The Centre on Monday released a protocol for the usage and sharing of data collected through its coronavirus contact tracing app Aarogya Setu. The Centre specified that the users’ data can be stored for up to 180 days but said it is only meant for health purposes.

The protocol came amid concerns about privacy and surveillance risks posed by the app, which has over nine crore users.

In its protocol, the Centre said that the National Informatics Centre, the developer of the application, will only collect data which is “necessary and proportionate” to formulate or implement appropriate health responses.

The Centre said that the users’ data can be retained for a period of 180 days and shared between any government department or ministry. “However, response data may be shared with such third parties only if it is strictly necessary to directly formulate or implement appropriate health responses,” the government said in its order.

The government will also keep a list of agencies with whom the data of users has been shared. “The National Informatics Centre shall, to the extent reasonable, document the sharing of any data and maintain a list of the agencies with whom such data has been shared,” the Centre said.

Follow today’s live updates on the coronavirus pandemic

Also read:

  1. No Covid-19 silver bullet: Aarogya Setu endangers India’s privacy – and its usefulness is uncertain
  2. No data or security breach in Aarogya Setu app, says Centre after hacker raises concern

The users can also ask the government to delete demographic data. “Demographic data of an individual that has been collected by NIC shall be retained for as long as this protocol remains in force or if the individual requests that it be deleted, for a maximum of 30 days from such request, whichever is earlier,” the government said.

The protocol will remain in force for six months.

At the Centre’s press briefing on Monday, Ministry of Electronics and Information Technology Secretary Ajay Sawhney said the app poses no privacy risks to the users. “Privacy is a very important feature of the Aarogya Setu App,” he said. “The government uses information on users only for health interventions, not for any other purpose.”

The Aarogya Setu app is meant to alert users if they have come in contact with a Covid-19 patient, and what measures they need to take in case that happens. Cybersecurity experts, however, have expressed concerns that it could violate the users’ privacy and become a surveillance tool in the hands of the government.

The Centre has made the app compulsory for all its employees. It is also mandatory for Indians citizens coming in from foreign countries and for train passengers too.

The number of coronavirus cases in India rose to 70,756 and the toll climbed to 2,293, according to the Union health ministry’s Tuesday morning update.