Aarogya Setu data protocol norms issued
#GS3 #Technology #Pandemic
Empowered Group Chairman says privacy protection is the primary consideration for the app
- Data of nearly 13,000 Aarogya Setu App users who have tested positive for COVID-19 have so far been transferred to the server for health intervention.
- The Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, that lays down the guidelines for collection, processing, storage and sharing of “anonymised” data.
- It stores an encrypted signature when the user comes in proximity with other registered devices.
- This interaction information is not pushed to the server unless the user tests positive.
Till 60 days
- The encrypted data of all users, stored in their devices, got deleted automatically in 30 days.
- Data of the users who undergo tests were kept for 45 days and for those who had tested positive, it was stored in the server till 60 days from the day they recovered from the illness.
- Based on the data of fewer than 13,000 users who tested positive, alerts were sent to 1.4 lakh users.
- Nearly 9.8 crore people had so far downloaded the contact-tracing app.
- The same service would soon be made available in feature phones.
- All communications between two devices and between the device and the server was done using that ID. No personal detail was used or shared with anyone.
- The location data was used in case the person tested positive, only to map places the user visited in the past 14 days, for sanitisation and testing of people to prevent further spread.
- The information was combined with self-assessment data to identify the areas that were likely to turn into a hotspot.
- The details were shared with district and State authorities for timely preventive steps.
- The tool had helped in identification of 697 such potential hotspots.
- The protocol states that the contact and location data will, by default, remain on the device on which the app is installed.
- It may be uploaded to the server only for the purpose of formulating or implementing appropriate health responses.
- The contact, location and self-assessment data, collected by the National Informatics Centre (NIC), will not be retained beyond the period necessary to satisfy the purpose for which it is obtained.
- The period, unless a specific recommendation to this effect is made, will not ordinarily extend beyond 180 days from the date on which it is collected, after which it will be permanently deleted.
- Demographic data of an individual, collected by the NIC, will be retained for as long as the Protocol remains in force or if the individual requests that it be deleted, for a maximum of 30 days from such request.