UIDAI introduces 'Virtual ID' to address privacy concerns

New Delhi: In a bid to address privacy concerns, the UIDAI on Wednesday introduced a new concept of 'Virtual ID' which Aadhaar-card holder can generate from its website and give for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID.

This will give the users the option of not sharing their Aadhaar number at the time of authentication.

The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorised agency like a mobile company, limited details like name, address and photograph, which are enough for any verification.

Officials said a user could generate as many Virtual IDs as he or she wants. The old ID gets automatically cancelled once a fresh one is created.

The Unique Identification Authority of India (UIDAI) has also introduced the concept of 'limited KYC' under which it will only provide need-based or limited details of a user to an authorised agency that is providing a particular service, say, a telco.

The Virtual ID will be a temporary and revocable 16 digit random number mapped to a person's Aadhaar number, and the Aadhaar-issuing body will start accepting it from March 1, 2018.

From June 1, 2018, it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from their users.

Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline will face financial disincentives.

"Aadhaar number holder can use the Virtual ID instead of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using the Virtual ID like using Aadhaar number," a UIDAI circular said.

The move aims to strengthen the privacy and security of Aadhaar data and comes amid heightened concerns around the collection and storage of personal and demographic data of individuals.

Users can go to the UIDAI website to generate their virtual ID which will be valid for a defined period, or till the user decides to change it.

They can give this Virtual ID to service agencies along with the fingerprint at the time of authentication.