As per a RTI response dated June 8, 2022 from NIC, the Aarogya Setu Data Access And Knowledge Sharing Protocol “has been discontinued".
This Protocol was introduced on May 11, 2020 in response to high public criticism and concerns on informational privacy & mass surveillance with Aarogya Setu. It fell considerably short of principles of legality, necessity and proportionality.
In the absence of any statutory framework to govern Aarogya Setu, the Protocol became the primary governance framework. Through a previous RTI reply dated Sep. 6, 2021, stated, “in view of the ongoing Covid-19” pandemic, the Protocol is extended to May 10, 2022.
However, Aarogya Setu’s Privacy Policy still states that in order to use Aarogya Setu you will need to consent to the Aarogya Setu Data Access And Knowledge Sharing Protocol. Hence, justifiable doubts and queries arise.
In the absence of a data protection law and even a Protocol :
Q1. How will the data collected by the Aarogya Setu be governed now?
Q2. Will a new Protocol be put in place to govern the data now? If yes, when?
Q3. What will happen to the data which has been collected under the Protocol?
Q4. Which agencies have control over the data now?
Q5. Has the data collected been deleted?
We encourage proactive transparency from MeitY on these questions to ensure the personal information including health data is protected. In addition we will be filing a RTI request soonest!