Unlike the Privacy Policy of Aarogya Setu where data is retained for at most 60 days, the newly released Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 allows retention of contact, location and self-assessment data for up to 180 days. But in a welcome move, personal data will be retained only until the Protocol is in effect or until the user requests deletion of such data (more on that below). And if the Protocol is not "specifically extended" by November 11, 2020 by Empowered Group 9 on Technology and Data Management, the Protocol will lapse, meaning that all personal data will be permanently deleted. However, this sunset clause is for the Protocol, not for the app itself. This suggests that the app will be repurposed for other issues once the pandemic has been dealt with, including becoming the first building block of India health stack. Read: #NAMA: How Aarogya Setu can be improved, Checks and balances, and a governance framework for Privacy during the COVID19 pandemic: #NAMA The Ministry of Electronics and Information Technology (MEITY) released this Protocol earlier today to govern the collection of data by Aarogya Setu and data sharing of personal/non-personal data collected through the app. It has been developed by the Empowered Group 9, one of the 11 empowered groups formed to deal with the pandemic. Neha Alawadhi, a Business Standard journalist, first tweeted about this. In a significant departure from the latest Privacy Policy and Terms of Use, the Protocol, which will most likely…
