The government has issued a set of guidelines to be followed for processing data of Aarogya Setu app users. Further, it has added a few clauses that may lead to imprisonment of a person if certain norms are violated.

The new rules prohibit storage of data beyond 180 days and enables individuals to seek deletion of their data from the Aarogya Setu related record within 30 days of raising the request. Further, the new norms allow collection data including demographic, contact, self-assessment and location of the infected persons or those who come in contact with the infected person.

The guidelines also lay down the procedure for handling of data by various agencies involved in controlling spread of the pandemic. The data can be shared with universities for research purposes only after delinking details through which the user can be identified.

As per the protocol, any violation of the laid directions may lead to penalties as per section 51 to 60 of the Disaster Management Act, 2005 and other legal provisions as may be applicable. As per the Ministry of Electronics and Information Technology (MeitY), the protocol has been issued to bridge the legal gap and to address privacy related concerns.

According to the government, less than 13,000 users of Aarogya Setu have been found to be Covid-19 positive but with the app around 140,000 were traced and alerted who have come in close contact with infected person. Further, the government added that data of a non-infected person is deleted from Aarogya Setu app in 30 days – 45 days in case of tests and 60 days if a person has undergone treatment.