The government is not considering any proposal to link Aadhaar to social media accounts of individuals, IT Minister Ravi Shankar Prasad said in a written response (available below) to Lok Sabha MP S. Jothimani. In September, MeitY had sought UIDAI’s opinion on linking social media accounts to Aadhaar to know what is legally possible.
Steps taken to protect biometric data stored by UIDAI
In the response, Prasad also specified the steps that have been taken by the government to protect personal data stored by UIDAI:
- Minimal information: Aadhaar database contains only the information that the resident provides at the time of enrolment or updation. It includes name, gender, date of birth/age, photograph, core biometrics (10 fingerprints and 2 iris scans). It may also have mobile number and email address, if they were provided at the time of enrolment or updation.
- Optimal ignorance: UIDAI does not aggregate information received from Aadhaar use, and from tracking and profiling individuals. The system is also blind to the purpose for which Aadhaar may be used by an individual.
- Encrypted biometrics: Biometrics are stored in an encrypted manner, and are never unencrypted or shared.
- Encrypted data: UIDAI data is encrypted at all times, at rest, in storage and in transit.
- Legal protections: Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and subsequently the Aadhaar and Other Laws (Amendment) Act, 2019 carry “stringent penalties/punishments for offenders”.
- Infrastructure notified secure: UIDAI has been declared ISO 27001:2013 certified with respect to information security. The core infrastructure of Aadhaar is also notified as “protected system” under the provisions of section 70 of the Information Technology Act, 2000.