wordpress blog stats
Connect with us

Hi, what are you looking for?

Your Aadhaar data can now be shared among government ministries but in limited form

Sharing of Aadhaar numbers, albeit in masked form, has been termed dangerous by experts who’ve raised other red flags.

Central and state government ministries will be able to share partially-masked Aadhaar data (i.e. last 4 digits) along with demographic information (name, date of birth, gender, residential address), among themselves, according to a memorandum from the Unique Identification Authority of India (UIDAI). The departments can do so only if they comply with the provisions related to safety, security, and confidentiality, it added.

Another UIDAI memorandum states that ministries can use consent obtained from individuals during a particular scheme for any future schemes as long as they inform the individuals via email or mobile. The departments will have to get a consent form filled by the individual submitting their identity information for authentication.

Aadhaar IDs contain sensitive data which needs to be guarded zealously as India does not have a data protection law in place yet. It needs to be stressed that the memoranda do not shed light on the checks and balances in place to prevent misuse of data.

Why did the UIDAI publish these memoranda?

The regulatory body revealed that it has received requests from various government ministries to provide guidance regarding the use of such data for future schemes. The data, they said, was collected during the course of the implementation of respective welfare schemes.

What are the red flags?

Srikanth Lakshmanan, a tech activist, said that the timing of these memos was “interesting” as they were released just before the central government tabled the JPC report on the data protection bill in the Parliament.

Advertisement. Scroll to continue reading.

He suggested that the intention seemed to be to give permission and nudge the government ministries/departments to share data freely before the data protection law comes into force. He also stressed that the Aadhaar Act has purpose limitations built into its framework.

“This circular will allow ministries to reuse data collected for a particular purpose because they already hold it. It is shady,” Lakshmanan said.

The form annexure is a notice which shall be put on a website indicating that a particular ministry is indulging in consent collection for the future. “It is slightly problematic because you are giving your permission for that agency to use your data for a future thing you do not know about as if you are signing a blank cheque,” he added.

‘Data sharing among different ministries is dangerous’

Lakshmanan explained that the ministries will be able to share masked Aadhaar data (last four digits) in addition to demographic data which does not make sense because it is almost like sharing the whole set of data. “It is a fairly unique dataset even if you do not have the 12 digits,” he said. He added that individuals will not even know if their data was shared with other ministries.

Advertisement. Scroll to continue reading.

Srinivas Kodali, a researcher working on data, the internet, and cybersecurity, said that this move can be viewed as an attempt to build a family database under the State Family Database (SFDB).

Understanding SFDB: SFDB is a data integration and exchange platform that is envisioned to be an all-in-one database used across different departments of the state government to maintain records of various kinds. Tamil Nadu, and Haryana, are some of the states currently working on it.

What does the Aadhaar Act say?

The Aadhaar Act, 2016, was introduced for the delivery of subsidies, benefits, and services, to Indian citizens by assigning unique identity numbers to them. There are over 300 schemes notified under Section 7 of the Aadhaar Act which cover a huge number of individuals.

It is mandatory to inform individuals in writing under Section 29(3) of the Aadhaar Act, for which purposes their Aadhaar number is being used by the ministry. 

UIDAI’s powers were expanded recently

The central government amended the Aadhaar Act (Adjudication of Penalties) Rules 2021 last year to give UIDAI powers to penalise entities for both civil and criminal violations. It outlined the following mechanism for UIDAI to enforce the penalties, and hence implement the privacy safeguards outlined in the Act.

Who should be the adjudicating officer? Under the Aadhaar Act, UIDAI must appoint an adjudicating officer to deal with violations of the act. The officer must:

Advertisement. Scroll to continue reading.
  • not be below the rank of Joint Secretary to the Government of India
  • possess ten years or more of experience in the government body
  • possess more than three years of experience law, management, IT or commerce

How to send a complaint: The UIDAI can send a complaint to the adjudicating officer in case of a violation, which must contain the following:

  • the nature of the contravention
  • relevant provision of the Aadhaar Act or rules issued by UIDAI
  • the maximum penalty which can be imposed on the person or entity
  • the timing, place of contravention along with supporting documents


Get our white paper on the Data Protection Bill 2021 in your inbox

We may also reach out occasionally with our coverage of the Data Protection Bill and more.
By filling out this form, you agree to receive a copy of MediaNama's white paper and further information about MediaNama's work and services.


Also read:

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ