scorecardresearch
Follow Us:
Thursday, June 04, 2020

Building trust

The new guidelines for data handling in Aarogya Setu system are a welcome first step. Supporting legislation must follow.

By: Editorial | Published: May 13, 2020 4:05:51 am
Bundesliga, european football leagues, saloman Kalou, soccer, indian express Trust is an essential ingredient for the success of Aarogya Setu in helping to contain the pandemic

From claiming that the Aarogya Setu app is unhackable, to suggesting that it must be the safest app ever because millions are downloading it — they are compelled to, actually — to issuing fresh guidelines to safeguard the privacy of users, the government has come a long way, tacitly acknowledging the trust deficit and the need to address it.

Trust is an essential ingredient for the success of Aarogya Setu in helping to contain the pandemic, because it must acquire a critical mass of users to be of any use. On Monday, an order by the empowered group on technology and data management, set up by the national executive of the Disaster Management Act, established the protocol for handling data by the various bodies involved in the management of the COVID-19 outbreak. Outside that circle, the data may be shared only with the research community in anonymised form. Breaches will attract penalties according to relevant sections of the Disaster Management Act, besides other applicable laws.

The government has fixed security flaws in data handling detected by a French white hat hacker, limited the purpose of data collection to dealing with the pandemic, and restricted the types of data which may be collected and the period for which it may be held. And crucially, by promising punitive measures, the order sets to rest public anxieties about privacy. Problems about technology are not adequately addressed by technology — by claiming that software is hacker-proof, for instance. It is best addressed by the law, by the certainty of liability and the penalties thereby attracted.

But perhaps this order should be read as a first step towards a law, as a letter of intent rather than a compact. Justice BN Srikrishna, who headed the committee which had produced the first draft of the Personal Data Protection Bill, has pointed out that the order is not lawful — supportive legislation is required by Aarogya Setu, rather than merely an order by the executive. On May 1, the ministry of home affairs had made the app mandatory for employees in the public and private sector, and in government. Local authorities were urged to secure complete coverage in containment zones. The Noida police then extended it to everyone, threatening imprisonment and fines for non-compliance. These may be emergency interventions, but the app now requires legislative backing. In the absence of an underlying law, it would remain vulnerable to legal challenge.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Opinion News, download Indian Express App.

0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
Advertisement
Advertisement
Advertisement
Advertisement