that this is used in the rarest of rare cases and not for blanket surveillance activities.
In its present form, the Bill manages to tick most of the boxes that guarantee citizens a high degree of control over the personally identifiable information that they share with different Government agencies. It is however found lacking on the aspect of having sufficient parliamentary oversight on the operation of the UIDAI, as there is no provision for constitution of a parliamentary selection committee to appoint the Chairman of the UIDAI and the clause of having an Identity Review Committee to annually review the work of the UIDAI is missing from this bill as well. While the Finance Minister talked about putting in place ‘sun set’ clauses for all schemes announced after the Budget, this Bill does not incorporate any time lines for ensuring speedier enrollments for Aadhaar nor does it incentivize enrollment. It is expected that the UIDAI will also put in place a grievance redressal mechanism for citizens to report irregularities with their personally identified information; as such a provision is presently missing in the Bill.
While the debate at present is centered on the constitutionality of introducing the Bill as a Money Bill in the Lok Sabha, (the final decision with regards to which lies only with the speaker of the Lok Sabha), the need of the hour is to have a public debate around the various short comings of this bill. This bill will lay the foundation for including terms to secure citizen’s personal information by agencies that collect and process it. The Government should also look at introducing amendments to other Acts that permit for collection of information such as the Census Tax Act (1948), Income Tax Act (1961), Passport Act (1967) etc. and align them with the strong penal provisions in this bill.
The full text of the bill is available here.
The Old Wonk 
[…] article was also published on the blog Old Wonk, by Ranjeet […]
LikeLike