The number of third-party CoWIN vaccine alert apps and services continues to grow. This, despite the lack of a comprehensive data capture policy in place to govern what these services are allowed to do. Many of them capture mobile numbers and email IDs to notify users when a slot opens up in their desired area, but there is no clear policy in place to govern the use and storage of this data. A slew of these apps and websites have sprung up over the last week to address the limitations of the official CoWIN portal. Why are CoWIN APIs open without a data capture policy in place? The government has been double-minded on this issue. On April 17, the Government denied permission for CoWIN API to Step One, a non-profit organisation (NPO) working on enabling vaccination registration and appointment through WhatsApp. Back then, the Empowered Group of Vaccine Administration for COVID-19 said that a comprehensive data capture policy needs to be put in place before allowing third-party apps and services. “We have built various services within the Co-WIN system as micro-services exposing APIs for ensuring integration and innovation in future. But, as you may be aware, Co-WIN APIs do deal with sensitive data and hence a well-defined policy covering data capture, protection, security certification, auditing, and other aspects need to be established. As of now, there is no such policy with respect to enabling third-party applications such as yours on top of Co-WIN APIs and hence we will not be able…
