Former RSS ideologue KN Govindacharya has sent a legal notice to the government alleging several privacy and legal concerns with respect to the Aarogya Setu contact tracing app.
The Aarogya Setu app, which has been downloaded by around 90 million people, has been made mandatory for government as well as private sector employees and for people residing in containment zones – a localised area that has reported a positive case of Covid-19 infection.
Govindacharya, through his lawyer Virag Gupta, sent the notice to Neeta Verma, the chief of the National Informatics Centre (NIC), which runs the government’s IT backbone.
The notice alleges that the data of Indians can be accessed by foreign technology giants since it will be retained on mobile devices that can be accessed by cell phone manufacturers. As it uses Bluetooth and location data, the data can also be accessed by telecom companies, it says. ET has reviewed the notice.
“It is submitted that terms of this app, which is being made mandatory, must be compliant with the legal provisions or Government of India should take specific liability for any data breach,” it said.
“Guidelines issued under Disaster Management Act, 2005 are not mandatory for State Government, then how can same be used to make this App mandatory for general public,” it added.
It has suggested that the mandatory coverage of Aarogya Setu may be limited only on those who are infected by the virus.
According to the historic Right to Privacy judgement by the Supreme Court in the Justice K S Puttaswamy vs Union of India case in 2017, individual biometric and demographic information cannot be shared with private companies.
“A window has been kept open for data sharing with private as well as foreign Tech Giants. I request you to please update the policy with necessary legal safeguards so that the data cannot be shared or used by any agency outside of Government of India,” it said.
It said the NIC must ensure the protection of data and privacy of app users as per the provisions of the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009 and Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009.
It also said that as per the information available on the Google Play Store, the Aarogya Setu app has been developed by NIC eGov Mobile Apps. As per Section 43-A of the Information Technology Act, 2000 the body corporate is responsible for compensation for failure to protect data. “NIC being a body corporate must ensure all the legal liability in line with Section 43-A of the IT Act, 2000.”
Leave a Reply