New Delhi, Mar 28: Expressing concern over misuse of the Aadhaar data collected by the private firms for business purpose, the Supreme Court on Tuesday said that the safety measures being put by Unique Identification Authority of India (UIDAI) may not be enough for data protection. “Security at your end would not ensure data protection. My concern is about the misuse of data at another end point,” Justice DY Chandrachud said.

Pointing out loopholes in the Aadhaar, the bench, comprising of Chief Justice Dipak Misra and Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan, said that the private companies that have been using Aadhaar for user authentication could collect the data of customers. It added that in fact, the private operator present at the time of the Aadhaar enrolment could retain a copy of the data. (Also Read: UIDAI to Launch Face Authentication Feature For Aadhaar Verification From July 1)

“There are two ends of authentication. You said that you do not retain information on the purpose of authentication but the private entity before whom authentication is done could retain the data or the number at the time authentication was done and the information could be used for commercial purposes. What is there to prevent the private sector from collecting the data?

The UIDAI had earlier told the Supreme Court that the biometric and demographic information of people who have enrolled for Aadhaar was secure, while no one will suffer loss of benefits for its lack. In a power point presentation in the court, the bench was told that the data in encrypted form was “very very secure”. UIDAI CEO Ajay Bhushan Pandey also said that the Aadhaar number would not be repeated even after the death of an individual.

The UIDAI on Saturday refuted all the reports of data breach saying that the biometric ID programme remains “safe and secure”. Terming the  reports as “totally baseless, false and irresponsible”, UIDAI said, “There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database.”

“UIDAI today has refuted reports in a certain section of media sourced from the news website ZDNet which has quoted a person purportedly claiming to be a security researcher that a state-owned utility company has vulnerability which can be used to access a huge amount of Aadhaar data including banking details,” UIDAI said in a statement.

Response from UIDAI came hours a technology news portal, ZDNet, claimed that a system of “state-owned utility firm” was allegedly been used to leak private information of Aadhaar holders such as names, their unique 12-digit identity numbers, and their bank details. It also said that the security lapses, that were flagged to some government agencies, remain to be fixed.