NEW DELHI: The government plans to amend the Aadhaar Act, 2016, to harmonise it with the Digital Personal Data Protection (DPDP) Act, 2023. Electronics and IT minister Ashwini Vaishnaw has urged the Unique Identification Authority of India (UIDAI), which manages Aadhaar to plug the loopholes in the law once the DPDP rules are finalised and notified.
The minister said that when the Aadhaar Act was formulated in 2016, there was no horizontal law for data privacy in the country. Now, that the data privacy law is there, the Aadhaar law should be harmonised vis-a-vis the DPDP Act.
“When the Aadhaar Act was framed, there were gaps in the legal structure which had got filled with the DPDP Act. So, I will request the UIDAI to look into the gaps and harmonise it with the DPDP Act,” Vaishnaw said.
“The user should be the focus of the new, modern law which makes life convenient for citizens, so that repeated consent, authentication of Aadhar is not required. This should be the objective of the new, modern law and I request the UIDAI to bring about the required harmonisation,” he added.
Though he did not highlight specific areas of conflict between the Aadhaar Act and the DPDP Act, analysts have often talked about these areas, which especially pertain to issues like consent, purpose limitation, and data usage.
For instance, as per the Aadhaar Act, consent is required for enrollment and authentication, but in practice, Aadhaar is often mandatorily demanded for services like bank accounts, school admissions, or SIM cards, even when it’s supposed to be optional. Under the DPDP Act, consent must be free, specific, informed, and unambiguous. The individual should have control over how their data is used. This means that if agencies force people to use Aadhaar for identification, it can violate the DPDP Act’s consent framework.
Similarly, under the Aadhaar Act, data collected can only be used for authentication and for purposes notified by the government. However, under the DPDP Act, personal data should only be used for the specific purpose for which consent was given. Thus, a conflict arises with the DPDP Act, if Aadhaar data is reused for other purposes like profiling or surveillance without fresh consent.
In the sphere of data minimisation, the DPDP Act emphasises collecting only necessary data. However, Aadhaar collects sensitive biometric data by default, which might not always be necessary for the service being provided.
Conflict between the two also arises with regard to the right to erasure and correction. The DPDP Act gives people the right to correct or erase their data. The Aadhaar Act, on the other hand, allows for limited correction, like updating address or phone number, but not deletion of core biometric data. So, Aadhaar doesn’t support full data erasure, which clashes with DPDP rights.
Source: The Financial Express
Lower Crude Prices To Make Monetary Policy More Accommodative: CEA 