Section 27 in AADHAAR (AUTHENTICATION AND OFFLINE VERIFICATION) REGULATIONS, 2021
27. Duration of storage. —
(1)Authentication transaction data shall be retained by the Authority for a period of 6 months. The Authority may prescribe procedure to archive and perform analysis, for research purposes, from aggregated and anonymised authentication transaction data in the form of circulars.(2)Upon expiry of the period of six months specified in sub-regulation (1), the authentication transaction data shall be deleted except when such authentication transaction data are required to be maintained by the order of a court not inferior to that of a Judge of a High Court or in connection with any pending dispute.
