The Unique Identification Authority of India (UIDAI) is working with Justice Srikrishna panel to put in place a stricter law for data protection and security, the UIDAI CEO Dr. Ajay Bhushan Pandey informed the Supreme Court on Tuesday.
Making the power point presentation for over 2 and a half hours, before a five-judge bench of Chief Justice Dipak Misra and Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan, the CEO made it clear that the apprehensions with regard to leakage of data and security breach have no basis.
He said the data is encrypted and secured in the depository, which is not connected with internet, and there was no possibility of leakage or security breach and in the last seven years there has not been a single breach of data.
At this juncture, both Justice Sikri and Chandrachud wanted to know from the CEO as to whether data collected can be shared for commercial gain by the authentication user agencies, who are all private companies. They asked the CEO whether there was a scope for data transfer before the data is saved and `submit’ button is pressed.
The CEO explained that since the software for authentication agencies are provided by the UIDAI, the moment data is collected, it is encrypted and can’t be stored or transferred. The judges pointed out that the possibility of data leakage at this end couldn’t be ruled out completely.
Justice Chandrachud told the CEO “unless you have a robust data protection law, it is not possible to secure the data at the ‘mirror image end’ (where authentication takes place).
Justice Sikri said, “There is a possibility of data breach. You cannot vouch safe for all times to come particularly when authentication agencies take consent.”
The CEO conceded, “The authentication log details are fully secured. We have taken the help of world leaders in biometric technology to ensure high level of accuracy and that the data is secured. But there is no last word on security. We are constantly working on improving safety and security aspects. It is an ongoing challenge. We are working with Justice Srikrishna committee on a stricter law for data protection and all aspects would be taken into consideration while putting in place the law.”
He also said that so far more than 1.2 billion citizens have Aadhaar.
To a question from the bench on whether biometrics data was being shared, he clarified that only personal information is shared to the banks through e-kyc without biometric information, which is safe and secured and not shared with anyone. From July this year, face identification will be used for authentication and soon QR codes on Aadhaar will have photo.
After the conclusion of power point presentation senior counsel Shyam Divan and KV Viswanathan submitted a list of 20 questions seeking clarification and reply from the CEO. They also wanted the court to pass an order to extend Aadhaar linkage for all services except seven benefits/subsidy/service as mentioned in Section 7 of the Aadhaar Act.
The CJI said the court would consider this aspect on April 3, when arguments will continue.
Meanwhile, the CJI asked the CEO to give written replies to the points raised by petitioners.