Digital rights activists write to PMO about Aarogya Setu's privacy issue

NEW DELHI: More than 35 organizations, including unions and 75 people working on digital rights, sent a letter to the PMO on May 1 opposing the mandatory use of Aarogya. Signatories include Amnesty India, Common Cause, Digital Empowerment Foundation, among others.

While the government initially claimed that the use of Aarogya Setu would be purely voluntary, the discharge soon became mandatory for all personnel and employees of the Central Armed Police Forces, the letter reads.

As India extended its blockade for another two weeks, guidelines issued by the Interior Ministry (MHA), which practically make the Aarogya Setu app mandatory, raised concerns. The order mentions that the local authorities must guarantee 100% coverage of the Aarogya Setu application among the residents of the containment areas, which would be defined by the district administrations.

Another set of guidelines released by the MHA spokesperson further clarifies that the government is moving forward to make enforcement mandatory. The use of the Aarogya Setu application will be mandatory for all employees, both private and public. It will be the responsibility of the respective organizations to guarantee 100% coverage of this application among employees, ”says one of the points under the subtitle 'Workplaces'.

“Does Aarogya Setu make a dangerous advance from voluntary to mandatory using powers that will come with criminal penalties? Privacy and exclusion concerns arise. What does 100% coverage mean in a country where TRAI shows an average of 53 connections for every 100 Indians? The Internet Freedom Foundation (IFF) digital advocacy group tweeted.

The letter also explains why the signers consider that the application is dangerous for privacy, considered by the Supreme Court as a fundamental right. The Aarogya Setu application deviates from international best practices for contact tracking applications and does not meet data protection standards, the letter says. He adds that the application does not have or has few provisions on consent, data minimization, transparency and algorithmic responsibility.