As per the Aadhar Act, 2017, the biometric information collected and stored in electronic form in accordance with this Act and regulations made thereunder shall be deemed to be ‘electronic record’ and ‘sensitive persol data or information ...’ “This gives rise to grave security and privacy concerns,” they said, and added: “There has been a major change between an earlier draft of the Act (the tiol Identification Authority of India Bill 2010) and the fil Aadhar Act. In the earlier version authentication was with a positive and negative response of ‘YES’ or ‘No’ along with the Aadhar number, finger prints or iris scan whichever the system requires. In the Aadhar Act, authentication can be done by a requesting agency (who is willing to pay a fees) by asking for any identity information, including photograph except core biometrics information. Moreover ‘the authority may engage one or more entities to establish and maintain the Central Identities Data Repository and to perform any other functions as may be specifies by regulations. This raises questions on the security of data that will be entrusted with ‘one or more entities’ other than the government.”