In a move aimed at strengthening user data protection and aligning existing laws with India’s new data privacy framework, the government is considering significant amendments to the Aadhaar Act, 2016. The proposed changes seek to bring the law in harmony with the Digital Personal Data Protection (DPDP) Act, 2023, placing user consent and data minimization at the forefront.
Union Minister for Electronics and IT, Ashwini Vaishnaw, confirmed the development via a video statement posted on social media platform X. “We need to see how the Aadhaar law can be harmonized vis-a-vis the DPDP Act, keeping user interest at the centre,” Vaishnaw said.
The amendments are expected to address concerns related to repeated data requests for authentication, redundant consent forms, and the widespread reuse of Aadhaar data for purposes beyond what users originally consented to. Officials said the revised framework would prioritize data minimization and enforce erasure norms as mandated under the DPDP Act—measures not currently practiced uniformly by agencies requesting Aadhaar details.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
Focus on Consent, Clarity, and Ease of Access
According to government sources, the new framework will also clarify the boundaries of Aadhaar usage, ensuring that user data is not repurposed without clear and specific consent. “A key priority is preventing the reuse of Aadhaar information for unrelated services,” an official explained.
The DPDP Act, passed by Parliament in August 2023, is yet to be formally implemented, with rules expected to be notified shortly. It introduces key concepts such as data minimization—the collection of only essential personal information for a defined purpose—and data erasure, which obligates service providers to delete personal data once it is no longer necessary.
Aadhaar Authentication and Private Sector Access
In a parallel development, the government earlier this year allowed private companies to conduct Aadhaar-based authentication for service delivery under the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Amendment Rules, 2025. The move is intended to improve service accessibility, prevent fraud in welfare distribution, and support digital innovation.
However, experts say these expanded use cases make it even more important to put robust privacy safeguards in place. “While Aadhaar has made identity verification seamless, the lack of strong consent management and excessive data collection raise privacy concerns,” said Dhruv Garg, a technology policy expert and partner at the Indian Governance and Policy Project (IGAP).
ALSO READ: “DFIR Capability Maturity Assessment Framework” by ALGORITHA
Garg emphasized that the government should also consider restricting Aadhaar use in cases where it’s unnecessary, to further protect user data.
New Aadhaar App Promises Safer Data Sharing
Complementing these legislative changes, the government has launched a new Aadhaar mobile application that allows users to share only specific data points when accessing services. The app supports facial recognition for authentication and enables digital verification through QR codes or integration with requesting applications, eliminating the need to hand over physical photocopies of Aadhaar cards.
Looking Ahead
With the DPDP Act nearing implementation and growing public concern over data privacy, aligning the Aadhaar Act with the new law is seen as a critical step. If successful, the proposed amendments could significantly improve consent mechanisms, prevent misuse of identity data, and restore public trust in digital authentication systems.