UIDAI makes residents’ consent mandatory for Aadhaar authentication

The Unique Identification Authority of India (UIDAI) directed all “entities” using Aadhaar authentications to obtain residents’ informed consent before beginning any such process. The Union ministry of electronics & IT (MeitY) highlighted the new UIDAI guidelines for Requesting Entities (REs) and stated that all REs that conduct online authentications will be required to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications.

“It has underlined that logs of authentication transactions including the consent taken are kept only for the period as prescribed in the Aadhaar Regulations. And purging of such logs after the expiry of the said time period shall also be done as per the Aadhaar Act and its regulations,” MeitY said.  The new regulations apply to REs who assist residents with Aadhaar authentication.

For authentication, REs are responsible for providing the Central Identities Data Repository with the Aadhaar number and demographic, and biometric OTP information. REs should be courteous to residents and reassure them of the security and confidentiality of the Aadhaar numbers, which are being used for authentication transactions, according to UIDAI, which has made this point clear.

The Authority has also advised REs to report the UIDAI right once if they notice any suspicious activity related to authentications, such as possible resident impersonation or any compromise with or fraud by any authentication operator. In general, REs shouldn’t store Aadhaar in either physical or electronic form without masking or redacting the initial 8 digits of the Aadhaar number.

The UIDAI has instructed REs only to store an Aadhaar number if they have been given permission to do so and, in the manner, specified by the UIDAI. The identifying authority has also requested that REs work with UIDAI and other organisations it has authorized for any security audits in accordance with the law and regulations, as well as establish appropriate grievance-handling mechanisms for residents.