Steps taken to ensure that the privacy of people downloading the ‘Aarogya Setu’ application is protected:
- Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 has been notified that lays down the guidelines for collection, processing, storage and sharing of “anonymised” data.
- Privacy protection was the primary consideration while developing the app. It stores an encrypted signature when the user comes in proximity with other registered devices. This interaction information is not pushed to the server unless the user tests positive.
- The encrypted data of all users, stored in their devices, got deleted automatically in 30 days. Data of the users who undergo tests were kept for 45 days and for those who had tested positive, it was stored in the server till 60 days from the day they recovered from the illness.
- Upon sign-up, every app user is assigned a unique randomised anonymous device ID. All communications between two devices and between the device and the server was done using that ID. No personal detail was used or shared with anyone.
- The location data was used in case the person tested positive, only to map places the user visited in the past 14 days, for sanitisation and testing of people to prevent further spread.
- The information was combined with self-assessment data to identify the areas that were likely to turn into a hotspot. The details were shared with district and State authorities for timely preventive steps.
- The protocol states that the contact and location data will, by default, remain on the device on which the app is installed. It may be uploaded to the server only for the purpose of formulating or implementing appropriate health responses.
- The contact, location and self-assessment data, collected by the National Informatics Centre (NIC), will not be retained beyond the period necessary to satisfy the purpose for which it is obtained. The period, unless a specific recommendation to this effect is made, will not ordinarily extend beyond 180 days from the date on which it is collected, after which it will be permanently deleted.
- Demographic data of an individual, collected by the NIC, will be retained for as long as the Protocol remains in force or if the individual requests that it be deleted, for a maximum of 30 days from such request, whichever is earlier.
Practice Question: The ‘Aarogya Setu’ application has been at the forefront in the fight with COVID 19, however, the issues related to violation of privacy of users has been hotly debated. Highlight the steps that have been taken by the government to ensure that the privacy of the users of ‘Aarogya Setu’ application is not compromised. – 250 words
Categories: POINT IAS