Aarogya Setu has been embroiled in data and privacy debates right from the onset, and was initially handed a rating of 2 out of 5 stars by the Massachusetts Institute of Technology, based on its privacy and data principles. Now, in a detailed report published by MIT Technology Review, which has rated all the Covid-19 contact tracing apps in the world, the Aarogya Setu app rating has been downgraded to 1 out of 5 stars, with only 'data destruction' being the parameter that it has ticked. The revised rating comes after MIT researchers evaluated the app and found that it in the parameter of 'data minimisation'.
In other words, as per MIT researchers, the Aarogya Setu asks for and collects far more data than what it needs to implement contact tracing of Covid-19. Data minimisation is a key aspect of a good app, where services are ideally recommended to collect as little of the user's information as possible. The reason behind this is to reduce the app's liability to protect user data, and give the users themselves an assurance that their information will not be misused for any third party purposes.
Ever since introduction, Aarogya Setu has often come under fire from privacy advocacy bodies for breaching consumer trust, not establishing a standard operating procedure, and being mandated for download without a supporting legal framework. In response, the Ministry of Home Affairs on May 11 published a data protocol for the app that aims to certify that user data being collected through the app will not be used or viewed by anyone other than those that are absolutely necessary.
That said, still more have questioned the efficacy of contact tracing in India, since a vast number of individuals are not smartphone users. Going forward, it remains to be seen how the revised MIT rating may affect the Aarogya Setu app, and if this, coupled with Apple and Google's rolling out of the privacy-focused Exposure Notification API, leads to fundamental operational changes in the app.