Punishments for data breaches etc under the Aadhaar Law

Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 provides for issuing  Aadhaar numbers to individuals and perform authentication thereof. Chapter VI (Sections 28-33) deals with protection of the information collected under the provisions of the Act.

This post highlights the prescribed punishments for the various offences. The earliest post here summed up all developments related to Aadhaar controversy.

Offences under Chapter VII with regard to information collected 

Relevant Provision

Offence

 

Punishment

Imprisonment Fine In the case of a company
Section 34 Impersonates or attempts to impersonate another person, whether dead or alive, real or imaginary, by providing any false demographic information or biometric information, Imprisonment for a term which may extend to three years or With a fine which may extend to ten thousand rupees or with both
Section 35 Changes or attempts to change any demographic information or biometric information of an Aadhaar number holder by impersonating or attempting to impersonate another person, dead or alive, real or imaginary, with the intention of causing harm or mischief to an Aadhaar number holder, or with the intention of appropriating the identity of an Aadhaar number holder Imprisonment for a term which may extend to three years and Shall also be liable to a fine which may extend to ten thousand rupees.
Section 36 Conduct by words or demeanour pretends that he is authorised to collect identity information under the provisions of this Act, when not being authorised to Imprisonment for a term which may extend to three years or

 

 

With a fine which may extend to ten thousand rupees

 

With a fine which may extend to one lakh rupees or with both
Section 37 Intentionally discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication to any person not authorised under this Act or regulations made thereunder or in contravention of any agreement or arrangement entered into pursuant to the provisions of this Act Imprisonment for a term which may extend to three years or

With a fine which may extend to ten thousand rupees or with both

 

With a fine which may extend to one lakh rupees
Section 38 Whoever, not being authorised by the Authority, intentionally,—

(a) accesses or secures access to the Central Identities Data Repository;

(b) downloads, copies or extracts any data from the Central Identities Data Repository or stored in any removable storage medium;

(c) introduces or causes to be introduced any virus or other computer contaminant in the Central Identities Data Repository;

(d) damages or causes to be damaged the data in the Central Identities Data Repository;

(e) disrupts or causes disruption of the access to the Central Identities Data Repository;

(f) denies or causes a denial of access to any person who is authorised to access the Central Identities Data Repository;

(g) reveals any information in contravention of Section 28(5), or shares, uses or displays information in contravention of Section 29 or assists any person in any of the aforementioned acts;

(h) destroys, deletes or alters any information stored in any removable storage media or in the Central Identities Data Repository or diminishes its value or utility or affects it injuriously by any means; or

(i) steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used by the Authority with an intention to cause damage

Imprisonment for a term which may extend to three years and Shall also be liable to a fine which shall not be less than ten lakh rupees
Section 39 Uses or tampers with the data in the Central Identities Data Repository or in any removable storage medium with the intent of modifying information relating to Aadhaar number holder or discovering any information thereof, not being authorised by the Authority Imprisonment for a term which may extend to three years and Shall also be liable to a fine which may extend to ten thousand rupees.
Section 40 Uses the identity information of an individual in contravention of Section 8 (3) , being a requesting entity Imprisonment which may extend to three years or With a fine which may extend to ten thousand rupees or with both With a fine which may extend to one lakh rupees
Section 41 Fails to comply with the requirements of Section 3(2) or Section 8(3), being an enrolling agency or a requesting entity Imprisonment which may extend to one year or With a fine which may extend to ten thousand rupees or with both With a fine which may extend to one lakh rupees
Section 42 Commits an offence under this Act or any rules or regulations made thereunder for which no specific penalty is provided elsewhere Imprisonment for a term which may extend to one year or With a fine which may extend to twenty-five thousand rupees or with both With a fine which may extend to one lakh rupees

Under Section 23(2)(s), UIDAI is empowered to set up grievance redressal mechanism for redressal
of grievances. There is no adequate redressal mechanism when it comes to violations of the Aadhaar Act and in the implementation of Aadhaar.

Section 47 provides that –

  • No court shall take cognizance of any offence punishable under this Act, save
    on a complaint made by the Authority or any officer or person authorised by it.
  • No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial
    Magistrate shall try any offence punishable under this Act.

Image from here

Bhumika Sharma

She is currently a Research Scholar, (PhD) at Himachal Pradesh University, Shimla. She finds peace in research and writing on a variety of social issues. She believes in the power of education and awareness to deal with various problems.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.