File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

The Aadhar Act 2016: Identity, Privacy and You

The Aadhaar Act of 2016 aims to promote the efficient, transparent, and targeted distribution of subsidies, benefits, and services to individuals through the issuance of Unique Identity Numbers. To achieve this, the Act requires individuals to verify their biometric and demographic information. Following this verification, they receive a twelve-digit Aadhaar number from the Unique Identification Authority of India (UIDAI). Eligibility for an Aadhaar number requires a person to have resided in India for at least 182 days.

The Act also delineates offenses and corresponding penalties for any breaches. It specifies the circumstances under which the Authority can disclose information upon request from an entity. Furthermore, the Act obliges the Authority to protect the collected data, ensuring its accurate recording and maintenance.

Background of the Aadhar Act

The Aadhaar Act of 2016 is legislation passed by the Indian government to create a unique identification system for its residents. This system assigns a twelve-digit identification number, known as Aadhaar, to individuals. The Act was introduced to establish a reliable method for verifying identities in both government and private sector services.

One of the primary goals of the Aadhaar Act was to make it easier for people to access government services and welfare programs. Additionally, it aimed to reduce identity fraud and enhance the efficiency of service delivery. The Act set up the Unique Identification Authority of India (UIDAI) to oversee the issuance and management of Aadhaar numbers. It also laid out the legal guidelines and procedures for collecting and storing biometric and demographic data.

While the Aadhaar Act has received support for its potential to improve service delivery, it has also been criticized for privacy concerns and the risk of personal data misuse. Despite these concerns, Aadhaar has become a key part of India's identity verification system and is widely used across various sectors, including banking, telecommunications, and social welfare programs.

Key Features of the Aadhaar Act, 2016


Aadhaar Overview:

  • Every resident is eligible to obtain an Aadhaar number.
  • Enrollment involves providing demographic and biometric information, with the enrolling agency responsible for informing applicants about the usage of their information, the parties it may be shared with during authentication, and their right to access this information.
  • Aadhaar serves as proof of identity but does not establish citizenship or domicile.


  • The Central or State Government may mandate Aadhaar authentication to receive subsidies, benefits, or services.
  • Requesting entities must obtain consent from individuals and inform them about how their authentication information will be used.
  • Disclosed information can only be used for the purposes consented to by the individual.

Establishment & Composition of Authority:

  • The Act establishes the Unique Identification Authority of India (UIDAI) for enrollment and authentication processes.
  • The UIDAI comprises a Chairperson (part-time or full-time), two part-time members, and a Chief Executive Officer.
  • The Authority's functions include developing policies, procedures, and systems for issuing Aadhaar numbers and performing authentication. The Chairperson and members must have at least ten years of experience in fields like technology and governance.

Protection of Information:

  • The Authority must ensure the confidentiality of biometric information, using it solely for Aadhaar generation and authentication.
  • Identity information provided during authentication cannot be used for purposes other than those specified and cannot be shared without the Aadhaar holder's consent.
  • Aadhaar numbers or core biometric information cannot be publicly published, displayed, or posted, except as specified by regulations.
  • The Authority is prohibited from collecting, storing, or maintaining information about the purpose of authentication.

Unique and Randomised Aadhaar Number:

  • An Aadhaar number assigned to an individual cannot be reassigned to another person.
  • This number is randomly generated and bears no connection to the attributes or identity of the individual to whom it is assigned.
  • Eligibility for obtaining an Aadhaar number is based on residency; anyone who has lived in India for at least 182 days in the twelve months preceding the enrolment date is eligible.

Properties of the Aadhaar Number:

  • An Aadhaar number, once allocated, remains unique to the individual and is never reassigned.
  • The number is random and does not reveal any personal details about the holder.
  • Aadhaar number holders can use their numbers to verify their identities either electronically or physically, through authentication or offline verification methods.

Security Provisions:

  • The Act mandates the UIDAI to secure the identity data and authentication documents of individuals.
  • The UIDAI is responsible for protecting information stored in the Central Identities Data Repository against unauthorized access, use, disclosure, and accidental or intentional damage.

Restrictions on Sharing Personal Information:

  • Core biometric data collected under the Act cannot be shared with anyone or used for any purpose other than Aadhaar number generation and authentication.
  • Disclosure of this data is strictly limited to the purposes outlined in the Act.

Information Disclosure Conditions:

  • Information can be disclosed in the interest of national security if a Joint Secretary in the central government authorizes it, including:
    • Aadhaar number
    • Demographic details
    • Biometric data (fingerprints, iris scans, etc.)
    • Photographs
  • A court order can also mandate the disclosure of:
    • Aadhaar number
    • Photograph
    • Demographic information
Unique Identification Authority of India (UIDAI)
  • The UIDAI, established under the Aadhaar Act, 2016, is a statutory authority responsible for managing and issuing Aadhaar numbers.
  • Formed on 12 July 2016, it operates under the Ministry of Electronics and Information Technology (MeitY).
  • The UIDAI's headquarters is located in Delhi.
  • The organization is responsible for implementing authentication procedures and other related functions.
  • It is headed by a Chairperson, with a CEO and two part-time members appointed by the Central Government.

Offenses and Penalties
Entities within the Aadhaar ecosystem that fail to comply with the provisions of the Aadhaar Act, the associated rules or regulations, or directions issued by the Authority under Section 23A, or that fail to furnish any required information, documents, or reports to the Authority, will be subject to a civil penalty of up to one crore rupees per violation. In the case of an ongoing failure, an additional penalty of up to ten lakh rupees per day will be imposed for each day the failure continues after the initial contravention. For adjudication under Section 33A and the imposition of penalties, the Authority will appoint an officer of the rank of Joint Secretary to the Government of India. [Section 33B of the Act].

Anyone impersonating or attempting to impersonate another person by providing false demographic or biometric information will face imprisonment for up to three years, a fine of up to ten thousand rupees, or both. [Section 34].

Changing or attempting to change any demographic or biometric information of an Aadhaar number holder through impersonation will result in imprisonment for up to three years and a fine of up to ten thousand rupees.

Collecting identity information by pretending to be authorized to do so, when not authorized, will lead to imprisonment for up to three years, a fine of up to ten thousand rupees, or, in the case of a company, a fine of up to one lakh rupees, or both.

Unauthorized access to the centralized database carries a penalty of up to three years in prison and a minimum fine of ten lakh rupees.

Any other offenses under the Act or its associated rules and regulations, for which no specific penalty is provided, will be punishable by imprisonment for up to three years, a fine of up to twenty-five thousand rupees, or, in the case of a company, a fine of up to one lakh rupees, or both.

Does the Aadhaar Act Violate the Right to Privacy?
In the case of Justice K.S. Puttaswamy and Anr. vs. Union of India (UOI) and Ors The Supreme Court upheld the constitutionality of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act), affirming that its enactment as a Money Bill was valid, despite a dissenting opinion from Justice D.Y. Chandrachud.

The Court reviewed 27 petitions challenging various facets of the Aadhaar system. Among the issues, it assessed the legality of mandating Aadhaar for government subsidies, considering the potential exclusion of beneficiaries. The petitioners also argued that the Aadhaar Act infringed on the fundamental right to privacy by enabling the tracking and profiling of individuals, thereby creating a surveillance state.

The Court ruled that using Aadhaar for welfare schemes was constitutional and supported the mandatory linking of Aadhaar with PAN cards. However, it found the mandatory linking of Aadhaar to bank accounts unconstitutional, as it failed the test of proportionality and violated the right to privacy. Additionally, the majority judgment struck down Section 57 of the Aadhaar Act, which permitted private companies to require Aadhaar numbers for service provision.

Thus not amounting to violate right to privacy.

Supreme Court Verdict Highlights
Aadhaar and Privacy
The Supreme Court established three critical tests to safeguard individual privacy:
  1. Purpose Limitation: The Court found the expression "any purpose" to be excessively broad and susceptible to misuse. It emphasized that the purpose must be backed by law to ensure proportionality and prevent arbitrary use.
  2. Consent for Authentication: The potential for Aadhaar numbers to be collected and used for authentication based on a contract was rejected. The Court reasoned that this could coerce individuals into giving consent for unjustified purposes. It ruled that such agreements must also be legally sanctioned.
  3. Prohibition on Private Use: The Court prohibited private entities from using Aadhaar numbers for authentication purposes. Allowing this would lead to commercial exploitation of biometric and demographic data, thereby infringing on personal privacy. This decision effectively prevents companies from using Aadhaar-based e-KYC for identity verification, which had been a common practice for complying with "know your customer" (KYC) requirements.

Provisions Struck Down
The Court struck down or read down several provisions of the Aadhaar Act that failed the proportionality test, including Section 57, which allowed private entities to use Aadhaar for authentication. It also removed provisions related to the disclosure of individual data, determination of offences, and utilization of the Aadhaar ecosystem by private corporations.

Provisions Upheld
Despite these specific amendments, the Supreme Court upheld the Aadhaar Act as a whole, recognizing it as serving a legitimate state aim and being proportionate. Specifically, Section 7, which mandates Aadhaar for accessing subsidies, benefits, and services funded by the Consolidated Fund of India, was deemed valid and necessary.

In conclusion, while the Supreme Court acknowledged certain privacy concerns and made essential modifications to the Aadhaar Act, it ultimately upheld the law's overall framework as a justified exception to the right to privacy.

With the rapid expansion of digital commerce, e-payments, e-governance, government database projects, and the increasing use of information technology by both government and private sectors, there is a critical need for a robust legal framework to protect personal data from misuse and theft. This framework must ensure the highest standards of cybersecurity to safeguard data against hackers and unauthorized access.

The Aadhaar Act 2016 is a significant step towards protecting and securing the personal and sensitive biometric information (such as fingerprints, iris scans, and addresses) of over a billion Indian residents. It establishes a strong legal framework to prevent the misuse, forgery, or fraud of this data, ensuring its integrity and security.

  • :

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly