The Supreme Court has raised concerns over the potential misuse of Aadhaar data collected by private companies for commercial use. The SC said that the safety measures put in by the UIDAI may not be sufficient to deal with the problem in the absence of a data protection law in the country.
Following the presentation put up by UIDAI CEO, Ajay Bhushan, the Bench pointed to two loopholes in the system. The private operator at the time of Aadhaar enrolment could keep a copy of the data to himself and the private companies which are using the Aadhaar platform could also collect the authentication data of the customers were the two problems that the Bench pointed towards. In both these cases the data could be misused, the Bench said.
The Bench told Bhushan that security at the end of the UIDAI would not ensure data protection. Our concern is about the misuse of data at the other end, the Bench said. Bhushan, however, said that UIDAI would never know for what purpose the authentication was done and it did not collect data pertaining to purpose, location and details of authentication. He further added that collection of such data was prohibited under the Aadhaar Act.