CHANDIGARH: The Union government’s draft on Personal Data Protection Bill is silent on Aadhaar and the UIDAI Act that has retrospective effect on a government database. This concern was raised by the panellists during the round table workshop on the bill draft on Tuesday.In the session that was chaired by Lt General Deependra Singh Hooda, former General Officer-in-Commanding in Chief (GOC-in-C), Northern Command, and member of the advisory board, Cyber Security Research Centre (CSRC), the panellists stated that if the data principals were expected to fully realize under this bill, Aadhaar must be brought under its scope. The report will be submitted by Cyber Security Research Centre, PEC, before September 30, 2018, which is the deadline given by the government.The report suggests a wide range of amendments to the Aadhaar Act that includes giving significant amount of power for enforcement, imposing penalties. They have proposed that the role of UIDAI will be kept limited to a data fiduciary. Otherwise, in disputes related to a data principle’s Aadhaar data there will be clear-cut conflict of interest for UIDAI to hear a matter against their own processes and functions. Hence it was recommended to bring UIDAI as well as its operations and functions under the scope of this Bill so that they can be questioned on reasonable grounds. The issue of data localization was also reised during the discussion. Panellists stated data was a national asset and would last longer than humans themselves.Lt General Hooda recommended that cross border flow of data should be allowed under model contracts. The panellists also expressed their concerns over the needs of mechanism to verify the age of the children while using different online services so as to restrict them to those that require the user to be an adult. They suggested that a virtual ID can be generated from their respective aadhaar numbers. The virtual ID only contains the details about the age of an individual. This can be used to access services only if a person is above the specified age for different services. In this way no personal data is being shared with any data fiduciary and only the age is being shared using virtual ID that cannot be tracked back to original Aadhaar data.