Agencies using data from Aadhaar will now have to inform the holder of the card the manner in which the details will be used to ensure the information is not misused, the Aadhaar Act says.
According to the Aadhaar (Targeted Delivery of Financial, and Other Subsidies, Benefits and Services) Act, 2016, the core biometric information collected by the Unique Identification Authority of India (UIDAI) under the Act “shall not be shared with anyone for any reason whatsoever”.
Any individual, agency or entity, which collects Aadhaar number or any document having the figure, will have to now get consent of the holder for collecting, storing and using the same for specified purposes only.
“Any individual, agency or entity which collects Aadhaar number or any document containing it, shall obtain consent of the holder for collection, storage and use of his Aadhaar number for specified purposes. Such individual, agency or entity shall not use the Aadhaar number for any purpose other than those specified to the holder at the time of obtaining his consent,” the notification said.
They will also have to inform the citizen whether submission of Aadhaar number or proof of Aadhaar for such purpose is mandatory or voluntary and if alternative documents can be submitted.
The new rules also prevent the agencies from publicly posting the information.
“Any individual, entity or agency, which is in possession of Aadhaar number(s)... shall ensure security and confidentiality of the numbers and of any record or database containing the Aadhaar numbers,” the notification said.
To ensure data is secure, UIDAI has also mandated that these entities that have their data centres used for Aadhaar authentication and routing through the Central Identities Data Repository (CIDR) should be located in India.
Besides, UIDAI will also set up a contact centre for resolution of queries and grievances of residents.