The Cabinet tonight approved the promulgation of an Ordinance or executive order to allow voluntary use of Aadhaar as identity proof for opening bank account and procuring mobile phone connection.
The Ordinance was needed as a bill, passed by the Lok Sabha on January 4 but pending in the Rajya Sabha, would have lapsed with the dissolution of the current Lok Sabha. The Ordinance will now give the effect to the changes in the Aadhaar Act such as giving a child an option to exit from the biometric ID programme on turning 18.
Briefing reporters after a meeting of the Cabinet chaired by Prime Minister Narendra Modi, Law and IT Minister Ravi Shankar Prasad said the Cabinet has approved the promulgation of an Ordinance to give effect to the Aadhaar and Other Laws (Amendment) Bill.
The amendment provides for stiff penalties for violation of norms set for the use of Aadhaar and violation of privacy. It bans storing of core biometric information as well as Aadhaar number by service providers in cases of individuals who have voluntarily offered the national ID as a means of authentication.
"Aadhaar can be used as KYC on a voluntary basis under the Telegraph Act and PMLA rules. Any entity using Aadhaar will have to adhere to privacy guidelines," Mr Prasad said.
The amended law makes it clear that anyone not offering Aadhaar cannot be denied any service, be it opening of a bank account or obtaining a mobile phone SIM card.
The amendments will "provide for 12-digit Aadhaar number and its alternate numbers to be generated" in a manner so as to conceal the actual Aadhaar number.
The proposed changes also seeks to lay down the procedure for offline verification of an Aadhaar number holder, and confers enhanced regulator-like power on the Unique Identification Authority of India (UIDAI) to give directions as it may consider necessary to any entity in the Aadhaar ecosystem.
It proposes that every requesting entity to whom an authentication request is made will inform the Aadhaar number holder of alternate and viable means of identification and shall not deny any service to them for refusing to, or being unable to undergo authentication.
The changes that were proposed included a civil penalty of up to Rs 1 crore on entities that violate the provisions of the Aadhaar Act, with an additional fine of up to Rs 10 lakh per day in case of continuous non-compliance. Unauthorised use of identity information by a requesting entity or offline verification seeking entity would be punishable with imprisonment of up to three years with a fine that may extend to Rs 10,000 or in case of a company with a fine of up to Rs 1 lakh.
Punishment for unauthorised access to the Central Identities Data Repository as well as data tampering is proposed to be extended to 10 years each from the current three years. It also seeks to omit Section 57 of the Aadhaar Act relating to the use of Aadhaar by private entities.