Thursday, March 3, 2011

69 - UID Legislative Safe Guards by Ruchi Gupta

UID – Legislative Safeguards
Ruchi Gupta (

Legislative Safeguards
UID as the underlying infrastructure will directly enable five types of databases; however, UIDAI will own and takes responsibility for only the primary database with a laissez-faire attitude for the rest. However, given that UID is the enabling tool, the legislative framework must establish UIDAI’s responsibility to constrain certain types of uses, and liability for all end-use. The five database types are as under
1. Basic UID database with identity information
2. State databases (NPR, government schemes, tax, police etc)
3. Credit information companies (CIC) databases, which will hold credit information based
on bank, insurance, telecom etc history
4. NATGRID (21 interlinked dbs) for security and intelligence agencies (exempt from RTI
excepting human rights allegations)
5. Private databases by corporations etc
1. Individuals with the following characteristics (as substantiated by a self-attested copy)
will not be required to pay for UID enrollment: BPL/AAY; NREGA Card; others.
Privacy/Civil Liberties

1. Registrars will not collect information other than that strictly necessary for providing
service. Information fields must be detailed and approved by UIDAI prior to collection.
2. There will be no legal/financial penalty for non-enrollment now or in future
3. Private organizations with the exception of registrars (enrolling agencies) will not link
benefits to disclosure of UID number e.g. shopping loyalty cards (to limit data
4. Every individual with a UID # can ask for a certified copy of all information collected and
stored about him/her once a year free of charge, and unlimited times on payment of
certain fee (Rs. 10 per page as per RTI). There will be a legal provision for financial and
custodial penalty if knowingly inaccurate/incomplete report is provided to the user. (CIC,
5. There must be inherent assurance that non-possession of identity card will not be
considered an offence, or grounds for detention (State, since ID card will be issued
through the NPR exercise)
6. The front-end of all organizations whose databases will be linked to NATGRID/CIC will
have to inform users before each transaction (or initial registration) that activity will be
reported and tracked (NATGRID, CIC)
UID – Legislative Safeguards
Ruchi Gupta (
1. Utilities or state services will not be withheld due to beneficiary’s non-enrolment of UID.
Service will be provided in the interim on production of alternate proof of identification;
implementing agency will initiate process for beneficiary’s UID enrollment.
2. If UID match is not made at the point of sale/delivery, essential services will be provided
on production of alternate proof of identification. UID data will be fixed within X days
(Related question below)
3. In case a registrar is de-registered due to non-compliance of enrollment
processes/standards, affected users will not be denied services while their identity is being
re-verified (or other quality assurance processes initiated)
4. No enrollment agency can force user to continue association against will as condition for
registration (real estate developers organization will be used to enroll migrant workers,
whose identity credentials cannot be verified/guaranteed by the employer. So potentially
UIDAI/employer may have some kind of forced affiliation?)
5. UID will not be used to turn off essential services for any reason other than direct
ineligibility for service e.g., coerce relocation (State)
6. Records of transactions including liabilities in one utility in one aspect will not be used to
deny services of some other utility (State)
1. UIDAI will be responsible for all (user or organizational) losses arising out of
false/inaccurate information on UID number
2. Sale or transfer of data to any for-profit/private organization (marketers, corporations,
MNCs) will be illegal, and will lead to closure of such organizations and immediate
termination of employment of involved employees.
3. Any unauthorized collection of data or its misuse will be treated as a human rights
violation and therefore under the ambit of RTI Act (Sec 24) (NATGRID, CIC)
4. If data security is breached (e.g., Indian defense computers were hacked into), UIDAI will
be liable for both breach of information, and subsequent misuse (Potentially irrelevant
because even if the primary UID database is not in the public domain, tack-on databases
will be and it will be impossible to track data breach to any one database)