Govt issues new protocol for Aarogya Setu data collection | Latest News India - Hindustan Times
close_game
close_game

Govt issues new protocol for Aarogya Setu data collection

Hindustan Times, New Delhi | ByAmrita Madhukalya
May 12, 2020 02:48 AM IST

The Aarogya Setu app, which was launched to trace the contacts of individuals who have contracted the coronavirus disease (Covid-19), has now been expanded to issue e-passes, provide telemedicine and is mandatory for travel to work.

The government issued on Monday a set of protocols for how data collected from people through the Aarogya Setu contact tracing mobile application will be used and shared, attempting to address privacy concerns raised by activists and experts about the way the tool functions, the information it stores and the lack of clarity around who has access to it.

In this Thursday, May 7, 2020 photo, an Indian man uses Aarogya Setu app on his mobile phone in New Delhi, India.(AP)
In this Thursday, May 7, 2020 photo, an Indian man uses Aarogya Setu app on his mobile phone in New Delhi, India.(AP)

The ‘Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020’, notified through a government order on Monday, restricts the use of data – such as the information people provide during self-assessment of their health and a record of who they came in contact with – “strictly” to purposes necessary and proportionate for the government’s “health responses”.

Hindustan Times - your fastest source for breaking news! Read now.

The data can be retained for 180 days, the document says, significantly longer than the 45 days (for uninfected people) and 60 days (for infected persons) that it retains at present, according to officials in Niti Aayog who gave this information previously.

A user can, however, request for their demographic data – defined as name, mobile number, age, gender, profession and travel history – to be deleted. “Demographic data of an individual that has been collected by NIC shall be retained for as long as this protocol remains in force or if the individual requests that it be deleted, for a maximum of 30 days from such request, whichever is earlier,” the document said.

Officials said the protocol was necessitated by the increased criticism. “User data on the app is safe, and of the 98 million downloads, the data of only 12,000 people have been stored on the servers,” said Abhishek Singh, CEO of MyGov, adding that the protocol will allay concerns of privacy violations.

Entrusting the National Informatics Centre for the collection, processing and managing of the data collected by the Aarogya Setu, the Centre also specified that only the data of those who are infected, are at high risk of being infected or who have come in contact with infected people are most likely to be collected.

The data can be shared between any government department or ministry, which can also pass it on to third parties as long as the sharing of such information is specifically for the purpose of government’s health responses.

“NIC shall, to the extent reasonable, document the sharing of any data and maintain a list of the agencies with whom such data has been shared,” the rules state, adding that any entity processing such data shall do so “in a fair, transparent and non-discriminatory manner”.

The protocol -- which will stay in force for six months -- also allows for data to be shared with different agencies and wings of the Central government as well as state governments in “de-identified” form to assist in the formulation or implementation of a critical health response.

The app, which was launched to trace the contacts of individuals who have contracted the coronavirus disease (Covid-19), has now been expanded to issue e-passes, provide telemedicine and is mandatory for travel to work.

The app has been criticised by digital rights activist for its tracing of location histories and, last week, a French computer programmer said that vulnerabilities in the tool’s design could allow attackers to access data of millions of Indians.

Violations of the data security protocols by any entity will be punishable under section 51 to 60 of the Disaster Management Act, 2005, which invites jail term for up to two years.

The protocols also allow research institutes to study the data collected by the app after it has undergone hard anonymisation – a process to scrub it of personally identifiable information.

Divij Joshi, a lawyer and tech policy expert, said that while the protocol specifies the security guidelines better than the app’s privacy policy, it might not have enough legal teeth since it is not a legislative action.

The protocol attempts to give a legal basis to Aarogya Setu, as required by the Supreme Court but it is not a clear legislative basis. It introduces some accountability by limiting data collection and sharing to that which is ‘strictly necessary’ and by allowing individuals to complain to Disaster Management Authorities under the law as well. However, the protocol does not address issues of efficacy of contact tracing, and the issues of discrimination and exclusion by making it mandatory,” Joshi said.

Unveiling Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch now!

Get Current Updates on India News, Election 2024, Arvind Kejriwal News Live, Bihar Board 10th Result 2024 Live along with Latest News and Top Headlines from India and around the world.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Friday, March 29, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On