BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Explainers
      • Aadhaar Authentication Now Open To...
      Explainers

      Aadhaar Authentication Now Open To Private Companies. Is It Safe?

      While the Indian government aims to improve service delivery, it raises privacy concerns as the rules lack clear safeguards against misuse of biometric data.

      By -  Hera Rizwan
      Published -  11 Feb 2025 4:46 PM IST
    • Boomlive
      Listen to this Article
      Aadhaar Authentication Now Open To Private Companies. Is It Safe?

      Aadhaar Authentication Widens To Include Private Entities

      • The Centre has updated Aadhaar authentication rules, now allowing private businesses in sectors like e-commerce, travel, and healthcare to use Aadhaar for customer identification.
      • The change aims to improve access to services and ease of living, but raises concerns over data privacy and security risks, as biometric data could be misused.
      • Experts are concerned about the potential clash with the 2018 Supreme Court ruling, the vague criteria for approvals, and the lack of clear safeguards for biometric data.

      The Indian government has changed Aadhaar authentication rules, now allowing private businesses to use Aadhaar verification for customer identification. The Ministry of Electronics and IT (MeitY) announced the change this month, stating that it will make life easier for people and improve access to services.

      However, experts are concerned about data privacy and security risks since there are no clear safeguards against the misuse of biometric data.

      This amendment follows earlier government efforts to permit private players, particularly in the financial sector, to conduct Aadhaar biometric authentication after demonstrating compliance with security standards.

      Also Read:APAAR ID: Is India Ready for a National Digital ID System for Students?

      What has changed?

      Previously, only the government and a few approved organisations could use Aadhaar authentication for three purposes: promoting good governance, stopping misuse of public funds, and making services more accessible.

      Now, the new Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025, have widened the scope. Private companies in sectors like e-commerce, travel, hospitality, and healthcare can now use Aadhaar verification to improve service delivery. A notable new addition is the "promotion of ease of living".

      This change updates a 2020 law that had limited private access to Aadhaar data after a Supreme Court ruling. It follows nearly two years of government discussions, but the feedback from public consultations has not been made public.

      What Are The Concerns Of Privacy?

      The new changes may conflict with the Supreme Court's 2018 ruling, which struck down Section 57 of the Aadhaar Act, preventing private companies from using Aadhaar for KYC.

      However, tech lawyer Salman Waris argued that these changes don’t necessarily defy the Act. He explained that according to Section 2(u), the Act defines a "requesting entity" as anyone submitting Aadhaar details for authentication, which can include corporations.

      While the previous provision was vague, leading to its removal, the new rules provide clear procedures. He further said, “As long as requesting entities follow data security and privacy measures, these rules may not violate the Act. However, the rules should ensure that these entities comply with the Act’s security provisions.”

      Waris also noted that the government has implemented these "vaguely defined rules" before the DPDP Act came into force, showing a "callous approach" toward data privacy.

      Expounding on yet to be implemented India’s data protection law, Meemansa Agarwal, Senior Research Associate at The Dialogue, said, “The DPDP Act requires organisations to implement security measures to protect personal data. While the Draft Rules mention measures like encryption, data masking, and access control, they do not define these measures.”

      She emphasised that protecting biometric data held by private entities depends on "the organisation's commitment to privacy safeguards, prioritisation of data security, and how effectively authorities enforce compliance."

      Clear parameters for assessment are necessary to mitigate misuse, an issue the Supreme Court had flagged earlier, she added.

      Also Read:How a Security Flaw in EPFO’s System Leaked Pensioners' Data

      Approval Process and Vague Criteria

      Any company wanting to use Aadhaar authentication must submit a proposal outlining the justification for its use, based on one of the four specified purposes in the rules.

      Proposals for Aadhaar authentication must be submitted to the relevant government department or ministry responsible for overseeing the intended purpose of authentication. These proposals will then be reviewed by the Unique Identification Authority of India (UIDAI) and the Ministry of Electronics and Information Technology (MeitY), which hold the authority to approve them.

      Additionally, companies must ensure that their request to use Aadhaar authentication aligns with the "interest of the state".

      However, experts argue that the phrase "in the interest of the state" is vague and leaves room for arbitrary approvals. According to Waris, such undefined terms could allow discretionary decision-making.

      He said, “This clause may be misused to justify any type of content as the Indian government’s stance on data processing has been very lenient. Even though there may be some prima facie safeguards, the amendment still raises privacy concerns with respect to the biometric data of individuals.”

      Agarwal stressed that "establishing clear approval criteria is crucial to ensuring transparency and preventing inconsistent decision-making." She added, “Legal precision fosters certainty, allowing individuals to better navigate and plan their interactions with such systems."

      Also Read:Locked For Years: A New Life For Assam Residents As They Finally Get Aadhaar Cards

      Aadhaar Licensing: Then and Now

      It is not that private companies were not allowed to use Aadhaar authentication before. A licensing regime already existed, requiring government approval to ensure authentication was used only for specific, legitimate purposes while maintaining privacy and security.

      In 2019, the government allowed private entities like banks and telecom firms to use Aadhaar for KYC under this system.

      In 2023, it proposed the same amendment that has now been formalised. Even before this, 22 private financial firms, including Amazon Pay (India) and Hero FinCorp, were permitted to use Aadhaar authentication.

      LinkedIn also introduced Aadhaar-based verification for Indian users last year. While the new rules officially expand access, the shift has been in progress for years.

      However, with the new regulations, gaps in the approval process for Aadhaar authentication could emerge due to unclear rules, Agarwal said. "There are no clear, uniform criteria, which means different entities can interpret the rules differently. This could lead to inconsistent implementation and potential misuse," she explained.

      She stressed the need for a well-defined approval framework. "A unified system would bring clarity, reduce uncertainty, and make compliance easier,” Agarwal added.

      Building on this, Waris explained that biometric data is classified as sensitive personal data information (SPDI) under Section 30 of the Aadhaar Act, which mandates stricter privacy rules.

      “While the DPDP Act treats all data equally, the government can classify entities handling Aadhaar data as ‘Significant Data Fiduciaries’ under Section 10, thereby enforcing stricter obligations and imposing higher fines for non-compliance,” he said.

      Also Read:Digital Divide and Corruption: How MGNREGA Fails Bihar’s Rural Workers

      Tags

      MeitYAadhaarData Privacy
      Read Full Article
      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!