Based on the reading of the publicly-available draft of the Personal Data Protection Bill (2019), when it becomes a law, there will be a need to examine the consent framework of Aadhaar, said Additional Secretary in the Ministry of Electronics and Information Technology Rajendra Kumar.
Kumar was joined by Arghya Sengupta, founder and research director at Vidhi Centre for Legal Policy and CyberSaathi founder NS Nappinai at the Aadhaar 2.0 workshop on “Legal Aspects of Data Security and Privacy” hosted by the Unique Identification Authority of India (UIDAI). Currently, the Joint Parliamentary Committee that was deliberating the PDP Bill for the last two years has adopted its report and it is likely to be taken up in Parliament in the upcoming Winter Session.
These remarks from Kumar gain importance when seen together with UIDAI’s request for a blanket exemption from India’s data protection bill, as reported by The Hindu. UIDAI had argued that it was already being governed by the Aadhaar Act and that the PDP bill could be “counter-productive”, the report said.
PDP Bill will apply to Aadhaar despite exemptions: MeitY, Vidhi Centre for Legal Policy
Kumar’s comments were made in the context of how the functioning of Aadhaar will be affected when the PDP Bill comes into play.
“As I mentioned, in the draft PDP Bill, section 12 (says that) government agencies which are functioning under their own laws can continue their services and they can avail certain exemptions from the data processing norms in the bill. On Aadhaar’s current functioning, there would not be any impact but of course the bill will apply.” — Rajendra Kumar, Additional Secretary MeitY
He said that the PDP Bill will apply to Aadhaar when it comes to —
- Data sharing: PDP Bill will apply in the cases where Aadhaar has been used by government agencies for purposes other than for which consent was taken.
- User limit: Kumar did not expand on this particular section but reiterated that Aadhaar’s consent framework will have to be examined.
Sengupta spoke along similar lines and said, “It must be clear that Aadhaar, although it is exempted from certain notice and consent provisions of the last draft of the PDP bill, has to look at the resident consent of citizens for any future rollout of its services among private or public (sic).”
PDP Bill will bring more safeguards to the processing of Aadhaar data: MeitY
Kumar explained how the Aadhaar Act is a legal framework for dealing with personal data protection and sets clear rules “for personal data collection, storage, processing, sharing and handling”. However, he also pointed out that the Aadhaar Act applies only to UIDAI and not to other data fiduciaries — government or private.
Other data fiduciaries in the government and private are under no legal obligation (on the Aadhaar data). The data that is being collected by other data fiduciaries, they are only under contractual obligation (sic). Under the PDP Bill, the recipient will also be under the similar legal obligations to protect your data — Rajendra Kumar, Additional Secretary MeitY
When PDP is enacted, Aadhaar Act will require amendments: Vidhi Centre for Legal Policy
Once PDP comes…I believe there should be some Aadhaar Act amendments also brought in because let’s remember the only reason the PDP exists today is because of the Aadhaar judgement of the Supreme Court — Arghya Sengupta, Vidhi Centre for Legal Policy
Sengupta batted for opening up the usage of Aadhaar for private entities and argued that the PDP bill will provide assurances in terms of safeguards, and so on. “Can Aadhaar go beyond the services that it provides today? Answer is yes. The reason for doing that, there is the PDP Bill, and it is legislation that governs every entity in the country and not just the UIDAI. There will be a considerable degree of assurance, that this legislation, will govern the usage of Aadhaar data with a range of requesting entities,” Sengupta added.
Need to look into non-personal data regulations in context to Aadhaar: NS Nappinai
Nappinai, on the application of Aadhaar data and non-personal data, pointed out that it was non-personal data that is used more than personal data by private and government agencies.
Nappinai asked whether consent would still be needed from citizens for anonymised usage of Aadhaar data “considering that it is not really impacting individuals personal capacity, and not going to infringe on their privacy”.
- What RS Sharma had to say about consent, privacy, and UIDAI’s handling of Aadhaar
- Standing Committee on IT is taking a closer look at the UIDAI’s security and surveillance possibilities
- Government backs proposal to allow new voter registrations using Aadhaar: Report
Have something to add? Post your comment and gift someone a MediaNama subscription.