Apart from a financial audit, the Aadhaar Act fails to prescribe any ex-ante or ex-post accountability mechanisms
Recently, the Unique Identification Authority of India (UIDAI) filed a first information report (FIR) against a reporter of The Tribune for unauthorized access of Aadhaar data (for a story that exposed the vulnerability of the Aadhaar database), and for allegedly violating the provisions of the Aadhaar Act. Last year, the UIDAI filed an FIR against a CNN-News 18 journalist for a report on how it was possible to obtain two separate Aadhaar enrolment numbers. In contrast, the UIDAI did not initiate criminal prosecution against any of the 210 government websites that displayed the details of Aadhaar number holder, nor did it file an FIR against Airtel, when it was found out that Airtel used the Aadhaar-eKYC-based verification process to open payments bank accounts of its subscribers without their consent. These instances are interesting for two reasons.