By Simran Jalan (firstname.lastname@example.org)
Supreme Court in the case of Justice K.S. Puttaswamy (Retd.) & Anr. V. Union of India, W.P. (Civil) 494/2012 dated September 26, 2018 (‘Aadhaar Verdict’) partially quashed section 57 of the Aadhaar Act, which dealt with use of Aadhaar by private companies or bodies corporate. Pursuant to the Aadhaar verdict, the private entities were not allowed to demand Aadhaar for establishing identity unless the same is pursuant to any law.
Consequently, it was proposed to amend the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (‘Aadhaar Act’), Indian Telegraph Act, 1885 and the Prevention of Money Laundering Act, 2002 (‘PML Act’) in line with the Supreme Court directives. In order to ensure that personal data of Aadhaar holder remains protected against any misuse and Aadhaar scheme remains in conformity with the Constitution, the Aadhaar and Other Laws (Amendment) Ordinance, 2019 (Ordinance) was passed.
In this write-up we intend to discuss the outcome of the Ordinance.
Highlights of the Ordinance
Offline verification of Aadhaar
The Ordinance has defined the term “offline verification”. Section 2 (pa) states –
“offline verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations.
It is pertinent to note that the offline modes are not specified in the regulations. However, Unique Identification Authority of India (UIDAI) had proposed two methods of using offline Aadhaar verification –
1. Using the Quick Response (QR) codes
Companies may seek the Aadhaar QR code from the customers. The same has to be download and printed by the customer and submitted to the company who shall read it using a QR code reader. Scanning of QR code, from the QR code reader will provide the name, address and photograph of the customer, without providing the Aadhaar number. A selfie provided by the customer can be used to match with the photograph of the customer available online.
2. Using paperless local e-KYC
The paperless local e-KYC involves generation of a digitally signed XML which can be stored in a laptop or phone and be communicated by the customer to the company, as and when required. Companies can receive the Aadhaar Paperless Offline e-KYC XML from the customers. The XML file provides the name, address and photograph of the customer, without providing the Aadhaar number. A selfie provided by the customer is used to match with the photograph of the customer available online and OTP validation is done against the mobile number.
Further, section 8A of the Ordinance specifies the process of offline verification to be conducted by the offline-verification seeking entity. The entity seeking offline verification must obtain the consent of the customer before performing such offline verification. The entity must also ensure that the demographic information or any other information collected from the customer is used only for the purpose of such verification.
Omission of section 57 of the Aadhaar Act
In the Aadhaar Verdict, Supreme court had struck down the last phrase in the main provision of section 57 of the Aadhaar Act., i.e. “or any contract to this effect”, which enabled fintech companies to use Aadhaar number for verifying the identity of a person for the purpose of KYC. Pursuant to this Ordinance, section 57 of the Aadhaar Act is omitted. This omission does not mean that private companies are barred from using Aadhaar to verify the identity of any customer. This ordinance has paved a way for private companies to accept Aadhaar if given voluntarily by the customers.
Amendment to the PML Act
The Ordinance provides that banking companies shall verify the identity of the customers by authentication under the Aadhaar Act or by offline verification or by use of passport or any other officially valid documents. Further distinguishing the access, the Ordinance permits only banks to authenticate identities using Aadhaar. Other reporting entities are permitted to use the offline tools for verifying the identity of customers provided they comply with the prescribed standards of privacy and security. The use of Aadhaar shall be a voluntary choice of every customer who is sought to be identified. In order to safeguard the interests of the customers, the reporting entity must inform the customer of the other alternatives available to them.
Benefit for private entities
The Supreme court Aadhaar Verdict had caused a major blow to the private entities which required Aadhaar for verification of customers. The Ordinance partially provides relief to private entities. The private entities are permitted to use Aadhaar, if provided voluntarily by the customers. The private entities may use offline modes for verification of clients.
The Aadhaar Ordinance envisages verification of customers by offline modes and it permits the private entities to take Aadhaar for verifying the identity of customers if provided voluntarily by them. The Ordinance sets out the conditions of privacy to be followed by the private entities before taking Aadhaar to ensure that the interests of the customers are safeguarded. This Ordinance provides a major relief to the private companies as they can resume their KYC by using Aadhaar through offline modes.