Govt to amend Aadhaar Act for improved consent, DPDP Act alignment

The government is considering amending the 2016 Aadhaar Act to give users control over their data and stop the unique ID number from being misused.

“We need to see how the Aadhaar law can be harmonized vis-a-vis the DPDP (Digital Personal Data Protection) Act keeping user interest at the centre,” electronics and IT minister Ashwini Vaishnaw said in a video posted on X on Wednesday.

Also Read | 2025 to be India’s year in semiconductors: Minister Ashwini Vaishnaw

The government's intention is to plug gaps and align the Aadhaar Act with the DPDP Act, according to officials.

While Vaishnaw did not share details of the proposed amendment, he said, “There are variety of programmes and uses where citizens are asked for consent again and again, asked to provide their data every time and at different places, for authentication. We need to have a legal framework to avoid this and ensure citizens get access to services easily.”

A major focus of the amendment will be to ensure data minimization and data erasure norms, as currently mandated by the DPDP Act. But these are not followed by agencies seeking Aadhaar details, officials said.

Also Read | Evaluation of AI large language models in final stage: Ashwini Vaishnaw

“Similarly, a focus will also be on avoiding reuse of Aadhaar data for a different purpose than was originally being sought by the agencies,” said one of the officials, adding that the language will be made clearer and more specific to avoid any conflict with the DPDP Act.

The DPDP Act, 2023, which was approved by Parliament in August 2023, is yet to be implemented. 

The government is currently finalizing the rules to implement the Act, which Vaishnaw said are almost ready and will be notified soon. Data minimization means the practice of collecting only the minimum amount of personal data necessary to achieve a specific purpose. Data erasure means deletion of personal data by data fiduciaries when it's no longer needed.

Also Read | Ashwini Vaishnaw welcomes Starlink in India, backs network for railway projects

Analysts said the amendment to the Aadhaar Act with DPDP will be essential to prevent any misuse of data, as also for more data control and better consent management.

In February, the government also allowed private companies to carry out Aadhaar authentication for providing their services under the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025. Under the new rules, private entities are allowed to use Aadhaar for authentication of users to promote ease of living for residents and enabling better access to services for them, prevention of dissipation of social welfare benefits, and enablement of innovation.

“It is yet to be seen what amendment the government makes. But since the government’s focus is on data minimization, it would certainly help misuse of Aadhaar data. This is because Aadhaar has become a convenient way for identification and authentication, which often leads to data privacy issues,” said Dhruv Garg, a tech policy lawyer and partner at the Indian Governance and Policy Project (IGAP).

According to Garg, the focus of the government should also be to minimize the usage of Aadhaar where it is not required.

On Tuesday, the government also launched a new Aadhaar app that will help Aadhaar holders to share only the necessary data while availing services. The app will have face ID authentication. To ensure data privacy, the app allows digital verification and exchange via a requesting application or by scanning a QR code, eliminating the need for physical photocopies of Aadhaar cards.