Aarogya Setu App

Aarogya Setu App – Protecting Life and Privacy, Isn’t It?

Yes, my quest to find out answer for the query has led me to write this blog and to put into use my data privacy and data security skill sets for the benefit of the human.
So let us first understand about the Aarogya Setu App, its services, its benefits and the personal data collected by it, before my Professional Mind of Privacy Expert takes over and starts evaluating the Aarogya Setu App version 1.1.1 for its privacy compliance.

Aarogya Setu App – Bridging the People to Better Health and Staying Safe especially during this COVID-19 Pandemic, is a boon to the people of India as it not only informs the person about the safe health measures to be taken by them, but also alerts the person if he/she is in vicinity of the person having high risk or suffering from COVID-19. At the same time, it facilitates the government in assigning, allocating and managing the necessary resources to treat the COVID-19 patients in a better way. It does all these by just collecting few personal data like name, phone number, age, sex and location. Apart from these, if the person takes up the optional self assessment for COVID-19 Symptoms, the person needs to provide additional information like

• Whether the person experiencing or showing symptoms of Cough, Fever, Difficulty in Breathing?
• Whether the person is suffering from any of the diseases – Diabetes, Hypertension, Lung Disease, Heart Disease?
• Countries visited in last 28 – 45 days?
• Whether the person belong to healthcare profession?

The next section will shed light and educate you on what is privacy and how it can be protected. I am pretty much sure post that you will personally agree that

What is Privacy?

Privacy is defined as “someone’s right to keep their personal matters and relationships secret” as per Cambridge Dictionary. But law or the Constitution has its own interpretation. The Constitution of India, as per the Supreme Court Judgement in August 2017 in the case of K.S. Puttaswamy (retd) vs Union of India, has declared that “The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.” Taking clue from this, Personal Data Protection Bill, 2019 was introduced in December 2019 to protect the privacy rights, personal data of its citizens through the establishment the organizational framework. Similarly not only India, but European Union and many other Countries considers “Privacy has the Fundamental Right” of the Person and has enacted laws and regulations (GDPR – General Data Protection Regulation, Australian Privacy Act, CCPA - California Consumer Privacy Act, etc.) to protect the Privacy Right of the Person.

How the Privacy of the Individuals is Protected?

There are basically three ways at broad level to the protect the privacy of the Individuals:

• Data Processing Principles,
• Assigning Privacy Rights to individuals and
• Establishing Organizational and Legal Framework to safeguard the assigned privacy rights and protection of the personal data.

Does Privacy of Individuals is Protected by Using Aarogya Setu App and if yes, How?

Yes. The Terms of Use of Services and Privacy Policy of the Aarogya Setu App clearly substantiates that the privacy of individuals are protected. At the same time, it clearly indicates that the Data Processing Principles like

• Processing of Personal Data is carried fairly under the legal framework and in transparent manner.
• Purpose Limitation: The personal data is collected for specific and legitimate purposes only with processing of it purely restricted for the purposes it is being collected and the same is explicitly mentioned in the Privacy Policy.
• Data Minimization: Personal data which is adequate and relevant to the mentioned purposes are only collected and processed which is evident from the personal data collected to meet the purposes mentioned in Privacy Policy.
• Data Accuracy: Reasonable steps and processes are taken and defined to ensure that the personal data collected is accurate and kept up to date and the inaccurate data are erased or rectified.
• Storage Limitation: Personal data is stored only for the period for it is required to, for the purposes mentioned in the Privacy Policy.
• Security Measures: Appropriate Security Measures like encryption of data in transit and as well at rest are taken to protect the confidentiality and integrity of the data is taken.
• Accountability of the personal data collected is clearly mentioned.
• For storing the personal data for longer periods, the purpose is legitimate under applicable laws and is clearly mentioned in the Privacy Policy.
• Personal Data is annonymised (encrypted in such way that it cannot be decrypted or recovered again) before it is being used for reporting and data analytics purposes.
• Personal Data is stored only on the Servers hosted and controlled by the Govt. of India and is accessed by the authorized people. It is not transferred or disclosed to any third party or to any third country. Now the Second Pillar about the privacy rights of the individuals is also fulfilled and is evident from the Privacy Policy. The fulfilled privacy rights are as :
• Receive notification about the collection, use and other data processing principles applied on the personal data in a clear and transparent manner.
• Access the personal profile
• Rectify the personal data collected by the App
• The personal data can be erased or is deleted from the mobile once the app is uninstalled and the deleted from the Server post 30 days from the uninstall of the app.
• For any grievances related to the app or the personal data processing, individual can directly contact the nominated person over email. Now the last and Important Third Pillar about the organizational and legal framework. The personal data collected, its processing and security measures are fully compliant with the Information Technology Act 2000 and Information Technology 2011 Rules and judicial remedy can be availed for any non compliance.



Yes, there are some gaps related to updation of Privacy Policy and liability clause, which under my opinion has very low impact on privacy and security and the same are already highlighted to the concerned for improvement. Hope that’s enough for all the people who are skeptical on the privacy of the Aarogya Setu App and agree that Aarogya Setu App – Protects Life and Privacy.
So start using Aarogya Setu App, if not used so far.