As the country is gearing up for the Lockdown 4 with some changes and relaxation’s, the debate over Aarogya Setu App continues to rage over the privacy and other related issues
“Aarogya Setu App”, an official contact tracing app, was launched in April 2020 by the Govt of India as Covid -19 response. It soon became the world’s fastest downloaded app to reach 50 million downloads in just 13 days after the launch, and has crossed over 100 million downloads so far.
The purpose of this app is to track infected people, issue self-quarantine guidelines, provide latest communications and ease the burden on healthcare systems.
It also notifies users if they have crossed paths with someone who has been diagnosed positive. Tracking is done via Bluetooth and location generated graph that charts proximity with anyone infected.
It also provides an option of self-assessment, based on certain queries. If the responses indicate symptoms of Covid-19, the information is sent to Govt Servers which is followed by health officials.
There are similar contact tracing apps being used by various countries in this technology driven age as Covid -19 response.
Singapore’s Trace together, Australia’s Covid safe, France’s Stop Covid, Isreal’s HaMagen, NHS Smartphone app and Covid symptom apps in UK are some apps which also analyse the high-risk areas, speed of virus spread etc.
The Aarogya Setu app is user friendly and has been successful serving its primary purpose, but at the same time it has also been severely under fire for the concerned attached to data safety.
The terms of the use clearly suggest what information is collected including the device of the Bluetooth range (like any other app), how it is stored and shared with the government servers for contact tracing if and when a user test positive for Covid.
The privacy Policy also states that the personal information is secured using Digital Identification, which is generated using one’s registration information and hence is Pseudo anonymized- both in transit and storage.
Amidst all the concerns of days Privacy and the app’s utility in Covid-19 response, the Ministry of Information and Technology issued a data sharing and knowledge sharing protocol for the Aarogya Setu App laying down guidelines for sharing of such days with government agencies and third parties.
The protocol states the response data that can be shared with different government departments and agencies has to be in de-identified form.
The protocol also calls for any entity with which data has been shared to not retain the data beyond 180 days from the day it was collected, making it temporary in nature and falls under the Disaster Management act 2005, which establishes penalties in case of violation. It also empowers an individual to request for deleting demographic data which must be done in 30 days.
While the Data Protection Bill is still under examination by a parliamentary joint committee, with this protocol in place the Ministry of information and technology has tried to address the concern around data safety and by emphasizing that these anonymized data will only be used for Covid-19 related response.
