Firms that insisting on Aadhaar for KYC face fine of up to Rs 1 crore

NEW DELHI: Telecom companies and banks insisting on Aadhaar as the sole identity and address proof, instead of allowing consumers looking to get a mobile connection or open an account to use their passport or ration card, will be liable to a penalty of up to Rs 1 crore and jail for their staffers concerned — ranging from three to 10 years.The penalties for the violation have been proposed in amendments cleared by the Union Cabinet on Monday, which also seek to give Aadhaar holders the option to use the unique ID for completing KYC formalities. Government sources say the amendments to the Indian Telegraph Act and PMLA have been done keeping in mind a Supreme Court order on Aadhaar, which says the unique ID can be compulsory only for welfare services involving public funds.The amendments require entities performing authentication to comply with standards of privacy in keeping with the law to be passed by Parliament. An exception can be made only in the case of “state interest” as prescribed by the Centre. This would, however, have to be in consonance with SC judgment.“Aadhaar is a platform that promotes good governance. The amendments protect security and privacy. They set out rules for consent in case of minor and opt-out option at age 18. There are strict punishments for any attempt to tamper with core biometrics ,” a source said.The Aadhaar biometric base is secure and cannot be accessed by agencies using the electronic authentication process, but attempts to misuse the data will invite a fine of Rs 50 lakh and a jail term extending to 10 years. The government’s move is intended to allow private firms to do Aadhaar-based authentication that uses the UIDAI servers in the light of their pleas that the SC ruling affects their business.But keeping in mind the adverse publicity over telecom firms pestering customers to link Aadhaar and cases where firms sought to store ID details for commercial use, the government has set out several red lines.There is a fine of Rs 10,000 and a three-year prison term for failure to obtain consent before collecting information for authentication and the penalty clauses also apply to offline verification through QR codes. Unauthorised publication of ID or photograph can mean a fine between Rs 10,000 and Rs 1 lakh.