corporate law

"Secure Your Aadhaar: Advanced Authentication Methods and Privacy Guidelines"

Authentication Methods for Aadhaar

To enhance security, users can now authenticate their identity using facial recognition or QR codes, removing the necessity to share photocopies of Aadhaar cards. This feature is expected to launch in April 2025. Additionally, individuals may choose to use a masked Aadhaar, which reveals only the last four digits of their Aadhaar number.

Safeguarding Identity with Aadhaar

The Aadhaar identity authentication ecosystem has introduced advanced features designed to protect the identity and privacy of Aadhaar holders.

Guidelines for Sharing Aadhaar

  • Use Masked Aadhaar: Users can download a masked Aadhaar that displays only the last four digits from the UIDAI official website at UIDAI - My Aadhaar. UIDAI now auto-generates masked Aadhaar for downloads unless users opt for the full disclosure option.

    • Verification: The authenticity of any Aadhaar number can be verified at UIDAI - Verify Aadhaar. For offline verification, users can scan the QR code found on the e-Aadhaar, Aadhaar letter, or Aadhaar PVC card using the QR code scanner available in the mAadhaar mobile application. UIDAI mandates QR code scanning for offline verification to prevent tampering.

  • Caution on Public Computers: It is advisable to avoid downloading e-Aadhaar using public computers in internet cafes or kiosks. If necessary, ensure that all downloaded copies are deleted entirely from that computer.

Enhanced Privacy Features (2023)

  • Virtual ID (VID) Integration: The 16-digit temporary number, known as VID, is used in place of Aadhaar for authentication in non-KYC scenarios.

  • Timed OTPs: One-time passwords (OTPs) for Aadhaar-related services now expire in 2 minutes, a reduction from the previous 10-minute validity.

Aadhaar Act, 2016 Provisions

  • Section 29: Prohibits sharing of Aadhaar numbers without the individual's consent.

  • Section 37: Imposes penalties for unauthorized collection of Aadhaar data by entities.

Corporate Compliance

Organizations must hold a User License from UIDAI to use Aadhaar for identity verification. Unauthorized entities, including hotels and film halls, are prohibited from collecting or storing copies of Aadhaar cards. However, private entities within industries such as e-commerce, hospitality, and healthcare may utilize Aadhaar authentication, provided they have received government approval. Such entities must delete Aadhar Data after 6 months unless mandated by law.

Legal Implications

It is crucial to understand that requesting a photocopy of your Aadhaar card or engaging in unauthorized collection or storage of Aadhaar information constitutes an offense under the Aadhaar Act 2016. Such violations may incur fines of up to ₹1 crore under Section 33A of the Aadhaar Act.

By following these guidelines and remaining vigilant, Aadhaar holders can actively protect their identity and privacy in today’s digital landscape.