Introduction of APAAR ID: A Growing Privacy Concern

May 5, 2025
Data Privacy

By Anuradha Gandhi and Rachita Thakur

Introduction

Recently, the Automated Permanent Academic Account Registry (hereinafter referred to as “APAAR”) has been conceptualized under the National Education Policy (NEP) 2020. Under this initiative, all students pursuing higher education are required to register with the Academic Bank of Credits (ABC). As per the new regulations, possessing an ABC ID is mandatory for admission to any college or university[1].  The framework is already in force since January 2025[2] with some schools started to implement it.  While the objective of APAAR is ‘One Nation, One Student ID ‘tracking student progress and streamlining academic records, however it also raises privacy concerns with respect to its data collection and storage practices.

What is APAAR?

The Automated Permanent Academic Account Registry (APAAR) is a unique identification system created for students throughout India. It assigns a unique and permanent 12-digit ID to every student, offering a comprehensive record of their academic achievements, including degrees, scholarships, awards, and other credits making it easier to shift between educational institutions for further studies. The system can only be accessed if a person is above 18 years of age or under the supervision of parents/ guardian.[3]

Though APAAR is not mandatory, however, to obtain an APAAR ID, students must follow a series of steps. First, they need to visit their school to verify their demographic details. If the student is a minor, parental consent is required. Following this, the student’s identity is authenticated through the school. Once all verifications are successfully completed, the APAAR ID is generated and is linked to the student’s Digi Locker account for online access[4].

An essential requirement to create an APAAR ID is to have a valid Aadhaar number issued by the Unique Identification Authority of India (UIDAI) especially for persons under 18 years of age to provide a unique verifiable identification.

Personal Data Collected and Processed

Under the APAAR system, students are required to provide personal data including name, date of birth, gender, contact, Aadhaar number, authentication details, academic records and technical information like IP address, browser type, and operating system. This data is used for managing accounts, storing academic records, communicating important updates and notifications. Additionally, aggregated and anonymized data may be used for research, statistical and educational improvements.[5]

The data collected is stored in encrypted forms and is shared only in aggregated forms after taking prior consent. Furthermore, all user data in APAAR will be in control of the user and made portable as per Data Empowerment Principles[6].

How it is different from Digi Locker and Aadhaar?

While Digi Locker and APAAR ID are different but they are integrated to provide a secure way to store and access academic documents.[7]

APAAR is a lifelong unique digital identity for students, while Digi Locker is a secure online repository for storing and sharing documents. The APAAR ID is linked to Digi Locker, where a student can access their essential documents, including academic records, and it also receives academic credits from institutions.[8]

On the other hand, Aadhaar is a 12-digit unique identity number obtained voluntarily by the residents of India, based on their biometrics and demographic information to obtain certain government benefits or subsidies[9]. The APAAR id complements Aadhaar for educational tracking purposes.

Concern surrounding privacy

The consent forms issued by the State requires guardians and/or parents to authorize the sharing of their ward’s Aadhaar and demographic details for the creation of an APAAR ID and the opening of a Digi Locker account. Such information shall also be shared with entities involved in providing educational activities and shall be used for Aadhaar-based authentication with Unique Identification Authority of India[10]

APAAR system raises significant privacy issues:

  1. Lack of Informed Consent in Rural Areas: Although, an option to opt-out of such data processing is provided, however, it raises the issues of informed consent, especially in rural or marginalized communities where guardians may not fully understand the implications of data sharing.
  2. Data Retention: APAAR systems retains data till the account remains in existence or a request for deletion of account or data is made. In effect, this means that a student’s data may be kept permanently if a request is not made as the time period of scope of services is not provided[11].
  3. Potential Surveillance: Although APAAR is currently framed as an academic tool, the integration of Aadhaar-based authentication opens possibilities for cross-linking with other government databases in the future. Without strict legal firewalls, there is a risk that APAAR could be repurposed for surveillance, profiling or any other non-educational use as seen in the case of Clearview AI. To read more about this, please refer our article at: https://ssrana.in/articles/facial-recognition-technology-a-growing-challenge-for-privacy/
  4. Linking with Aadhaar Details: The K.S. Puttaswamy (Retd) vs. Union Of India case, established that Aadhaar cannot be made mandatory for school admissions, as education is a fundamental right under article 21A of the Constitution and neither a service nor a subsidy governed by Section 7 of the Aadhaar Act, 2016[12]. It also held that the requirement of Aadhaar is not compulsory for registrations in institutions like CBSE, NEET and UGC. The ruling clearly establishes that requiring Aadhaar for accessing educational entitlements violates the voluntary nature of Aadhaar usage and the principle of proportionality in State actions affecting fundamental rights. Despite this, the APAAR system mandates the provision of Aadhaar details for generating a student’s digital identity.

Conclusion

While students, parents, teachers and school administrators may play a role in verifying and updating student data[13], the ultimate responsibility and liability for ensuring the security and lawful processing of that data rests  with the implementing authorities and data fiduciaries, including the relevant government departments and agencies managing the APAAR system.

Rishabh Gupta , Junior Associate Advocate at S.S. Rana & Co. has assisted in the research of this article.

[1]https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2003802

[2]CBSE/IT & Projects/APAAR ID/ 2025 circular available at: https://www.cbse.gov.in/cbsenew/documents/Circular_Implementation_APAAR_ID_24012025.pdf

[3] APAAR Terms of Use, available at: https://apaar.education.gov.in/termsofuse

[4]https://apaar.education.gov.in/

[5]APAAR Privacy Policy available at: https://apaar.education.gov.in/privacy-policy

[6]https://cdn-apaar.dl6.in/resources/resoucre_files/03-APAAR-Important-Information-Eng.pdf

[7]https://www.digilocker.gov.in/assets/DIGILOCKER%20ASK%20EXPERT.pdf

[8]https://www.abc.gov.in/faq.php#:~:text=The%20APAAR%20ID%20acts%20as,through%20the%20National%20Academic%20Depository

[9]https://uidai.gov.in/en/my-aadhaar/about-your-aadhaar/usage-of-aadhaar.html

[10]Parental Consent forms available at: https://apaar.education.gov.in/resource

[11]APAAR Privacy Policy available at: https://apaar.education.gov.in/privacy-policy; APAAR Terms of Use, available at: https://apaar.education.gov.in/termsofuse

[12]Justice K.S. PUTTASWAMY (RETD.) & Anr. Vs. Union of India, [2018] 8 S.C.R. 1

[13]https://apaar.education.gov.in/faqs

More Articles

  1. CORP CONNECT (MAY, 2025)
  2. Numerals as Trademarks: Delhi HC Affirms Registrability of ‘2929’
  3. Safeguarding Stylized Trade Mark And Iconic Brand Typography
  4. EPFO’s 2025 Overhaul: Making PF Transfers Swift and Simple
  5. Avoiding Infringement Pitfalls : Rule of Safe Distance in Trademark Law
  6. Plant Variety Protection and Farmers’ Rights : A Contemporary Perspective
For more information please contact us at : info@ssrana.com