At a time when the Srikrishna Committee is expected to table the Data Protection Act, the UIDAI (Unique Identification Authority of India) has notified that the two newly introduced layers of security for Aadhaar — Virtual ID and the UID token system — should be considered as “different forms of Aadhar number.”
The UIDAI has taken this step in a bid to ensure it complies with the PMLA (Prevention of Money Laundering Act).
Earlier, the UIDAI introduced Virtual ID and UID Token to enable public to use it for authentication instead of sharing their Aadhaar details. However, the two new tools have still not been recognised by the Prevention of Money Laundering Act (PMLA).
Commenting on the same, the UIDAI said, “Since Virtual ID and UID Token are different forms of Aadhaar number, the authority in exercise of its powers hereby clarifies that Virtual ID and UID Token may, therefore, be duly accepted by local authentication user agencies (AUAs) in lieu of Aadhaar number when so mandated by the authority and will be deemed as the Aadhaar number for the purpose of compliance of their respective regulations.”
The UIDAI has been emphasising that Aadhaar Virtual ID will allow a user to not to share his/her Aadhaar card number whereas the UID Token will stop the creation of parallel databases of users by companies and government departments.
After the 2017 amendment of the Prevention of Money Laundering Act, Rule 9 of the Prevention of Money Laundering Rules mandates the linkage of existing bank accounts with Aadhaar number.
The amendment was also required for opening a new bank account which has to be further linked to PAN number.
The Chaos Of UIDAI And Aadhaar
Nearly seven months into the case, Aadhaar hearings in the Supreme Court haven’t seen any sort of consensus. What started with the Right to Privacy issue on whether it should be made mandatory to have Aadhaar linked with people’s bank accounts, mobile services, pan card and other services has also glazed through Facebook-Cambridge Analytica data breach.
Following court discussions and controversies, UIDAI had introduced face recognition and virtual ID. Meanwhile, in January, UIDAI had launched a two-layered safety net feature to avoid data breaches. This consists of a 16 digit Virtual ID and limited know-your-customer (KYC) for Aadhaar number holders.
In July, UIDAI had given a breather to the banks and the government departments by extending the deadline to upgrade their systems to process the virtual ID as an alternative to Aadhar numbers till August.
UIDAI is also introducing face recognition feature which has been delayed till August 1. The new feature is aimed at helping people who face difficulty in biometric authentication due to old age, hard work or worn-out fingerprints, to authenticate their identity for accessing services, benefits, and subsidies.
Recently, it has also introduced the feature in which Virtual IDs can be used to get a new SIM card or to re-verify an existing connection. This new feature was ready to be enabled from the 1st of July.
UIDAI has also classified certain authentication user agencies as local AUAs that will be provided access to limited e-KYC authentication using the Virtual ID and UID Token in place of Aadhaar number.
The list of user agencies and local AUAs include telecom service providers, national housing bank regulated finance companies, non-bank PPI users, CCA regulated eSign providers, non-life insurance companies, and NBFCs.
With data compromises related to Aadhaar continue to make news and data privacy issues have been continuously raising red flags, the new security layers are much welcome.
[The development was reported from ET]