New Delhi: Ushering in an “Aadhaar ecosystem”, Law Minister Ravi Shankar Prasad introduced the Aadhaar and Other Laws (Amendment) Bill, 2018 which allows an entity to perform Aadhaar authentication if it’s compliant with “standards of privacy and security” but fails to specify the privacy law the act would adhere to.

The bill introduced amid the Rafale ruckus in the Lok Sabha now allows an entity to perform Aadhaar authentication if that authentication is sought by Central Government in consultation with the UIDAI.

However, according to the new bill, Section 7 remains the same which states the mandatory authentication of Aadhaar number will be done if such an authentication is warranted by an act passed by the parliament.

The new bill defines “Aadhaar ecosystem”, includes enrolling agencies, Registrars, requesting entities, offline verification-seeking entities and any other entity or group of entities as may be specified by regulations.

This especially gains importance in the light of several cases that cropped up stating how enrolling agencies were taking part in fake Aadhaar card rackets which also ended up playing negatively in the court during the Aadhaar hearing.

The government has now proposed a penalty of up to Rs 1 crore on entities that violate the provisions of Aadhaar Act. There is an additional fine of Rs 10 lakh per day in case of continuous non-compliance.

Children with an Aadhaar card will have the option of opting out within a period of six months upon attaining the age of 18 and it also states that parent or guardian consent is a must for enrolling a child in the Aadhaar scheme.

However, one of the important amendments in the act states that no child to be denied any subsidy, benefits or services for the want of Aadhaar. This is important in the light of cases of starvation deaths in Jharkhand where a young girl from Simdega succumbed to hunger after she was denied ration for want of Aadhaar. This would also mean no role of Aadhaar in mid-day meal schemes, etc.

The definition of Aadhaar also includes a virtual identity which the government may issue for offline transactions.

The new bill also states punishment which has been now extended from 3 years to 10 years of imprisonment for an unauthorised access to Central Identities data repository.

The amendment comes in the light of the Supreme Court judgment from September 2018, wherein the Court had upheld the validity of the Aadhaar Act. However, it had limited the Aadhaar authentication for services, subsidy and benefits under Section 7 of the Act.

MP Saugata Roy of the Trinamool Congress, Shashi Tharoor of the Congress and NK Premchandran of the RSP opposed the introduction of the bill. However, the introduction was passed via voice vote.

“The government has announced that they will enact data protection law but where is it now?” asked Tharoor. “Aadhaar is not identification, rather it is a process of authentication as under the UIDAI.”

The original definition of Aadhaar has changed completely through the amendment, the government is getting the ultimate authority to decide everything related to identification, said Premchandran.

The Aadhaar Act, at present, does not empower the body to take enforcement action against errant entities in the Aadhaar ecosystem. The government also plans to set up a UIDAI fund under the Aadhaar Act and has proposed that the authority be exempt from taxes on income. The Supreme Court had in September last year ruled that private companies cannot demand the 12-digit unique identity for providing services.