COVID-19 contact tracing data collected during the pandemic on the Aarogya Setu app has been deleted, said the IT Ministry in a written Parliamentary reply yesterday.
What happened? Congress MP Amar Singh asked the IT Ministry about the law or protocol that governed Aarogya Setu data collection, and whether a new one will govern the previously collected data.
An empowered government group set up during the pandemic issued an order in May 2020 “notifying the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, to ensure secure collection of data by the Aarogya Setu mobile application, protection of personal data of individuals and the efficient use and sharing of personal or non-personal data for mitigation and redressal of the Covid-19 pandemic,” said the IT Ministry. “In accordance with the provisions of the said protocol, the contact tracing feature of the Aarogya Setu mobile application has been discontinued and contact tracing data collected through it has been deleted.”
STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!
Who had access to Aarogya Setu data? “Approved officials of the Ministry of Health and Family Welfare, State Health Departments, the National and State Disaster Management Authorities and District Civil Surgeons,” had “secure” access to Aarogya Setu data, said the Ministry.
A step forward in the Aarogya Setu story? Last summer, the National Informatics Centre (NIC) confirmed something slightly different—rather than just the contact tracing feature, it was the overall knowledge sharing protocol that had been discontinued. The NIC was responding to RTIs filed by the Internet Freedom Foundation (IFF) on the matter. At the time, the replies to IFF’s RTIs weren’t clear on how the collected data was being “accessed, managed or deleted” or if it had been shared with anyone else. Although incomplete, at least now we have more answers to these questions.
Why does this matter? Among other concerns, the Aarogya Setu knowledge sharing protocol was criticised by some for falling “short of [privacy protecting] principles of legality, necessity and proportionality” while collecting and sharing data. This raised serious privacy concerns for the many users who signed up for it during the pandemic—a number as high as 21,60,82,111 people. But, we’re also curious about the rest of the data collected by the app. What else was collected, how is it being stored, and will it be used by the government in the future? For example, last year, NIC officials told Economic Times that in line with the app’s privacy policy, citizens’ data had been purged from both the app and government servers. At the same time, they also added that the app was transitioning from a contact tracing service to a national health app. As MediaNama previously reported, this raised concerns that the “Aarogya Setu app would be repurposed for other purposes after the pandemic is dealt with, including becoming the first building block of the India health stack.”
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Read More
- Government Discontinues Aarogya Setu’s Data Access And Knowledge Sharing Protocol
- All You Need To Know About MEITY’s Data Access And Sharing Protocol For Aarogya Setu
- Validity Of Aarogya Setu’s Data Access And Sharing Protocol Extended By Six Months
- MEITY Wanted A Protocol To Govern All COVID-19 Data, Not Just Aarogya Setu: RTI
- ‘MEITY’s Data Access Protocol Is Not A Legislative Backing For Aarogya Setu’: Petitioner In Kerala HC