The Narendra Modi government on Wednesday introduced a bill in the lower house of parliament to propose amendments to the Aadhaar Act.

The bill was tabled after the Supreme Court verdict on September 27, 2018 which said that Aadhaar, a digital identification project, can only be used for the implementation of welfare schemes and state subsidies.

The judgement barred private companies from using the data in any other way. The Supreme Court had struck down Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, calling it unconstitutional.

Section 57 gave companies such as mobile companies, e-wallets, cabs and e-commerce companies, the statutory right to sell meta data to the growing data brokering industry which uses it for targeted advertising or consumer profiling.

Contrarily, the proposed amendment by the government will allow private and commercial use of citizens’ Aadhaar-related data.

“The Amendment Bill proposes changes to the Aadhaar Act, Telegraph Act and the Prevention of Money Laundering Act, which will circumvent the Supreme Court judgment and allow the continued use of Aadhaar-based e-KYC (know your customer) authentication by private entities for mobile and banking services”, said a statement by Rethink Aadhaar, a non-partisan campaign that is critical of the project.

Enforcement mechanism

The bill proposes to arm the Unique Identification Authority of India (UIDAI) with more powers, similar to those of regulators.

This regulatory power, under Clause 54 of the bill, allows the UIDAI to collect bio-metric or demographic information, which privacy activists regard as highly inimical. However, according to Clause 33 of the bill, no appeal against such an order can be adjudicated without giving a hearing to the UIDAI.

The Aadhaar Act, at present, does not empower the body to take enforcement action against errant players in the Aadhaar system.

The amendment in the proposed bill includes a fine of 10 million rupees if the entities fail to comply with provisions of the act. In the case of a continuing failure, a penalty of 1 million rupees may be imposed for each day the failure continues.

Punishment for unauthorized access to the Central Identities Data Repository as well as data tampering is proposed to be extended to 10 years’ imprisonment each, up from the current three years, reported Mint.

Coercion made ‘voluntary’

The bill creates a provision for “Virtual ID” and voluntary and offline modes of using Aadhaar.

Following the Supreme Court ruling, private entities are no longer allowed to maintain any Aadhaar-related data records whatsoever.

While the petitioners have been trying to push for compliance on this, the government’s latest move may encourage the continued collection of citizens’ data through use of Aadhaar-based authentication.

The bill plans to amend the Telegraph Act and the Prevention of Money Laundering Act (PMLA) to provide for voluntary use of Aadhaar for obtaining SIM cards and opening bank accounts.

However, activists contend that making it “voluntary” only sets up more gullible citizens, not aware of their privacy rights, to fall into the Aadhaar trap.

“They say that when private entities were allowed to make use of Aadhaar-based e-KYC, there were several reports of fraudulent transactions and scams regarding citizens’ personal data as well as their money,” claimed Rethink Aadhaar.

Critics say that there has been no indication that either the finance ministry or the UIDAI has attempted to address these security lapses in the Aadhaar ecosystem.

Lack of stakeholder consultation

For far too long, privacy activists have been claiming that a wide cross-section of stakeholders should be consulted before introducing a behemoth of a system which affects key fundamental rights such as privacy and access to government welfare benefits. But some feel that the government, by introducing the bill, seems to be ignoring what many see as a pressing concern.

In the proceedings before the parliament, only three union legislators, armed with copies of the Amendment Bill (which has not yet been made accessible to the public) – Saugata Roy of the Trinamool Congress, Shashi Tharoor of the Indian National Congress and NK Premachandran of the Revolutionary Socialist Party- objected to its introduction.

Activists fear that the government, in its zest to push through the amendments to the law, might pass the legislation as a money bill. This will allow it to bypass the Upper House of Parliament, which in March 2016 voted to curtail private sector Aadhaar usage. It had debated the original Aadhaar Act, but the government overrode the farsighted warnings by taking the money bill route.

Speaking to Asia Times, Srinivas Kodali, a technology and public policy activist from Hyderabad slammed the government’s move as bringing in Section 57 through the back door, and taking the sting out of the Supreme Court’s ruling.

Moreover, without bringing in the Data Protection law, the government is only strengthening the Aadhaar Act, thus posing a threat to dissenters who expose security breaches in the system and are then faced with police complaints.

Kodali also pointed out that the Attorney General of India, in an opinion, had said that according to the Supreme Court ruling, the use of Aadhaar authentication for telephone connections and bank accounts must satisfy the doctrine of proportionality: that is, the least invasive method of breaching privacy has to be followed, in the face of the lack of any other alternatives. “The government is disregarding its own top law officer’s advice”, he said.

Meghnad, a public policy professional and expert in parliamentary affairs told Asia Times that the fact that the government brought in the amendment bill in the last session of Parliament, during which any business is expected to get pushed through, showed its sense of urgency.

He criticized the government for not making the bill public until it was tabled, thus robbing parliamentarians of a crucial opportunity to scrutinize its contents and suggest amendments.