The government on Monday (May 11) issued a set of guidelines to be followed for data processing of Aarogya Setu app users and added a few clauses that may lead to imprisonment of persons found guilty of violating certain norms.
The new rules prohibit storage of data beyond 180 days and enable individuals to seek deletion of their data from the governments Aarogya Setu related record within 30 days of raising the request.
The new norms allow collection of only demographic, contact, self assessment and location data of persons infected by the coronavirus or those who come in contact with the infected person.
Till date 9.8 crore people have downloaded the Aarogya Setu app. The app alerts its users if they come in close contact with any infected person. The Aarogya Setu app has been made mandatory in COVID-19 containment zones.
The guidelines lay down procedure on handling of data by various agencies involved in controlling spread of the pandemic.
The data can also be shared with universities for research purposes only after delinking details that can identify individuals using the app.
“Any violation of these directions may lead to penalties as per section 51 to 60 of the Disaster Management Act, 2005 and other legal provisions as may be applicable,” the protocol said.
The penalty clauses under the disaster management act have provisions for jail term for officials.
Sawhney said that the most important function is the flow of data from the app to various departments where huge emphasis has been laid on privacy of individuals.
“The app users are given device id which is used for processing various information and functions. The individuals contact is used only to alert the user,” he said.
The app is available on Android, Apples iOS and JioPhone. The government has also issued a toll free number 1921 for those who don’t have smartphones.
“Less than 13,000 users of Aarogya Setu have been found to be COVID positive but due to help of this around 1.4 lakh were traced and alerted who have come in close contact with infected person. We provide these information to check an area from becoming a hotspot. Privacy is an important aspect of Aarogya Setu,” Sawhney said.
Advocacy groups have alleged that the government is using Aarogya Setu for mass surveillance especially in absence of any legislation around privacy.
“The protocol has been issued to bridge the legal gap and to address privacy related concerns,” a MeitY official said.
Sawhney said that data of a non-infected person is deleted from Aarogya Setu app in 30 days, 45 days in case of tests and 60 days if a person has undergone treatment.