Millions are on contact-tracing apps with poor privacy safeguards

BENGALURU: States, city municipal corporations as well as police departments across India have launched 40 apps for Covid-19 contact tracing, quarantine tracking, providing health information and to generate e-passes, even as the central government’s Aarogya Setu app remains the face of Covid-19 contact tracing efforts across the country.

These apps have garnered several million downloads already, but many lack a clear or strong privacy policy although they collect personal information such as location data, photos, media, camera, call information, WiFi connection information and device ID, privacy advocates said.

In the absence of a privacy law, privacy activists have termed the apps’ policies and terms of service as ineffective, weak and confusing.

“While the applications have been developed independently by each government, we have observed some questionable trends, practices, and policy provisions pertaining to the apps,” Software Freedom Law Centre said in a report that studied the privacy policies, terms of service and permission demanded by these apps. “It is shocking to see the absence of Terms of Service or a Privacy Policy that binds the developer/publisher of the app and its end-user.”



Information Technology (Intermediaries Guidelines) Rules, 2011 mandate that an intermediary shall publish the terms of use, rules and regulations, and privacy policy pertaining to the platform operated by the intermediary. Some of the applications have generated privacy policies from a Firebase application, which helps companies generate standardised privacy policy templates depending on the type of app and information accessed.

The practice is in itself not uncommon although these policies lack clauses that cover important aspects such as data retention and purpose limitation for processing the data that is collected.

“These apps are also not updated regularly, which poses a cybersecurity threat,” said Apar Gupta, Executive Director at Internet Freedom Foundation, a digital advocacy organisation.