“Government Proposes New Aadhaar Legislation to Align with DPDP Act”

blog“Government Proposes New Aadhaar Legislation to Align with DPDP Act”
Category
blog
Date Posted
April 14, 2025
/
0 Comment

Context: The government is considering amendments to the Aadhaar Act to align it with the Digital Personal Data Protection (DPDP) Act, 2023.

🛑 Why is a New Aadhaar Law Needed?

📜 1. Limitations of the Original Aadhaar Act (2016)

  • Designed in a pre-horizontal privacy era.

  • Focused primarily on:

    • Identity authentication

    • Welfare delivery

  • Lacked a comprehensive data protection framework, especially regarding:

    • User consent

    • Purpose limitation

    • Data minimisation

🔐 2. Introduction of Horizontal Privacy through DPDP Act, 2023

  • The Digital Personal Data Protection (DPDP) Act, 2023 brings:

    • Uniform privacy standards for both public and private sectors

    • Consent-based data processing

    • Strict penalties for data breaches

    • Clear responsibilities for data fiduciaries

📘 Implications of a Revised Aadhaar Law

1. Alignment with DPDP Principles

  • The new law will incorporate:

    • Consent-based data usage

    • Data minimisation

    • Purpose limitation

    • Storage limitation

  • Example:
    While Aadhaar currently requires consent for enrollment/authentication, in practice it’s often mandated for services like:

    • Bank accounts

    • SIM cards

    • School admissions
      This violates the DPDP Act, which requires consent to be free, specific, informed, and unambiguous.

👤 2. Enhanced User Rights

  • Citizens will gain rights to:

    • Access their Aadhaar data

    • Correct inaccuracies

    • Request erasure

  • Stronger grievance redressal mechanisms will be aligned with the DPDP framework.

🧑‍💻 3. Enhanced User-Centricity

  • Aims to reduce:

    • Repeated consent/authentication burdens

    • Inconvenience in accessing services

  • Prioritises user convenience and control over their personal data.

🔒 4. Security & Accountability

  • Clear accountability measures for data fiduciaries, including:

    • Banks

    • Telecom providers

    • Government welfare agencies

  • Stronger mechanisms to prevent data leaks and misuse.

📉 5. Data Minimisation

  • DPDP Act requires collecting only necessary data.

  • Aadhaar, by default, collects sensitive biometric data, which may be excessive for certain services.

  • New law may bring greater scrutiny to such practices.

⚖️ 6. Resolve Conflicts Between Aadhaar Act & DPDP Act

  • Purpose Limitation Conflict:

    • Aadhaar Act allows data usage for government-notified purposes.

    • DPDP mandates that data be used only for the purpose consented to.

    • Risk of Aadhaar data being reused (e.g., for profiling/surveillance) without fresh consent.

  • Right to Erasure Conflict:

    • DPDP Act allows individuals to erase or correct their data fully.

    • Aadhaar Act permits only limited updates (e.g., address/phone), but not deletion of biometric data.

    • This creates a legal mismatch regarding data ownership and rights.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Story

Next Story

Scroll to top