In the middle of this tumultuous pandemic, the Indian Government implemented a scheme to ameliorate the condition of public health in the country, using digital technology. The Government introduced a mobile contact tracing application called AarogyaSetu to track down the growth of Covid-19 cases and it became the worlds’ quickest app to reach 5 crore downloads in just 13 days. The app extracts the details of its users and devises their social graph. The app has numerous parts which depict an individual’s status concerning the susceptibility to the risk, a self-evaluation test and also updates about COVID-19. Moreover, it traces one’s location with the help of GPS and Bluetooth to find out where the person has been and notifies the individual if he or she has come in touch with someone who is the carrier of the virus. In such a way, the app ascertains the current overall health condition of a person and whether one risks infection or not. Nevertheless, apprehensions are being reverberated about the utilization and effectiveness of the application, since it is likely that the app and the data used might be at fear of exploitation and misuse because of the terms of service and the privacy policies of the app. The app unquestionably elicits serious questions about the infringement of an individual’s right to privacy.
Concerns with the Aarogya Setu App
This depicts that the information can be traded with various divisions of the government. It is said that the health ministry’s participation in the examination of the data is only nominal. The government can utilize the app for even regulating the right of freedom of movement of people. The app’s chief objective was to inform users about the danger of them getting infected with COVID-19.
But it has been revealed that the government is utilizing the data gathered by the app for various other objectives such as to determine whether India should relax the lockdown or not, and also to create several policy decisions, thus infringing the principle of purpose limitation 2The principle states that personal data should be processed only for the original objective of collection of the data.. Moreover, the application brings up apprehensions about several discriminatory and exclusionary approaches of the Government. Considering that India does not possess legislation that manages digital surveillance, discriminatory preying is a plausible danger affixed to using the app.
Other contentions made in opposition to the app
- Absence of technological parameters employed for the Bluetooth technology, algorithms and artificial intelligence networks and no stating of the names of independent parties included in the creation and launching of the app.
- There is an in adequate illustration of the privacy-foremost structure that will safeguard the delicate private data of users.
- There was no involvement of the public health office-holders in the committee established to put the app into effect.
- The directive by the centre to demand the public and private employees to download the app compulsorily is observed as a direct infringement of the right to privacy given the non-existence of any regulating legislation.
- The time period for which the app will continue functional is not mentioned.
- After the gathering of the delicate data concerning the health of an individual, how the data is gathered, kept, given out, and treated is ambiguous. The method of data anonymization 3The procedure of separating personally distinguishable information from data sets, so that the individuals whom the data describe remain anonymous., furthermore the steps adopted to safeguard privacy of information received from individuals, has been left secret.
- There are no signs of clarity or accountability as the source code is not made accessible to the citizens.
- There are apprehensions about the app generating incorrect outcomes since Bluetooth and GPS technology tend to lack precision for virus exposure. There will then be a big chance of faulty positives and faulty negatives.
The questions that are brought about this app are chiefly concerning the right to privacy of an individual. In addition, there are also apprehensions about the facets of answerability in case any data infringement happens within the system.
What is Right to Privacy?
The word “privacy” has been explained as the real privilege of a person to think about the extent upto which he desires to share himself with the community and his power over the time, location and circumstances to interact with others. That is to say, it is his privilege either to pull back or to take part as it deems suitable to him. It furthermore means the person’s right to control the distribution of details about him, which is his own private asset. The Constitution of India guarantees Right to Privacy under Article 21 4Gobind v. State of Madhya Pradesh 1975 (2) SCC 14, which is a necessity of Right to life and personal liberty.
The purview of this article has many dimensions according to our constitutional history. In the case of K.S Puttaswamy v. Union of India 52017 (10) SCC 1, the Apex court decided that right to privacy is a fundamental inalienable right. It was also held that the Right to Privacy is essential to other fundamental rights as well, such as the right to freedom of establishing associations, right to equality etc., because the right to privacy has one common feature to all the fundamental rights safeguarded by the Constitution of India, i.e. the protection of the dignity of a person.
The right to privacy is inseparable to the safeguarding of the dignity of a person because of the option that should be provided to them about keeping their private details, private. The Right to privacy safeguards the privacy of the human body against any form of infringement or controlling of body movements. All individuals have the right to privacy over communication, i.e. the right to have total control of the communication and the right to safeguard and also stop ingress to their communications.
Yet another form of privacy that is afforded under this fundamental right is that of decision making, and the right to make decisions that are personal to an individual, to the barring of all others. Furthermore, all people have the right to associational privacy. Individuals must have absolute privacy over their selection of people to communicate with. Finally, privacy is also awarded to in terms of safeguarding of intellectual property.
Any claimed violation of the fundamental right must qualify the tests set down under Article 14 and Article 21 of the Constitution i.e. the need for a law, lawful objective, procedural guarantees and proportionality of application. 6There should be a logical and reasonable nexus between the objectives and the method adopted to fulfil them. The court additionally stated that during a public health emergency, the government may use delicate information and health details of an individual, but only in a manner that makes sure anonymity of the patients.
Aside from the protection guaranteed under the Constitution of India, Section 43 of The Information Technology Act, 2000 also comprises Right to Privacy which brands unsanctioned ingress into a computer resource as an offence. Because this right is rising as one of the most necessary rights of this period, it is crucial for the governments to safeguard the rights of privacy as more and more private data is being collected by both governmental and non-governmental agencies for numerous objectives.
Plan of Action
Sadly, India does not have a formal data protection law, rather it lays down rules for public and private officials to protect privacy of an individual and manage the usage of delicate data. The current legal legislations in India, such as the Information Technology Act, 2000 have only narrow applicability. The Aarogya Setu app works incoherently with the principles of data protection and privacy of a person, and the government must solve this expeditiously. For example, there is a necessity that the data gathered must be utilized for a particular objective, and the people should be made aware of the same.
Moreover, there is no accountability procedure at hand in case there is a data privacy violation, and this too must be taken into consideration. The Parliament of India must expeditiously put forward an ordinance to supply the app with legal support and establish a system to protect the rights of people.
In conclusion, at the same time as society is being confronted everyday by new and dangerous menaces to public health, the rights of individuals guaranteed by the Constitution of India should not be taken for granted. Preserving public health, particularly during the period of a pandemic, is undoubtedly a lawful goal of the state. But there is nothing here that is well known to depict how the solution adopted is reasonably and logically linked to the achievement of the goal.
Though there is loosening of the privacy clauses universally for creating room for tracing and surveillance to limit the growth of the infection, these surveillance parties should be made democratically answerable under legislation that comes after a parliamentary dialogue on the principle of proportionality. Breaches in the healthcare department that originate from policy formulation and execution vents are many. Some of them are revealing of private health information of an individual to third party agencies without consent, limitless or unneeded collection of private health data, giving out this personal health data for research purposes and other commercial uses without any proper security standards, etc.
These may lead to a kind of prejudice or stigmatization. Hence, there is a need for good policies and a proper data protection law for protecting the sensitive data of individuals, mainly in a country like India, where privacy is relatively a newer idea. The officials in charge of collecting data, during and after the pandemic, should process location data in an anonymous manner to avert individual identification. It also becomes the liability of the state to have a vital part in the concerted efforts of the public and private authorities in building a protective framework. This would permit the application of healthcare measures in society without fully destroying the existence of the privacy rights of individuals.