Elite CIO Logo

BECOME MEMBER
Back

Data collected on Aarogya Setu App will be wiped by NIC after 180 days

  • By Elite CIO
  • Date May 12, 2020
  • Quotes12

Data collected on Aarogya Setu App will be wiped by NIC after 180 days

The Aarogya Setu App has registered approx. 98 million downloads since its launch in early April 2020.

According to the latest data access and knowledge sharing protocol by the Ministry of Electronics and Information Technology (MeitY), Data collected on Aarogya Setu app will be permanently deleted by the National Informatics Commission (NIC) after 180 days from the date of collection. Such information includes demographic data on name, mobile number, age, gender profession and travel history of a person, contact data, self-assessment data and geographical location.

Earlier, Data on Covid-19 positive users was stored in central servers for a period of 60 days. Now, the data can be stored for a maximum of 180 days.

According to the notification on the change in data processing rules which was issued on 11th May 2020, It states that NIC will have to permanently delete demographic data related to an individual if requested by the person within a period of 30 days. However, this is liable to the final decision taken by the empowered group on technology and data management for Covid-19 response constituted by the government while Contact and location data shall by default, remain on the device on which the Aarogya Setu mobile application has been installed after such data has been collected. It may be uploaded to the server only for the purpose of formulating or implementing appropriate health responses.

The announcements were made by MeitY in the light of security flaws and privacy issues in the app, alleged by France-based ethical hacker, Elliot Alderson. During the announcements of the extension of the national lockdown period, the Government of India has made Aaorgya Setu app mandatory  for all employees in public and private sector establishments. Heads of organisations at such establishments will be responsible for ensuring 100% coverage of the Aaorgya Setu app among employees returning to work from May 4, according to the guidelines.

Non-compliance can be penalised under the Disaster Management Act,2005, and Section 188 of the Indian Penal Code, the guidelines said. The guidelines do not make any exceptions for non-compliance.

According to Internet Freedom Foundation (IFF),  Section 51(b) under the Disaster Management Act, 2005 provides for a maximum punishment of up to one year for disobedience, and two years when such actions may lead to a loss of life.  Section 188 of the IPC for disobedience of order duly promulgated by a public servant can invite imprisonment for upto six months and a fine of Rs 1000.

The protocol will be reviewed by the empowered group after a period of six months.