1. The Ministry of Electronics & Information Technology issued a data-sharing and knowledge-sharing protocol for the Aarogya Setu app

  • What is Aarogya Setu?
  • What data can be collected and shared by Aarogya Setu?
  • What entities will be able to access this Aarogya Setu  data?
  • What are the concerns being raised?

UPSC Can list these Questions under

GS paper 2 (Issues relating to development and management of Social Sector/Services relating to Health, Education, Human Resources. )

What is the context about?

  • Recently the Ministry of Electronics & Information Technology issued a data-sharing and knowledge-sharing protocol for the Aarogya Setu app, laying down guidelines for sharing such data with government agencies and third parties.
  • Prior to this, the only legal shield around the mechanism was the app’s privacy policy.
  • Currently, India’s personal data protection bill is in the process of being approved by Parliament.

What is Aarogya Setu?

  • Aarogya Setu app has been launched by the Ministry of Electronics and Information Technology.
  • It will help people in identifying the risk of getting affected by the CoronaVirus.
  • It will calculate risk based on the user’s interaction with others, using cutting edge Bluetooth technology, algorithms and artificial intelligence.
  • Once installed in a smartphone, the app detects other nearby devices with Aarogya Setu installed.
  • The App will help the Government take necessary timely steps for assessing risk of spread of COVID-19 infection, and ensuring isolation where required.

What data can be collected and shared by Aarogya Setu?

  • The data collected by the Aarogya Setu app is broadly divided into four categories — demographic data, contact data, self-assessment data and location data. This is collectively called response data.
  • Demographic data includes information such as name, mobile number, age, gender, profession and travel history.
  • Contact data is about any other individual that a given individual has come in close proximity with, including the duration of the contact, the proximate distance between the individuals, and the geographical location at which the contact occurred.
  • Self-assessment data means the responses provided by that individual to the self-assessment test administered within the app.
  • Location data comprises the geographical position of an individual in latitude and longitude.

What entities will be able to access this Aarogya Setu  data?

  • According to the protocol, the response data containing personal data may be shared by the app’s developer — National Informatics Centre (NIC).
  • It can be shared with the Health Ministry, Health Departments of state/Union Territory governments/ local governments, National Disaster Management Authority, state disaster management authorities, other ministries and departments of the central and state governments, and other public health institutions of the central, state and local governments, “where such sharing is strictly necessary to directly formulate or implement an appropriate health response”.

What are the concerns being raised?

  • The key issue is there is not enough information available on what data will be collected, how long will it be stored and what uses it will be put to.
  • No specification on the issue of how the government will use data if the data gets shared with the government of India.
  • On the data retention part, the app’s privacy policy specifies only the data available on the app and does not specify for how long the Government of India will retain server side data.
  • Additionally, there was also a question of proportionality with the app and whether it will be as effective as envisaged in containing the Covid-19 outbreak.