MUMBAI | DELHI: A clause limiting the government’s liability to user data for its Aarogya Setu contact tracing app has made some legal experts question whether, in case of unauthorised access to the information, a legal recourse would be the only option available, especially since the app has been made mandatory for a significant section of citizens.
According to the app’s terms and conditions, the user “agrees and acknowledges that the Government of India will not be liable for…any unauthorized access to your information or modification thereof.”
Although the liability clause is standard practice to indemnify companies or institutions, experts have expressed concern since the government has required all employees of private companies to compulsorily download the app once they start working from offices when the ongoing nationwide lockdown is lifted.
“This also goes against the provisions of the IT Act and the proposed Personal Data Protection Bill as the app service provider would fall under the definition of an intermediary and (is) obligated to ensure the security of the data collected and (is) liable for loss of it under the intermediary guidelines,” said Salman Waris, Partner at Tech Legis Advocates and Solicitors.
In case of data breach, the judiciary is the only port of call, other privacy experts said.