The central government has officially issue a set of guidelines for processing
data collected via theAarogya Setu app
[https://play.google.com/store/apps/details?id=nic.goi.aarogyasetu&hl=en_IN]that
forbids retention of user data in servers for more than six months and specify
jail term for violators of certain rules.

Amid concerns expressed in certain quarters about data privacy of people who use
the app, the guidelines provide an option to individuals to seek deletion of
their data from the record within 30 days of making such a request while a
senior government official asserted that ?privacy is an important aspect of
Aarogya Setu?.

The government will collect only data deemed ?necessary and proportionate? and
it will only be used to formulate or implement appropriate health responses.
Contact and location data shall, by default, remain on the device on which the
Aarogya Setu mobile application has been installed and it will only be updated
to formulate or implement appropriate health responses, according to the
notification.

Until Sunday, as many as 9.8 crore people have downloaded the Aarogya Setu app,
which has been made mandatory in COVID-19 containment zones.

The latest guidelines lay down procedure on handling of data by various agencies
involved in controlling spread of the pandemic. The data can also be shared with
universities for research purposes only after delinking details that can
identify individuals using the app, as per the government.

?Any violation of these directions may lead to penalties as per section 51 to 60
of the Disaster Management Act, 2005 and other legal provisions as may be
applicable,? it said.

Penalty clauses under the Disaster Management Act also have provisions for jail
term for officials.

Speaking to PTI
[https://www.firstpost.com/tech/news-analysis/aarogya-setu-app-guidelines-for-data-processing-issued-by-centre-as-privacy-concerns-pile-up-8359391.html] , Ministry of Electronics and IT Secretary Ajay Prakash Sawhney stated that the
most important function is the flow of data from the app to various departments
where huge emphasis has been laid on privacy of individuals. According to him,
data of a non-infected person is deleted from Aarogya Setu app in 30 days, 45
days in case of tests and 60 days if a person has undergone treatment.

?The app users are given device ID which is used for processing various
information and functions. The individual?s contact is used only to alert the
user,? he said. ?Less than 13,000 users of Aarogya Setu have been found to be
COVID-19 positive but due to help of this (app), around 1.4 lakh were traced and
alerted who have come in close contact with infected persons.

?We provide these information to check an area from becoming a hotspot. Privacy
is an important aspect of Aarogya Setu,? Sawhney said.

Advocacy groups lately have alleged that the government is using Aarogya Setu
for mass surveillance especially in absence of any legislation around privacy.

Also Read | Reliance Jio?s COVID-19 Symptom Checker Exposes Private User Data
Online
[http://finary.co/tech/reliance-jios-covid-19-symptom-checker-exposes-private-user-data-online/(opens
in a new tab)]

Also Read | Apple Will Let Users Automatically Share Medical IDs On Emergency
Calls
[http://finary.co/health/apple-will-let-users-automatically-share-medical-ids-on-emergency-calls/(opens
in a new tab)]