Central government has closed Arogya SetuData access and sharing protocol, as it seeks to convert the contact tracing app into a ‘national health app’. However, privacy activists have raised concerns over the security of personal data, which has been collected since April 2020, even as new users download the app every day.
In response to an application filed by Internet Freedom Foundation (IFF) under Right to Information ActThe government said that the Aarogya Setu Data Access and Sharing Protocol, 2020 was discontinued with effect from May 10, 2022. The Empowered Group on Technology and Data Management – which was the competent authority to detail the protocol – was dissolved back in September. 2020, said the RTI response.
a spokesperson for National Informatics Center (NIC), which designed the Aarogya Setu, said the protocol was shelved as it “lost its relevance”. “The data sharing protocol was primarily written from the point of view of contact tracing, and now that Aarogya Setu is converting into a national health app, it has no relevance. There is no need to have it (protocol) active and running…,” the NIC spokesperson said above.
Aarogya Setu was an Indian COVID-19 contact-tracing, syndromic mapping and self-assessment digital service developed by NIC under the Ministry of Electronics and Information Technology (MeitY) primarily as a mobile app.
Despite the pandemic being over, the app continues to see downloads. In April and June this year, five lakh new users each downloaded the app. 11 lakh users were added in March. This is because it is linked to the CoWIN portal and citizens can use the app to download their vaccination certificates.
The IFF has expressed surprise that the protocol was extended twice after the disbanding of the empowered group and has questioned what happens to the data collected by the app during the implementation of the protocol. “In the protocol, there were limits on how long the data could be stored. Importantly, the protocol states that self-assessment data, that is, data entered by users themselves, will not be stored for more than 180 days. It was the same with contact data, demographic and location data. It also said that once the protocol is closed, this data will be deleted,” Krishnash Bapat, a lawyer for IFF, told ET.
Bapat said in the RTI application filed by the IFF, the government did not give a clear answer whether this data has been destroyed or not. “We demand that the government immediately destroy the data collected on the Aarogya Setu app by May 11, 2022, the date up to which the protocol was in force,” Bapat said.
When ET contacted MeitY officials, they said the app has been handed over to Ministry of Health and Family Welfare Because it was now linked to the CoWIN portal. “The data on the CoWIN app has all the provisions of data protection,” Health Secretary Rajesh Bhushan said.
Health ministry officials said they plan to use the Aarogya Setu application for a larger set of health services in the coming days.