Government not liable for data leaks from Aarogya Setu app

A clause in the COVID-19 contact-tracing app Aarogya Setu might reduce the government’s liability in the event of a data leak.

According to a report by The Economic Times, legal experts questioned whether legal action would be the only recourse in the event of unauthorised access of information, since the app is mandatory for many citizens.

According to the app’s terms and conditions, the user “agrees and acknowledges that the Government of India will not be liable for…any unauthorised access to your information or modification thereof”.

Legal experts quoted in the report say that though liability clauses are a part of standard practice, it is worrying since the government has made the Aarogya Setu app compulsory for public and private sector employees, and for those living in containment zones.

“This also goes against the provisions of the IT Act and the proposed Personal Data Protection Bill as the app service provider would fall under the definition of an intermediary and (is) obligated to ensure the security of the data collected and (is) liable for loss of it under the intermediary guidelines,” Salman Waris, Partner at Tech Legis Advocates and Solicitors said as per the report.

French hacker Robert Baptiste, who uses the name Elliot Alderson on Twitter on May 5 said he found security concerns on the app, which affects the data of 90 million Indians.

The app, via its Twitter handle, stated that no personal information of any user has been proven to be at risk by Elliot Alderson.

―Money Control