Is Aadhaar Amendment Bill Meant to Save Indian Fintech Firms?

The Union Government is attempting to enable corporations to use Aadhaar again. This time it is not through amending the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, but rather through two other legislations, the Prevention of Money Laundering Act (PMLA) and the Indian Telegraph Act. This move directly contradicts the Supreme Court’s verdict on September 26, 2018 where they reduced the scope of Aadhaar verification and seeding to only benefits, subsidies and services and Permanent Account Numbers (PAN) for filing income tax returns.

The proposed amendments to the Acts provide for three methods for establishing a customer’s identity; Aadhaar, passport, and “any other officially valid document or modes of identification as may be notified by the Central Government in this behalf”. However, the third option depends on what documents will be notified. So, until such a notification is made under the new section 11A the only non-Aadhaar option available is a passport, which is a document not every citizen possesses.

Also Read | Aadhaar is Creeping Back Despite Supreme Court’s Judgement

Both these amendments repeat that the requirement of Aadhaar is completely voluntary. However, in the amendment to the PMLA, the Central government can empower a requesting entity – other than a banking company – to use Aadhaar verification provided that it complies with the standards of privacy and security under the Aadhaar Act. This would mean that financial institutions and intermediaries such as the Bhim App can still use Aadhaar.

The amendments also bar the agencies from storing ‘core biometric information’ and the Aadhaar number. This, however, leads to a strange situation since the Aadhaar Amendment Bill has incorporated two types of Aadhaar authentication; online and offline. An online verification would presumably require the use of biometrics or a one-time password.

The offline verification however, as per the proposed amendment, “means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations”. This would possibly involve a copy of one’s Aadhaar card. In which case, the entity tasked with identifying its customer invariably would end up storing the Aadhaar number.

Also Read | Aadhaar Goes Back to Court

The problem with the proposed amendments lies in the Supreme Court’s Judgement on the Act last year. Referring to section 57 of the Act – which is proposed to be deleted by the amendment – the main judgement stated; “the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals. This part of the section, thus, is declared unconstitutional.”

This provision allowed for the seeding of Aadhaar with mobile numbers and bank account numbers, which the government through notifications tried desperately hard to make mandatory. Following the Supreme Court’s decision, Union Finance Minister Arun Jaitley and Union Minister for Electronics and Information Technology as well as Law and Justice, Ravishankar Prasad, to made public statements regarding the impact on the financial technology (fintech) companies. Prasad reportedly told the fintech companies not to ‘panic’. This was the first hint that discussions were underway to help the fintech companies to continue using Aadhaar.

Also Read | A Bad Precedent for Money Bills

The judgement effectively shut down the Aadhaar Enabled Payment Systems (AEPS) which had grown with the proliferation of smart phone applications like BhimApp and Aadhaar Pay. However, the Unique Identification Authority of India (UIDAI) did not issue any directions to uphold the Judgement by shutting down Aadhaar’s use for services provided by the private sector.

The proposed amendments should not come as a surprise considering that no announcements were made regarding destroying the Aadhaar information already in the hands of the private sector. The only saving grace this time is that the Aadhaar number cannot be stored. However, how this can be complied with in an offline mode of authentication remains to be seen.