The validity of the Aarogya Setu Data Access and Knowledge Sharing Protocol has been extended by six months until May 10, 2021. Essentially, personal data collected from Aarogya Setu users can be retained and shared until this date, unless a user requests the deletion of such data. Released on May 11, 2020, the Protocol is supposed to govern the collection of data by Aarogya Setu and data sharing of personal and non-personal data collected through the app. It allowed the retention of contact, location and self-assessment data for up to 180 days. In what was a welcome move then, the Protocol had a sunset clause, which entailed the mandatory deletion of all user data by November 11, 2020 (the original deadline). However, per the latest announcement by MEITY on Tuesday, the Protocol will not lapse until May 10, 2021. When announced, the Protocol was seen as indication that the Aarogya Setu app would be repurposed for other purposes after the pandemic is dealt with, including becoming the first building block of the India health stack. With this extension, this appears to have been the right inference. The Protocol is distinct from Aarogya Setu's privacy policy, which specifies that personal information of COVID-19 patients can be collected and stored in government servers for 60 days. It was developed by the Empowered Group 9 on Technology and Data Management, one of the 11 empowered groups formed to deal with the pandemic. MEITY is supervising the its implementation, per directions of the empowered group.…
