The government will no doubt argue that the way they have structured things in the amendments ensures there is no violation of the right to privacy, since it is on a voluntary basis, requires informed consent, and requires any authenticating entity to satisfy the UIDAI of their privacy and security standards.

But this isn’t how the amendments actually play out, for a number of reasons.

First off, the use of Aadhaar for authentication/offline verification on a voluntary basis is only specified in the new subsections being added to Section 4 of the Aadhaar Act. The specific provisions amending the Telegraph Act (which applies for telecom companies) and the PMLA (which applies for banks) do not make Aadhaar voluntary. Instead, they say that the relevant entity “shall identify” clients (ie, perform KYC) using Aadhaar, passports or other any other form of identification notified by the central government.

The option of a passport is a false choice, since only 5.15 percent or so of Indians have passports, according to MEA data, and the government’s past record on notifying other forms of identification through subordinate legislation for Aadhaar has been consistently terrible.