AS INTRODUCED IN LOK SABHA

Bill No. 261 of 2018

THE AADHAAR AND OTHER LAWS (AMENDMENT) BILL, 2018

A

BILL

to amend the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and further to amend the Indian Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002.

BE it enacted by Parliament in the Sixty-ninth Year of the Republic of India as follows:—

PART I

PRELIMINARY

1. Short title and commencement.

(1) This Act may be called the Aadhaar and Other Laws (Amendment) Act, 2018.

(2) It shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint; and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the commencement of that provision.

PART II
AMENDMENTS TO THE AADHAAR (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES,
BENEFITS AND SERVICES) ACT, 2016

2. Amendment of section 2

In section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (hereafter in this Part referred to as the principal Act),—

(i) for clause (a), the following clause shall be substituted, namely:—

‘(a) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3, and includes any alternative virtual identity generated under sub-section (4) of that section;’;

(ii) after clause (a), the following clause shall be inserted, namely:—

‘(aa) “Aadhaar ecosystem” includes enrolling agencies, Registrars, requesting entities, offline verification-seeking entities and any other entity or group of entities as may be specified by regulations;’;

(iii) after clause (b), the following clauses shall be inserted, namely:—

‘(ba) “Adjudicating Officer” means an adjudicating officer appointed under sub-section (1) of section 33B;

(bb) “Appellate Tribunal” means the Appellate Tribunal referred to in sub-section (1) of section 33C;’;

(iv) after clause (i), the following clause shall be inserted, namely:—

‘(ia) “child” means a person who has not completed eighteen years of age;’;

(v) after clause (p), the following clauses shall be inserted, namely:—

‘(pa) “offline verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations;

(pb) “offline verification-seeking entity” means any entity desirous of undertaking offline verification of an Aadhaar number holder;’.

3. Amendment of section 3.

In section 3 of the principal Act, after sub-section (3), the following sub-section shall be inserted, namely:—

“(4) The Aadhaar number issued to an individual under sub-section (3) shall be a twelve-digit identification number and any alternative virtual identity as an alternative to the actual Aadhaar number of an individual that shall be generated by the Authority in such manner as may be specified by regulations.”.

4. Insertion of new section 3A.

After section 3 of the principal Act, the following section shall be inserted, namely:—

Aadhaar number of children.

“3A.(1) The enrolling agency shall, at the time of enrolment of a child, seek the consent of the parent or guardian of the child, and inform the parent or guardian, the details specified under sub-section (2) of section 3.

(2) A child who is an Aadhaar number holder may, within a period of six months of attaining the eighteen years of age, make an application to the Authority for cancellation of his Aadhaar number, in such manner as may be specified by regulations and the Authority shall cancel his Aadhaar number.

(3) Notwithstanding anything in section 7, a child shall not be denied any subsidy, benefit or service under that section in case of failure to establish his identity by undergoing authentication, or furnishing proof of possession of Aadhaar number, or in the case of a child to whom no Aadhaar number has been assigned, producing an application for enrolment.”.

5. Amendment of section 4.

In section 4 of the principal Act, for sub-section (3), the following sub-sections shall be substituted, namely:—

“(3) Every Aadhaar number holder to establish his identity, may voluntarily use his Aadhaar number in physical or electronic form by way of authentication or offline verification, or in such other form as may be notified, in such manner as may be specified by regulations.

Explanation.—For the purposes of this Section, voluntary use of the Aadhaar number by way of authentication means the use of such Aadhaar number only with the informed consent of the Aadhaar number holder.

(4) An entity may be allowed to perform authentication, if the Authority is satisfied that the requesting entity is—

(a) compliant with such standards of privacy and security as may be specified by regulations; and

(b) (i) permitted to offer authentication services under the provisions of any other law made by Parliament; or

(ii) seeking authentication for such purpose, as the Central Government in consultation with the Authority, and in the interest of State, may prescribe.

(5) The Authority may, by regulations, decide whether a requesting entity shall be permitted the use of the actual Aadhaar number during authentication or only an alternative virtual identity.

(6) Every requesting entity to whom an authentication request is made by an Aadhaar number holder under sub-section (3) shall inform to the Aadhaar number holder of alternate and viable means of identification and shall not deny any service to him for refusing to, or being unable to, undergo authentication.

(7) Notwithstanding anything contained in the foregoing provisions, mandatory authentication of an Aadhaar number holder for the provision of any service shall take place if such authentication is required by a law made by Parliament.”.

6. Amendment of section 8.

In section 8 of the principal Act,—

(a) in sub-section (2),—

(i) in clause (a), after the words “consent of an individual”, the words “, or in the case of a child obtain the consent of his parent or guardian” shall be inserted;

(ii) after clause (b), the following proviso shall be inserted, namely:—

“Provided that the requesting entity shall, in case of failure to authenticate due to illness, injury or infirmity  wing to old age or otherwise or any technical or other reasons, provide such alternate and viable means of identification of the individual, as may be specified by regulations.”;

(b) in sub-section (3), after the words “for authentication,”, the words “or in the case of a child, his parent or guardian” shall be inserted.

7. Insertion of new section 8A.

After section 8 of the principal Act, the following section shall be inserted, namely:—

Offline verification of Aadhaar number.

“8A.(1) Every offline verification of an Aadhaar number holder shall be performed in accordance with the provisions of this section.

(2) Every offline verification-seeking entity shall,—

(a) before performing offline verification, obtain the consent of an individual, or in the case of a child, his parent or guardian, in such manner as may be specified by regulations; and

(b) ensure that the demographic information or any other information collected from the individual for offline verification is only used for the purpose of such verification.

(3) An offline verification-seeking entity shall inform the individual undergoing offline verification, or in the case of a child, his parent or guardian the following details with respect to offline verification, in such manner as may be specified by regulations, namely:—

(a) the nature of information that may be shared upon offline verification;

(b) the uses to which the information received during offline verification may be put by the offline verification-seeking entity; and

(c) alternatives to submission of information requested for, if any.

(4) No offline verification-seeking entity shall—

(a) subject an Aadhaar number holder to authentication;

(b) collect, use, or store an Aadhaar number or biometric information of any individual for any purpose;

(c) take any action contrary to any obligation on it as may be specified by regulations.”.

8. Substitution of new section for section 21.

For section 21 of the principal Act, the following section shall be substituted, namely:—

Officers and other employees of Authority.

“21. (1) The Authority shall appoint such officers and employees as may be required for the discharge of its functions under this Act.

(2) The salaries and allowances payable to, and the other terms and conditions of service of, the officers and employees of the Authority shall be such as may be specified by regulations.”.

9. Insertion of new section 23A.

After section 23 of the principal Act, the following section shall be inserted, namely:—

“23A. (1) The Authority may for the discharge of its functions under this Act, or any rules or regulations made thereunder, by order, issue such directions from time to time to any entity in the Aadhaar ecosystem, as it may consider necessary.

(2) Every direction issued under sub-section (1) shall be complied with by the entity in the Aadhaar ecosystem to whom such direction is issued.”.

10. Substitution of new section for section 25.

For section 25 of the principal Act, the following section shall be substituted, namely:—

Fund

“25. (1) There shall be constituted a Fund to be called the Unique Identification Authority of India Fund and there shall be credited thereto—

(a) all grants, fees and charges received by the Authority under this Act; and

(b) all sums received by the Authority from such other sources as may be decided upon by the Central Government.

(2) The Fund shall be applied for meeting—

(a) the salaries and allowances payable to the Chairperson and members and administrative expenses including the salaries, allowances and pension payable to or in respect of officers and other employees of the Authority; and

(b) the expenses on objects and for purposes authorised by this Act.”.

11. Amendment of section 29.

In section 29 of the principal Act,—

(a) for sub-section (3), the following sub-section shall be substituted, namely:—

“(3) No identity information available with a requesting entity or offline verification-seeking entity shall be—

(a) used for any purpose, other than the purposes informed in writing to the individual at the time of submitting any information for authentication or offline verification; or

(b) disclosed for any purpose, other than purposes informed in writing to the individual at the time of submitting any information for authentication or offline verification:

Provided that the purposes under clauses (a) and (b) shall be in clear and precise language understandable to the individual.”;

(b) in sub-section (4), for the words “or core biometric information”, the words “, demographic information or photograph” shall be substituted.

12. Amendment of section 33.

In section 33 of the principal Act,—

(i) in sub-section (1),—

(a) for the words “District Judge”, the words “Judge of a High Court” shall be substituted;

(b) in the proviso, after the words “hearing to the Authority”, the words “and the concerned Aadhaar number holder” shall be inserted;

(c) after the proviso, the following proviso shall be inserted, namely:—

“Provided further that the core biometric information shall not be disclosed under this sub-section.”.

(ii) in sub-section (2), for the words “Joint Secretary”, the word “Secretary” shall be substituted.

13. Insertion of new Chapter VIA.

After Chapter VI of the principal Act, the following Chapter shall be inserted, namely:—

“CHAPTER VIA
CIVIL PENALTIES

Penalty for failure to comply with provisions of this Act, rules, regulations and directions.

33A. (1) Where an entity in the Aadhaar ecosystem fails to comply with the provision of this Act, the rules or regulations made thereunder or directions issued by the Authority under section 23A, or fails to furnish any information, document, or return of report required by the Authority, such entity shall be liable to a civil penalty which may extend to one crore rupees for each contravention and in case of a continuing failure, with additional penalty which may extend to ten lakh rupees for every day during which the failure continues after the first contravention.

(2) The amount of any penalty imposed under this section, if not paid, may be recovered as if it were an arrear of land revenue.

Power to adjudicate.

33B. (1) For the purposes of adjudication under section 33A and imposing a penalty thereunder, the Authority shall appoint an officer of the Authority, who is not below the rank of a Joint Secretary to the Government of India and possessing such qualification and experience as may be prescribed, to be an Adjudicating Officer for holding an inquiry in such manner as may be prescribed.

(2) No inquiry under sub-section (1) shall be initiated except by a complaint made by the Authority.

(3) While holding an inquiry, the Adjudicating Officer shall—

(a) provide the entity in the Aadhaar ecosystem against whom complaint is made, an opportunity of being heard;

b) have the power to summon and enforce the attendance of any person acquainted with the facts and circumstances of the case to give evidence or to produce any document which, in the opinion of the Adjudicating Officer, may be useful for or relevant to the subject matter of the inquiry.

(4) If the Adjudicating Officer, on such inquiry, is satisfied that the entity in the Aadhaar ecosystem has failed to comply with any provision of this Act or the rules or regulations made thereunder or directions issued by the Authority under section 23A, or has failed to furnish any information, document, or return of report required by the
Authority, the Adjudicating Officer may, by order, impose such penalty under section 33A as he thinks fit.

Appeals to Appellate Tribunal.

33C. (1) The Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997, shall be the Appellate Tribunal for the purposes of hearing appeals against the decision of the Adjudicating Officer under this Act.

(2) A person or entity in the Aadhaar ecosystem aggrieved by an order of the Adjudicating Officer under section 33B, may prefer an appeal to the Appellate Tribunal within a period of forty-five days from the date of receipt of the order appealed against, in such form and manner and accompanied with such fee as may be prescribed:

Provided that the Appellate Tribunal may entertain an appeal after the expiry of the said period of forty-five days if it is satisfied that there was sufficient cause for not filing it within that period.

(3) On receipt of an appeal under sub-section (2), the Appellate Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders thereon as it thinks fit, confirming, modifying or setting aside the order appealed against.

(4) The Appellate Tribunal shall send a copy of every order made by it to the parties to the appeal and to the Adjudicating Officer.

(5) Any appeal filed under sub-section (2) shall be dealt with by the Appellate Tribunal as expeditiously as possible and every endeavour shall be made by it to dispose of the appeal within six months from the date on which it is presented to it.

(6) The Appellate Tribunal may, for the purpose of deciding an appeal before it, call for the records relevant to disposing of such appeal and make such orders as it thinks fit.

Procedure and powers of the Appellate Tribunal.

33D. The provisions of sections 14-I to 14K (both inclusive), 16 and 17 of the Telecom Regulatory Authority of India Act, 1997 shall, mutatis mutandis, apply to the Appellate Tribunal in the discharge of its functions under this Act, as they apply to it in the discharge of its functions under that Act.

Appeal to Supreme Court of India.

33E. (1) Notwithstanding anything contained in the Code of Civil Procedure, 1908 or in any other law for the time being in force, an appeal shall lie against any order, not being an interlocutory order, of the Appellate Tribunal to the Supreme Court on any substantial question of law arising out of such order.

(2) No appeal shall lie against any decision or order made by the Appellate Tribunal which the parties have consented to.

(3) Every appeal under this section shall be preferred within a period of forty-five days from the date of the decision or order appealed against:

Provided that the Supreme Court may entertain an appeal after the expiry of the said period of forty-five days if it is satisfied that there was sufficient cause for not filing it within that period.

Civil court not to have jurisdiction.

33F. No civil court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an Adjudicating Officer appointed under this Act or the Appellate Tribunal is empowered, by or under this Act to determine, and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act.”.

14. Amendment of section 38

In section 38 of the principal Act, for the words “three years”, the words “ten years” shall be substituted.

15. Amendment of section 39

In section 39 of the principal Act, for the words “three years”, the words “ten years” shall be substituted.

16. Substitution of new section for section 40

For section 40 of the principal Act, the following section shall be substituted, namely:—

Penalty for unauthorised use by requesting entity or offline verificationseeking entity

“40. Whoever,—

(a) being a requesting entity, uses the identity information of an individual in contravention of sub-section (2) of section 8; or

(b) being an offline verification-seeking entity, uses the identity information of an individual in contravention of sub-section (2) of section 8A, shall be punishable with imprisonment which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.”.

17. Amendment of section 42.

In section 42 of the principal Act, for the words “one year”, the words “three years” shall be substituted.

18. Amendment of section 47.

In section 47 of the principal Act, in sub-section (1), the following proviso shall be inserted, namely:—

“Provided that the court may, on a complaint made by an Aadhaar number holder or individual take cognizance of any offence punishable under section 34 or 35 or 36 or 37 or 40 or section 41.”.

19. Insertion of new section 50A.

After section 50 of the principal Act, the following section shall be inserted, namely:—

“50A. Notwithstanding anything contained in the Income Tax Act, 1961 or any other enactment for the time being in force relating to tax on income, profits or gains, the Authority shall not be liable to pay income tax or any other tax in respect of its income, profits or gains.”.

20. Amendment of section 51

In section 51 of the principal Act, for the words “Member, officer”, the words “Member or officer” shall be substituted.

21. Amendment of section 53.

In section 53 of the principal Act, in sub-section (2),—

(i) after clause (a) the following clause shal be inserted, namely:—

“(aa) the purpose for which the requesting entity may be allowed by the Authority to perform authentication under sub-clause (ii) of clause (b) of sub-section (4) of section 4;” ;

(ii) after clause (g), the following clauses shall be inserted, namely:—

“(ga) the qualification and experience of, and the manner of appointment of, the Adjudicating Officer under sub-section (1) of section 33B;

(gb) the form, manner, and fee for an appeal to be filed under sub-section (2) of section 33D;”.

22. Amendment of section 54.

In section 54 of the principal Act, in sub-section (2),—

(i) for clause (a), the following clause shall be substituted, namely:—

“(a) the entities or group of entities in the Aadhaar ecosystem under clause (aa), the biometric information under clause (g) and the demographic information under clause (k), the process of collecting demographic information and biometric information from the individuals by enrolling agencies under clause (m), and the modes of offline verification of Aadhaar number holder under clause (pa) of section 2;”;

(ii) after clause (b), the following clauses shall be inserted, namely:—

“(ba) the manner of generating an alternative virtual identity under sub-section (4) of section 3;

(bb) the manner in which cancellation of an Aadhaar number may be carried out under sub-section (2) of section 3A.”;

(iii) after clause (c), the following clauses shall be inserted, namely:—

“(ca) standards of privacy and security to be complied with by the requesting entities under sub-section (4) of section 4;

(cb) the classification of requesting entities under sub-section (5) of section 4;”;

(iv) after clause (f), the following clauses shall be inserted, namely:—

“(fa) the alternate and viable means of identification of individual under the proviso to clause (b) of sub-section (2) of section 8;

(fb) the manner of obtaining consent under clause (a) of sub-section (2), the manner of providing information to the individual undergoing offline verification under sub-section (3), and the obligations of offline verification-seeking entities under clause (c) of sub-section (4), of section 8A;”.

23. Omission of section 57.

Section 57 of the principal Act shall be omitted.

PART III

AMENDMENT TO THE INDIAN TELEGRAPH ACT, 1885

(13 OF 1885)

24. Amendment of section 4 of Act 13 of 1885

In section 4 of the Indian Telegraph Act, 1885, after sub-section (2), the following sub-sections shall be inserted, namely:—

‘(3) Any person who is granted a license under the first proviso to sub-section (1) to establish, maintain or work a telegraph within any part of India, shall identify any person to whom it provides its services by—

(a) authentication under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; or

(b) offline verification under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; or

(c) use of passport issued under section 4 of the Passports Act, 1967; or

(d) use of any other officially valid document or modes of identification as may be notified by the Central Government in this behalf.

(4) If any person who is granted a license under the first proviso to sub-section (1) to establish, maintain or work a telegraph within any part of India is using authentication under clause (a) of sub-section (3) to identify any person to whom it provides its services, it shall make the other modes of identification under clauses (b) to (d) of sub-section (3) also available to such person.

(5) The use of modes of identification under sub-section (3) shall be a voluntary choice of the person who is sought to be identified and no person shall be denied any service for not having an Aadhaar number.

(6) If, for identification of a person, authentication under clause (a) of sub-section (3) is used, neither his core biometric information nor the Aadhaar number of the person shall be stored.

(7) Nothing contained in sub-sections (3), (4) and (5) shall prevent the Central Government from specifying further safeguards and conditions for compliance by any person who is granted a license under the first proviso to sub-section (1) in respect of identification of person to whom it provides its services.

Explanation.—The expressions “Aadhaar number” and “core biometric information” shall have the same meanings as are respectively assigned to them in clauses (a) and (j) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.’.

PART IV
AMENDMENT TO THE PREVENTION OF MONEY-LAUNDERING ACT, 2002
(15 OF 2003)

25. Insertion of new section 11A.

In Chapter IV of the Prevention of Money-laundering Act, 2002 (hereafter in this Part, referred to as the principal Act), before section 12, the following section shall be inserted, namely:—

Verification of Identity by Reporting Entity.

‘11A. (1) Every Reporting Entity shall verify the identity of its clients and the beneficial owner, by—

(a) authentication under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 if the reporting entity is a banking company; or

(b) offline verification under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; or

(c) use of passport issued under section 4 of the Passports Act, 1967; or

(d) use of any other officially valid document or modes of identification as may be notified by the Central Government in this behalf:

Provided that the Central Government may, if satisfied that a reporting entity other than banking company, complies with such the standards of privacy and security under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and it is necessary and expedient to do so, by notification, permit such entity to perform authentication under clause (a):

Provided further that no notification under the first proviso shall be issued without consultation with the Unique Identification Authority of India established under sub-section (1) of section 11 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and the appropriate regulator.

(2) If any reporting entity performs authentication under clause (a) of sub-section (1), to verify the identity of its client or the beneficial owner it shall make the other modes of identification under clauses (b), (c) and (d) of sub-section (1) also available to such client or the beneficial owner.

(3) The use of modes of identification under sub-section (1) shall be a voluntary choice of every client or beneficial owner who is sought to be identified and no client or beneficial owner shall be denied services for not having an Aadhaar number.

(4) If, for identification of a client or beneficial owner, authentication or offline verification under clause (a) or clause (b) of sub-section (1) is used, neither his core biometric information nor his Aadhaar number shall be stored.

(5) Nothing in this section shall prevent the Central Government from notifying additional safeguards on any reporting entity in respect of verification of the identity of its client or beneficial owner.

Explanation.—The expressions “Aadhaar number” and “core biometric information” shall have the same meanings as are respectively assigned to them in clauses (a) and (j) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.’.

26. Amendment of section 12.

In section 12 of the principal Act, in sub-section (1), clauses (c) and (d) shall be omitted.

27. Amendment of section 73.

In section 73 of the principal Act, in sub-section (2), clauses (j) and (jj) shall be omitted.

STATEMENT OF OBJECTS AND REASONS

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the Aadhaar Act) was enacted to provide for good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals and for matters connected therewith or incidental thereto.

2. On 27th July, 2018 the Committee of Experts chaired by Justice (Retd.) B. N. Srikrishna submitted its report “A free and fair Digital Economy : Protecting Privacy, Empowering Indians” regarding various issues related to data protection along with a draft Personal Data Protection Bill and also suggested certain amendments to the Aadhaar Act.

3. The Constitution Bench of the Supreme Court, in its judgment dated the 24th August, 2017 in W.P. 494 of 2012 – Justice K.S. Puttaswamy (Retd.) and another vs UOI and others declared privacy as a fundamental right under article 21 of the Constitution. Further, the Supreme Court vide its judgment dated the 26th September, 2018 has upheld the
constitutional validity of the Aadhaar Act, with certain restrictions and changes, such as obtaining consent of parent or guardian in case of enrolment of children, providing option to children to cancel their Aadhaar number on attaining the age of eighteen years, providing for informed consent for authentication and limiting the authentication only to purposes permitted by law.

4. With over 122 crore Aadhaar numbers having been issued and with the widespread use of Aadhaar as a proof of identity for various purposes by the Government of India, State Governments and other entities, it is essential to have a regulatory framework for the operation of Aadhaar. The Authority, therefore, must have powers similar to that of a regulator for taking enforcement actions. The Aadhaar Act, in its present form, does not empower the Authority to take enforcement action against errant entities in the Aadhaar ecosystem. This needs to be addressed with a view to protect privacy and also to ensure the autonomy of the Authority.

5. It is, therefore, proposed to amend the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002. The salient features of the Bill are as follows—

(a) to provide for twelve-digit Aadhaar number and its alternate numbers to be generated by the Authority in such manner as may be specified by regulations to conceal the actual Aadhaar number of an individual;

(b) to give an option to children who are Aadhaar number holders to cancel their Aadhaar number on attaining the age of eighteen years;

(c) to provide for voluntary use of Aadhaar number in physical or electronic form by authentication or offline verification or any other mode which may be notified by the Central Government;

(d) authentication of offline verification of Aadhaar number can be performed only with the informed consent of the Aadhaar number holder;

(e) prevention of denial of services for refusing to, or being unable to, undergo authentication;

(f) to permit the entities performing authentication only when they are compliant with the standards of privacy and security specified by the Authority; and the authentication is permitted under any law made by Parliament or the authentication is for such purpose, as the Central Government may, in consultation with the Authority
and in the interest of State, prescribe;

(g) to lay down the procedure for offline verification of an Aadhaar number holder;

(h) to confer power upon the Authority to give such directions as it may consider necessary to any entity in Aadhaar ecosystem;

(i) for establishment of Unique Identification Authority of India Fund;

(j) to enhance the restrictions on sharing of information by requesting entity and offline verification-seeking entity;

(k) to provide for civil penalties, its adjudication, appeal thereof and realisation of the sum of penalty as arrear of land revenue;

(l) to omit section 57 of the Aadhaar Act relating to use of Aadhaar by private entities;

(m) to allow the use of Aadhaar number for authentication on voluntary basis as acceptable KYC document under the Telegraph Act, 1885 and the Prevention of Money-laundering Act, 2002.

6. The notes on clauses explain in detail the various provisions of the Bill.

7. The Bill seeks to achieve the above objects.

RAVI SHANKAR PRASAD

NEW DELHI;

The 22nd December, 2018.

Notes on Clauses

Clause 1.—This clause seeks to provide for short title and commencement of the Act.

Clause 2.—This clause seeks to amend section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the Aadhaar Act) relating to definitions so as to provide for new definitions of certain expressions used in the Bill, which, inter alia, include the definitions of “Aadhaar number”, “Aadhaar ecosystem”, “Adjudication Officer”, “Appellate Tribunal”, “child”, “offline verification” and “offline verification seeking entity”.

Clause 3.—This clause seeks to amend section 3 of the Aadhaar Act relating to Aadhaar number so as to insert a new sub-section (4) therein providing for “any alternative virtual identity generated by the Authority” within the meaning of Aadhaar number.

Clause 4.—This clause seeks to insert a section 3A in the Aadhaar Act which provides for “Aadhaar number of Children”.

Clause 5.—This clause seeks to amend section 4 of the Aadhaar Act relating to properties of Aadhaar number so as to substitute sub-section (3) thereof with five new sub-sections which provide for voluntary use of Aadhaar number, conditions under which entities can perform authentication, classification of entities into those that can use Aadhaar
number and those that can use only alternative virtual identity, offering alternate and viable means of identification and condition for mandatory authentication.

Clause 6.—This clause seeks to amend section 8 of the Aadhaar Act relating to authentication of Aadhaar number so as to amend sub-sections (2) and (3) to provide for the requirement of obtaining the consent of the parent or guardian before authenticating the Aadhaar number issued to a child.

Clause 7.—This clause seeks to insert a new section 8A in the Aadhaar Act so as to provide for offline verification of Aadhaar number.

Clause 8.—This clause seeks to substitute section 21 of the Aadhaar Act relating to officers and other employees of Authority so as to provide for appointment of officers and other employees by the Authority.

Clause 9.—This clause seeks to insert a new section 23A to the Aadhaar Act relating to power of Authority to issue directions. It provides that the Authority may issue directions to the entities in the Aadhaar ecosystem for the discharge of its functions under the Act.

Clause 10.—This clause seeks to substitute section 25 of the Aadhaar Act to provide for constitution of a Unique Identification Authority of India Fund.

Clause 11.—This clause seeks to amend section 29 of the Aadhaar Act relating to restriction on sharing information. It substitutes sub-sections (3) and (4) thereof so as to provide that identity information is not used for any other purpose.

Clause 12.—This clause seeks to amend section 33 of the Aadhaar Act relating to disclosure of information in certain cases. It seeks to amend sub-sections (1) and (2) thereof, inter alia, to provide the individual, whose information is sought to be released, an opportunity of hearing and stepping up disclosure permissions to higher levels.

Clause 13.—This clause seeks to insert a new Chapter VIA in the Aadhaar Act so as to provide for civil penalties. The proposed new section 33A provides for civil penalty which may extend to one crore rupees for each contravention, for failure to comply with provisions of the Act, rules, regulations and directions by any entity in the Aadhaar ecosystem. The proposed new section 33B provides for appointment of an Adjudicating Officer by the Authority and the procedure and powers of such officer. The proposed new section 33C  provides that the Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997 as the Appellate Tribunal under the Act for hearing of appeals against the order of the Adjudicating Officer. The proposed
new section 33D lays down the procedures and powers of the Appellate Tribunal. The proposed new section 33E provides for appeal to the Supreme Court against the orders of the Appellate Tribunal. The proposed new section 33F provides for cases where civil court shall not have jurisdiction.

Clause 14.—This clause seeks to amend section 38 of the Aadhaar Act relating to penalty for unauthorised access to the Central Identities Data Repository so as to enhance the punishment from three years to ten years.

Clause 15.—This clause seeks to amend section 39 of the Aadhaar Act relating to penalty for tampering with data in Central Identities Data Repository so as to enhance the punishment from three years to ten years.

Clause 16.—This clause seeks to substitute section 40 of the Aadhaar Act relating to penalty for unauthorised use by requesting entity so as to provide for penalty for unauthorised use by requesting entity and offline verification-seeking entity.

Clause 17.—This clause seeks to amend section 42 of the Aadhaar Act relating to general penalty so as to enhance the punishment from one year to three years.

Clause 18.—This clause seeks to amend section 47 of the Aadhaar Act relating to cognizance of offences so as to insert a new proviso therein to provide that the Aadhaar number holder or an individual may also file a complaint and initiate proceedings in respect of any offence punishable under section 34, 35, 36, 37, 40 or 41 of the principal Act.

Clause 19.—This clause seeks to insert a new section 50A in the Aadhaar Act relating to exemption from tax on income so as to exempt the Authority from tax on income, profits or gains.

Clause 20.—This clause seeks to amend section 51 of the Aadhaar Act relating to delegation so as to substitute the words “Member, officer” with “Member or officer”.

Clause 21.—This clause seeks to amend section 53 of the Aadhaar Act relating to power of Central Government to make rules so as to inserts new clauses in sub-section (2) providing for rules on certain matters proposed under the Bill.

Clause 22.—This clause seeks to amend section 54 of the Aadhaar Act relating to power of the Authority to make regulations so as to insert new clauses in sub-section (2) providing for regulations on certain matters proposed under the Bill.

Clause 23.—This clause seeks to omit section 57 of the Aadhaar Act relating to Act not to prevent use of Aadhaar number for other purposes under law.

Clause 24.—This clause seeks to amend section 4 of the Indian Telegraph Act, 1885 relating to exclusive privilege in respect of telegraphs, and power to grant licenses so as to insert therein new sub-sections (3), (4), (5), (6) and (7) to provide for the use of Aadhaar authentication and offline verification on voluntary basis besides other modes for
identification, of persons who receive services from a licensee.

Clause 25.—This clause seeks to insert a new section 11A under Chapter 4 relating to obligations of banking companies, financial institutions and intermediaries to the Prevention of Money-laundering Act, 2002 (the PML Act) so as to provide for the use of Aadhaar authentication and offline verification on voluntary basis besides other modes for verification of identity of a client or beneficial owner by a reporting entity.

Clause 26.—This clause seeks to amend section 12 of the PML Act relating to reporting entity to maintain records so as to omit clauses (c) and (d) of sub-section (1) thereof.

Clause 27.—This clause seeks to amend section 73 of the PML Act relating to power to make rules so as to omit clauses (j) and (jj) of sub-section (2) thereof.

MEMORANDUM REGARDING DELEGATED LEGISLATION

Clause 21 of the Bill seeks to amend section 53 of the Act which confers power upon the Central Government to make rules providing for— (i) the purpose for which the requesting entity may be allowed to perform authentication under sub-clause (ii) of clause (b) of sub-section (4) of section 4; (ii) the qualification and experience of, and the manner of appointment of, the Adjudicating Officer under sub-section (1) of section 33B; and (iii) the form, manner, and fee for an appeal to be filed under sub-section (2) of section 33D.

2. Clause 22 of the Bill seeks to amend section 54 the Act which confers power upon the Authority to make regulations providing for— (i) the entities or group of entities in the Aadhaar ecosystem under clause (aa), the biometric information under clause (g) and the demographic information under clause (k), the process of collecting demographic information and biometric information from the individuals by enrolling agencies under clause (m), and the modes of offline verification of Aadhaar number holder under clause (pa) of section 2; (ii) the manner of generating an alternative virtual identity under sub-section (4) of section 3; (iii) the manner in which cancellation of an Aadhaar number may be carried out under sub-section (2) of section 3A; (iv) standards of privacy and security to be complied with by the requesting entities under sub-section (4) of section 4; (v) the classification of requesting entities under sub-section (5) of section 4; (vi) the alternate and viable means of identification of individual under the proviso to clause (b) of sub-section (2) of section 8; and (vii) the manner of obtaining consent under clause (a) of sub-section (2), the manner of providing information to the individual undergoing offline verification under sub-section (3), and the obligations of offline verification-seeking entities under clause (c) of sub-section (4), of section 8A.

3. The matters in respect of which the rules or regulations may be made are matters of procedure and administrative detail and it is not practicable to provide for them in the Bill itself. The delegation of legislative power is, therefore, of a normal character.

ANNEXURE

EXTRACTS FROM THE AADHAAR (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES,
BENEFITS AND SERVICES) ACT, 2016

(18 OF 2016)
* * * * *

2. Definitions.

In this Act, unless the context otherwise requires,—

(a) “Aadhaar number” means an identification number issued to an individual under sub-section (3) of section 3;

(b) “Aadhaar number holder” means an individual who has been issued an Aadhaar number under this Act;

* * * * *

(i) “Chairperson” means the Chairperson of the Authority appointed under section 12;

* * * * *

(p) “notification” means a notification published in the Official Gazette and the expression “notified” with its cognate meanings and grammatical variations shall be construed accordingly;

* * * * *

4. Properties of Aadhaar number.

(1) * * * * *

(3) An Aadhaar number, in physical or electronic form subject to authentication and other conditions, as may be specified by regulations, may be accepted as proof of identity of the Aadhaar number holder for any purpose.

Explanation.—For the purposes of this sub-section, the expression “electronic form” shall have the same meaning as assigned to it in clause (r) of sub-section (1) of section 2 of the Information Technology Act, 2000 .

* * * * *

8. Authentication of Aadhaar number.

(1)* * * * *

(2) A requesting entity shall—

(a) unless otherwise provided in this Act, obtain the consent of an individual before collecting his identity information for the purposes of authentication in such manner as may be specified by regulations; and

(b) ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication.

(3) A requesting entity shall inform, in such manner as may be specified by regulations, the individual submitting his identity information for authentication, the following details with respect to authentication, namely: —

* * * * *

21. Officers and other employees of Authority.

(1) The Authority may, with the approval of the Central Government, determine the number, nature and categories of other officers and employees required by the Authority in the discharge of its functions.

(2) The salaries and allowances payable to, and the other terms and conditions of service of, the chief executive officer and other officers and other employees of the Authority shall be such as may be specified by regulations with the approval of the Central Government.

* * * * *

25. Other fees and revenues.

The fees or revenue collected by the Authority shall be credited to the Consolidated Fund of India.

* * * * *

29. Restriction on sharing information.

(1)* * * * *

(3) No identity information available with a requesting entity shall be—

(a) used for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication; or

(b) disclosed further, except with the prior consent of the individual to whom such information relates.

(4) No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.

* * * * *

33. Disclosure of information in certain cases.

(1) Nothing contained in sub-section (2) or sub-section (5) of section 28 or sub-section (2) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made pursuant to an order of a court not inferior to that of a District Judge:

Provided that no order by the court under this sub-section shall be made without giving an opportunity of hearing to the Authority.

(2) Nothing contained in sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government:

Provided that every direction issued under this sub-section, shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect:

Provided further that any direction issued under this sub-section, shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.

* * * * *

38. Penalty for unauthorised access to the Central Identities Data Repository.

Whoever, not being authorised by the Authority, intentionally,—

(a) accesses or secures access to the Central Identities Data Repository;

(b) downloads, copies or extracts any data from the Central Identities Data Repository or stored in any removable storage medium;

(c) introduces or causes to be introduced any virus or other computer contaminant in the Central Identities Data Repository;

(d) damages or causes to be damaged the data in the Central Identities Data Repository;

(e) disrupts or causes disruption of the access to the Central Identities Data Repository;

(f) denies or causes a denial of access to any person who is authorised to access the Central Identities Data Repository;

(g) reveals any information in contravention of sub-section (5) of section 28, or shares, uses or displays information in contravention of section 29 or assists any person in any of the aforementioned acts;

(h) destroys, deletes or alters any information stored in any removable storage media or in the Central Identities Data Repository or diminishes its value or utility or affects it injuriously by any means; or

(i) steals, conceals, destroys or alters or causes any person to steal, conceal, shall be punishable with imprisonment for a term which may extend to three years and shall also be liable to a fine which shall not be less than ten lakh rupees.

Explanation.—For the purposes of this section, the expressions “computer contaminant”, “computer virus” and “damage” shall have the meanings respectively assigned to them in the Explanation to section 43 of the Information Technology Act, 2000, and the expression “computer source code” shall have the meaning assigned to it in the Explanation to section 65 of the said Act.

39. Penalty for tampering with data in Central Identities Data Repository

Whoever, not being authorised by the Authority, uses or tampers with the data in the Central Identities Data Repository or in any removable storage medium with the intent of modifying information relating to Aadhaar number holder or discovering any information thereof, shall be punishable with imprisonment for a term which may extend to three years and shall also be liable to a fine which may extend to ten thousand rupees.

40. Penalty for unauthorised use by requesting entity

Whoever, being a requesting entity, uses the identity information of an individual in contravention of sub-section (3) of section 8, shall be punishable with imprisonment which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.

* * * * *

42. General penalty.

Whoever commits an offence under this Act or any rules or regulations made thereunder for which no specific penalty is provided elsewhere than this section, shall be punishable with imprisonment for a term which may extend to one year or with a fine which may extend to twenty-five thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees, or with both.

* * * * *

51. Delegation.

The Authority may, by general or special order in writing, delegate to any Member, officer of the Authority or any other person, subject to such conditions, if any, as may be specified in the order, such of its powers and functions under this Act (except the power under section 54) as it may deem necessary.

* * * * *

53. Power of Central Government to make rules.

(1)* * * * *

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters, namely: —

* * * * *

(g) the form and the manner and the time at which the Authority shall furnish annual report under sub-section (2) of section 27;

* * * * *

54. Power of Authority to make regulations.

(1)* * * * *

(2) In particular, and without prejudice to the generality of the foregoing power, such regulations may provide for all or any of the following matters, namely:—

(a) the biometric information under clause (g) and the demographic information under clause (k), and the process of collecting demographic information and biometric information from the individuals by enrolling agencies under clause (m) of section 2;

(b) the manner of verifying the demographic information and biometric information for issue of Aadhaar number under sub-section (3) of section 3;

(c) the conditions for accepting an Aadhaar number as proof of identity of the Aadhaar number holder under sub-section (3) of section 4;

* * * * *

(f) the procedure for authentication of the Aadhaar number under section 8;

* * * * *

(i) the salary and allowances payable to, and other terms and conditions of service of, the chief executive officer, officers and other employees of the Authority under sub-section (2) of section 21;

* * * * *

57. Act not to prevent use of Aadhaar number for other purposes under law.

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or anybody corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

* * * * *
________
EXTRACTS FROM THE PREVENTION OF MONEY-LAUNDERING ACT, 2002
(15 OF 2003)

* * * * *
CHAPTER IV

OBLIGATIONS OF BANKING COMPANIES, FINANCIAL INSTITUTIONS AND INTERMEDIARIES

12. Reporting entity to maintain records.

(1) Every reporting entity shall—

* * * * *

(c) verify the identity of its clients in such manner and subject to such conditions, as may be prescribed;

(d) identify the beneficial owner, if any, of such of its clients, as may be prescribed;

* * * * *

73. Power to make rules.

(1)* * * * *

(j) the manner and the conditions in which identity of clients shall be verified by the reporting entities under clause (c) of sub-section (1) of section 12;

(jj) the manner of identifying beneficial owner, if any, from the clients by the reporting entities under clause (d) of sub-section (1) of section 12;

* * * * *

LOK SABHA
—————
A

BILL

to amend the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and
Services) Act, 2016 and further to amend the Indian Telegraph Act, 1885 and the
Prevention of Money-laundering Act, 2002.
—————
(Shri Ravi Shankar Prasad, Minister of Law and Justice;
Electronics and Information Technology)

MGIPMRND—2878LS(S3)—27-12-2018.

Tags:

More Under Corporate Law

Leave a Comment

Your email address will not be published. Required fields are marked *