The central government has closed it Health Bridge‘s data access and sharing protocol, as it seeks to convert the contact tracing app into a ‘national health app’. Privacy activists, however, have raised concerns about the security of personal data collected since April 2020, even as new users download the app every day.
In response to a petition filed by Internet Freedom Foundation (IFF) under Right to Information ActThe Arogya Setu Data Access and Sharing Protocol, 2020, was discontinued from May 10, 2022, the government said. The Empowered Group on Technology and Data Management – which was the competent authority to develop the protocol – was disbanded in September. 2020, said in an RTI reply.
Spokesperson for National Informatics Centre (NIC), which created the Health Bridge, said the protocol was discontinued because “it had lost its relevance”. “The data sharing protocol was written primarily from the perspective of contact tracing, and now that Arogya Setu is transforming into a national health application, it has no relevance. It (the protocol) does not have to be up and running…,” the NIC spokesperson was quoted as saying.
Arogya Setu was an Indian Covid-19 contact-tracing, syndromic mapping and self-assessment digital service, developed primarily by NIC under the Ministry of Electronics and Information Technology (MeitY) as a mobile application.
Even as the pandemic subsides, the app continues to see downloads. In April and June this year, five lakh new users downloaded each app. 11 lakh users were added in March. This is because it is linked to the CoWIN portal and citizens can use the app to download their vaccination certificates.
The IFF has expressed surprise that the protocol was extended twice after Empowered Group’s dissolution and has questioned what happens to the data collected by the app while the protocol was in effect. “In the protocol, there were limits on how long data could be stored. Importantly, the protocol states that self-assessment data, that is, data that users enter themselves, will not be stored for more than 180 days. It was the same with contact data, demographics and location data. It also said that this data will be deleted once the protocol is closed,” IFF’s lawyer Krishnash Bapat told ET.
In the RTI application filed by the IFF, the government has not given a clear answer as to whether this data has been destroyed, Bapat said. “Our demand is that the government should immediately destroy the data collected on the Arogya Setu app by May 11, 2022, which was the protocol till date,” Bapat added.
“Citizens’ data was not kept on government servers and was deleted as per privacy policy,” a NIC spokesperson said.
When ET contacted MeitY officials, they said the application has been handed over Ministry of Health and Family Welfare Because it was now linked to the CoWIN portal. Health Secretary Rajesh Bhushan said, “The data on the COWIN app has all the data security provisions.”
Health Ministry officials said they plan to use the Arogya Setu app for a larger set of health services in the coming days.
