New Delhi: State governments have given written assurances to the Unique Identification Authority of India (UIDAI) that they have destroyed all biometric data of individuals shared by the authority before the enactment of the Aadhaar Act.
“We have got certificates from state governments and we are filing it in court. Only the biometric data was destroyed, the demographic data remains with the states," said Ajay Bhushan Pandey, chief executive officer of UIDAI, in an interview.
The statement comes at a time when UIDAI is trying to address concerns over the security and privacy of Aadhaar data held by state governments.
According to Pandey, before the enactment of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, state governments were registrars of UIDAI, i.e. they used to enrol people for Aadhaar.
As part of the process, states would collect demographic information (name, date of birth, address) and biometrics (photograph, fingerprint and iris scan) of individuals while enrolling them.
“The states used to keep a copy and send one to us. The information was stored in an encrypted manner and there was a key to it. We would do the de-duplication at the back end to generate an Aadhaar number," Pandey said.
With the notification of the Aadhaar Act, UIDAI took charge of the enrolment process and stopped sending a copy of the data to states. It also asked the states to destroy all the biometric data they had accumulated prior to the Act, Pandey added.
In February, the Gujarat government counsel told the constitutional bench hearing challenges to the Aadhaar law that the state has no biometric data collected prior to the enactment of the law.
“The Aadhaar Act does not contemplate storage of biometric information at the state level. Details are now stored only in the Central Identities Data Registry (CIDR)," the counsel added.
“There is a need for a stronger law regulating what can be done using biometrics. Even after the enactment of the Aadhaar Act, there’s nothing in the law that prevents any agency from collecting and storing biometrics for any purpose whatsoever," said Pranesh Prakash, policy director at think tank Centre for Internet and Society.