The Central Information Commission (CIC) on Monday issued a show-cause notice to the Central Public Information Officers (CPIO) of the Electronics Ministry's National Informatics Centre (NIC) for providing an evasive reply on information about the creators of the Aarogya Setu app.
Issuing notice, the CIC found it "extremely preposterous" that while the Aarogya Setu website gave information on who designed, developed and hosted the platform, "none of the CPIOs were able to explain anything regarding who created the App, where are the files, and the same is."
Two days after the show-cause notice was issued, Aarogya Setu tweeted a clarification saying that the app "is a product of Government of India built in collaboration with the best of the minds of Industry & Academia. Worlds largest contact tracing App, appreciated by WHO also."
The CIC directed four CPIOs–S.K Tyagi, Deputy Director and CPIO; DK Sagar, Deputy Director Electronics; RA Dhawan, Senior General Manager (HR & Admn) and CPIO NeGD; and Swarup Dutta, Scientist F and CPIO NIC to appear before the bench on November 24 "to show cause as to why action should not be initiated against them under Section 20 of the RTI Act".
"The CPIO, NIC to shall also submit written submissions detailing their role in the creation of the website https://aarogyasetu.gov.in/ with the domain name gov.in. The CPIO, NeGD shall also explain the delay of about 2 months in replying to the RTI application," the show-cause notice read.
The CIC's notice came on the heels of a complaint filed by Das who submitted that the reply to his RTI stated that the NIC—the developer of the Aarogya Setu app—"does not hold the information" pertaining to the app's creation.
No one has any information: Das to CIC
"No one has any information on how this App was created," the complaint read. Furthermore, there was no information about "…the files relating to its creation, who has given inputs for this App's creation, what audit measures exists to check for misuse of the personal data of millions of Indians, whether any anonymisation protocols for user data have been developed and about who this data is being shared with," the complaint said.
"This is despite the fact that any omissions and commissions by these public authorities and any failure to perform their duties as outlined and mandated under the Protocol, 2020, could essentially lead to security compromise of millions of Indians' personal and user data. This would be a grave breach of the fundamental right to privacy on a massive scale and threaten people's constitutionally guaranteed right to life and liberty," Das said.
Authorities cannot wash hands off by stating that information is unavailable: CIC
Though the CIC was mum on the privacy concerns cited by Das, it observed that "Denial of information by all the concerned authorities cannot be accepted at all…". The officers were also pulled up for passing the buck to different departments under the guise of Sec 6(3) of the RTI Act. "It is a current issue and it is not possible that there was no file movement while creating this App, a citizen cannot go round in circles to find out the custodian," the CIC said.
"The complainant's plea that the CPIO, National E-Governance Division, MEITY should be penalised under section 20(1) and 20(2) of the RTI Act for willfully and repeatedly refusing to act in conformity with the RTI Act despite sending repeated reminders requesting them to furnish the information seems correct in the absence of a reasoned and justifiable reply from the CPIOs concerned," it added.
The CIC further said that the department could not "simply wash their hands off by stating that the information is not available with them". They should have put "some effort" to find out the custodian(s) of the information sought…"
