wordpress blog stats
Connect with us

Hi, what are you looking for?

NIC refuses to give information about companies with access to Aarogya Setu Open API in RTI

Aarogya Setu

The National Informatics Centre (NIC) refused to provide the list of companies that have access to the Aarogya Setu Open API in an RTI response, saying that “no larger public interest is served by providing this information”. When SFLC.in, the digital rights organisation that had filed the RTI, appealed the reply citing Section 8 of the RTI Act, 2005, which does not recognise “larger public interest” as a ground to deny information, the Appellate Authority of NIC agreed with the first CPIO’s (Chief Public Information Officer) decision to refuse the information.

The Aarogya Setu Open API Services Portal, launched on August 22, allows third party apps to check users’ health status “with consent”. This service is only available to orgnisations and entities that are registered and have operations in India, and have more than 50 employees/customers/users.

This is not the first time that RTI queries related to the contact tracing app have been stonewalled:

Advertisement. Scroll to continue reading.
  • The Central Information Commission had hauled up the CPIOs of National e-Governance Division (NeGD) and Ministry of Electronics and Information Technology (MEITY) for providing evasive replies to RTIs related to Aarogya Setu. In this case, filed by RTI activist and journalist Saurav Das, the CIC had also directed the NIC to explain how it could have no information related to the app if the website is hosted on a .gov.in domain which is controlled by the NIC.
  • Internet Freedom Foundation’s RTI request seeking the source code of the app was rejected in May. However, that was filed before the Android code was open sourced on May 27 and the iOS code was made open source on August 10. It is important to remember that NIC-CERT had later said that source code on GitHub, that is the Android source code, is “test backend code”, not “production code”.

On the other hand, other RTI responses related to app have revealed significant information:

  • RTI responses from the NIC revealed that the government of India has not implemented the measures and safeguards prescribed in the IT Ministry’s Data Access and Sharing Protocol for Aarogya Setu, the Quint had reported. For instance, the Protocol mandates NIC to maintain a detailed list of entities with whom Aarogya Setu data is shared, but NIC only gave categories of entities with whom it shares data. NIC also said that it had no information about the “reasonable security practices and procedures” implemented by parties receiving data. Read the RTI query (filed by Das) and NIC’s response.
  • RTI responses from MEITY have shown that the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, that the government had released on May 11, had significant inputs from MEITY that were ultimately rejected. Key amongst them was a set of guidelines to govern all data related to the COVID-19 pandemic, not just Aarogya Setu data.
  • In response to RTIs filed by MediaNama, NIC had revealed the following information:
    • The number of submissions made to the Aarogya Setu Bug Bounty Programme
    • That the results of the Android Bug Bounty Programme will be announced “shortly” and that the Bug Bounty Programme for iOS would be released “shortly”. We had received this response on September 30, although the results of the Android Bug Bounty Programme were yet to be announced at the time of publication.

Read more:

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ