‘It collects personal data and does not take consent before sharing it with law enforcement agencies’
Srinagar: Jammu and Kashmir administration in a Right to Information (RTI) reply has revealed that the data it collects through Government of India’s COVID-19 contact tracing app Aarogya Setu has been shared with law enforcement agencies, particularly the IT cell, of the Department of Police in District Kulgam.
The RTI has been filed by Independent Journalist and New Delhi based RTI activist, Saurav Das.
In the RTI, accessed by Free Press Kashmir, Das demanded to know “the security practice and procedure implemented by such agencies that have been given access to data” under Aarogya Setu Data Access and Knowledge Sharing Protocol 2020 as notified by the GoI.
In the reply to the RTI, Chief Medical Officer Kulgam, Fazil Ali Kochak noted, “… List of Positive cases and recovery and deaths has been shared with IT cell, Department of Police, District Kulgam.”
Speaking to Free Press Kashmir Das said, “the app collects personal data from the users and does not take consent from the users before sharing their data with other law enforcement agencies. National Disaster Management authority prima facie did not have powers to enact such a protocol and subsequent things that they have done with the app.”
Also, Das said that there is no ‘purpose limitation’ defined in the protocol of the app.
“Purpose limitation means for what exact purpose is this app introduced, and what exactly would data be used for. It is not defined in the protocol that the data would not be used for anything else which may include surveillance, because your location data, your phone data and other sensitive health data can be used, and given to third parties.”
Das had filed the RTI plea with the National Informatics Center (NIC), which is responsible for the development and management of the Aarogya Setu app, last year. NIC also maintains the list of agencies with whom the data was shared.
The department had transferred the plea to the administration of Jammu and Kashmir in October 2020, saying that the plea “does not relate to NIC and may relate” to the department of health and family welfare of the union territory.
In April 2020, GoI launched Arogya Setu app and made it mandatory for all citizens of India including government and private sector employees to download it.
Many people have time and again expressed concerns over the security and privacy, saying that their ‘personal details and travel history will be known to government and will be shared with other departments’.
However, Indian government has denied surveillance links, emphasizing that the contact tracing app would only be used for effectively tackling the Covid-19 situation in India.
Contrary to the government’s claims, the RTI has exposed that the government is sharing user information with law enforcement agencies.
Using a phone’s Bluetooth and location data, Aarogya Setu lets users know if they have been near a person with Covid-19 by scanning a database of known cases of infection.
However, many people have expressed concern that the data might be misused.
The app collects information including name, contact details, gender, travel history and whether you’re a smoker.
The Internet Freedom Foundation (IFF) also took to twitter to raise concerns over the ‘unethical data sharing’.
“Our medical data is sensitive and tied to the specific purpose of health surveillance. However without any limitation by law, risks continue for all promises for its protection being legally unenforceable. We are committed and will continue working to fix this,” IFF tweeted.