Aarogya Setu app guidelines for data processing issued by centre as privacy concerns pile up

The guidelines lay down procedure on handling of data by various agencies involved in controlling spread of the pandemic.

The government on Monday issued a set of guidelines to be followed for data processing of Aarogya Setu app users and added a few clauses that may lead to imprisonment of persons found guilty of violating certain norms.

The new rules prohibit storage of data beyond 180 days and enable individuals to seek deletion of their data from the government''s Aarogya Setu related record within 30 days of raising the request.

The new norms allow collection of only demographic, contact, self assessment and location data of persons infected by the coronavirus or those who come in contact with the infected person.

(Also read: Aarogya Setu: Whether we like it or not, the app is here to stay, but it's still riddled with privacy issues that need strong answersAarogya Setu

Aarogya Setu

"Lot of work has been done over data privacy. A good privacy policy has been made to ensure that personal data of people are not misused," Ministry of Electronics and IT (MeitY) secretary Ajay Prakash Sawhney told reporters.

(Also read: Apple-Google contract tracing API promises privacy protection, yet many govts want their own apps)


Till date 9.8 crore people have downloaded the Aarogya Setu app.

The app alerts its users if they come in close contact with any infected person.

The Aarogya Setu app has been made mandatory in COVID-19 containment zones.

The guidelines lay down procedure on handling of data by various agencies involved in controlling spread of the pandemic.

(Also read: Workers sign petition urging govt to issue advisory clarifying that 'Aarogya Setu' app isn't mandatory)

The data can also be shared with universities for research purposes only after delinking details that can identify individuals using the app.

"Any violation of these directions may lead to penalties as per section 51 to 60 of the Disaster Management Act, 2005 and other legal provisions as may be applicable," the protocol said.

The penalty clauses under the disaster management act have provisions for jail term for officials.

Sawhney said that the most important function is the flow of data from the app to various departments where huge emphasis has been laid on privacy of individuals.

"The app users are given device id which is used for processing various information and functions. The individual''s contact is used only to alert the user," he said.

The app is available on Android, Apple''s iOS and JioPhone.

The government has also issued a toll free number 1921 for those who don''t have smartphones.

"Less than 13,000 users of Aarogya Setu have been found to be COVID positive but due to help of this around 1.4 lakh were traced and alerted who have come in close contact with infected person. We provide these information to check an area from becoming a hotspot. Privacy is an important aspect of Aarogya Setu," Sawhney said.

Advocacy groups have alleged that the government is using Aarogya Setu for mass surveillance especially in absence of any legislation around privacy.

"The protocol has been issued to bridge the legal gap and to address privacy related concerns," a MeitY official said.

Sawhney said that data of a non-infected person is deleted from Aarogya Setu app in 30 days, 45 days in case of tests and 60 days if a person has undergone treatment.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.