A THREAT TO PRIVACY - AAROGYASETU
Updated: Dec 15, 2020
- Manthan Pandit & Khushi Birla
What is AarogyaSetu?
It is a contact tracing app that records our day-to-day physical interactions with someone who may have tested positive for Covid-19 via a socio-statistical graph developed by Bluetooth and Location and is produced by the Indian Government's National Informatics Centre.
This app is designed to easily alert the registered users to monitor those Covid-19 positive users who they have come in contact with. The static ID collects the data which is then stored in a centralized server.The data collected comprises of the sensitive personal data of the registered user such as their age, name, medical history, travel history, etc.
Additionally, this information may be shared by the government with relevant persons if it’s required, to carry out medical or administrative interventions.
Right to Privacy
Right to Privacy under Article 21 of the Constitution of India also includes Right to Life and personal liberty. Right to Privacy is further recognized under Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights.
The scope of this article is known as multi-dimensional in our constitutional history. In the case of M.P.Sharma v. Satish Chandra the debate about whether privacy is a fundamental right or not arose and it was concluded that there is no constitutional right to privacy. Furthermore, in the case of Kharak Singh v. State of Uttar Pradesh, the same was concluded.
After approximately 11 years, another case was brought before the Supreme Court, Gobind v. State of Madhya Pradesh, it was determined that the right to privacy, underpinned by personal liberty, was implied in Article 21.
The most highlighted case related to right to privacy is the case of K.S Puttaswamy v. Union of India in which the Supreme Court of India ruled that Right to Privacy is a fundamental right and that Article 14, Article 19 and Article 21will not lose its significance/status among the Golden Trinity.
Data Protection in India -
There is a clear absence of data protection laws in India although the Supreme Court of India recognizes Right to Privacy as a fundamental right. There is no distinct law on data protection and privacy. On the directions of the Supreme Court, the Union Ministry of Electronics & Information Technology (MEITY) constituted an Expert Committee headed by Supreme Court Judge (retired) Justice B N Srikrishna to identify key data protection issues and recommend methods to address them.
The Justice Srikrishna Committee recommended a new data protection law to be enacted as according to the committee there are loopholes in the governing of the legal framework in India. A Personal Data Protection Bill was introduced in 2019 however; the Indian Parliament is yet to pass the bill as crucial data of citizens remains unprotected and easily accessible by the public at large. The provisions under the Information and Technology Act, 2000 is also inadequate to protect sensitive information. As AarogyaSetu infringes the fundamental rights of the citizens, there is a constitutional requirement to establish a procedure to restrict the app from doing so.
The Ministry of Electronics and Information Technology released the data access and knowledge sharing protocol of the app and stated that the National Executive Committee has created an empowered group on technology and data management which are looking at the development and correct implementation of the app. The protocol established is not a statute and one of the main points observed is that the government authorities have no plans to create a legislative law to make the app accountable for any wrongdoings. The protocol is drafted to justify the centralized collection of the data and does not throw light on why the existing alternatives like telecom operators are not enough.
With the constant growth of the digital world, the administration has been cautious and is trying to ensure the protection of its subjects' data in particular. The right to privacy, which allows unauthorized access to a computer resource an offense, is also covered in Section 43 of the Information Technology Act, 2000. As this right is one of the most valuable rights of this time, it is imperative for governments to protect privacy rights, as both governmental and non-governmental entities collect more and more personal data for different purposes.
Contact tracing applications have turned to be a promising positive tool for the protection of public health. Given the necessity of a digital infrastructure that helps monitor the virus, in the light of this current quicksand regarding all the privacy concerns concerning the AarogyaSetu App, it is of paramount importance to the public that their data is safe and stable. It is important to comply with the present request for accountability and protection with an elaborate constitutional framework to protect citizens' rights.
While AarogyaSetu has received a wider public acknowledgement, there are also numerous concerns about the use and storage of this information. It is time to call on the government to actively clear up all the current uncertainty concerning the app.
Citizens should be given assurance of protection of their data and the government must address these concerns by taking proper steps to govern the application and ensure transparency and improve the efficacy of the application by following the principles of data protection such as data minimization and data anonymity.
The implementation of Aarogya Setu has now been modified to "best effort basis" as the most recent development in this issue of compulsory use of the app on 17.05.2020, following several pleas filed before the courts.
Manthan Pandit & Khushi Birla are second year students at Pravin Gandhi College of Law, Mumbai.
 Harvard Business review, How Digital Contact Tracing Slowed Covid-19 in East Asia, Harvard Business Review, (Dec 1, 2020, 10:30 PM), https://hbr.org/2020/04/how-digital-contact-tracing-slowed-covid-19-in-east-asia.  M.P. Sharma v. Satish Chandra, AIR 1954 SCR 1077.  Kharak Singh v. State of Uttar Pradesh, AIR 1964(1) SCR 332.  Gobind v. State of Madhya Pradesh, 1975(2) SCC 14.  LexLife India, Right to Privacy v. Aarogya Setu App, LexLife India, (Dec. 10, 2020, 4:30 PM), https://lexlife.in/2020/05/28/right-to-privacy-v-aarogya-setu-app/.  K.S Puttaswamy v. Unio of India, 2017 (10) SCC 1.  Harshul Khadiya, Right to privacy v. Aarogya Setu, Lawunison.com, (Dec. 4, 2020, 4:00 PM), https://www.lawunison.com/news/right-to-privacy-v.-aarogya-setu.  Right to Privacy v. Aarogya Setu App, supra note 5.  Ibid