AUTHOR- Rahul Verma, Law Centre- 1, Faculty of Law, University of Delhi.
Aarogya Setu (literally, disease-free bridge) is an Indian COVID-19 mobile application monitoring established by the National Informatics Centre under the Ministry of Electronics and Information Technology of the country.
What is Arogya Setu and Its main aim?
Arogya Setu app is essentially a contact tracing app that tracks our interactions with someone who could have tested positive for Covid-19 through a Bluetooth and Location generated the social graph and is developed by National Informatics Centre of the Indian Government. The app is a part of a service designed to enable registered users who have come in contact with other registered ones who have tested positive for Covid-19 to be notified, traced and necessitated.
The stated aim of this app is to spread awareness of COVID-19 and link important COVID-19-related health services to the Indian people. This app increases the Department of Health’s initiatives to contain COVID-19 and communicates best practices and advisories.
The app alerts you if you have come in close proximity of a person, even unknowingly tests Covid-19 positive. The alerts also bring forth instructions on how to self-isolate and on how to access help and support in case of development of symptoms. The Ministry of Electronics and IT estimated the downloads of this app to have crossed 100 million.
The app contains multiple sections which provide our status (regarding the proneness to the risk), a self-assessment test, Covid-19 updates, and an E-pass (if applied and made available). It also tells us how many COVID-19 positive cases are present in a radius of 500m, 1 km, 2 km, 5 km, and 10 km from the registered user.
Amidst the unprecedented and chaotic pandemic in the country, concerns are being echoed about the usage and efficiency of ‘Arogya Setu’ app designed to trace the spread of Covid-19. The questions that are raised about this app are centered around the right to privacy. Recently, multiple pleas were filed before the Kerala High court challenging the mandatory usage of the app by the public and private sector officegoers and citizens in the containment area. While the Centre denies the vulnerability of the app to data breach and privacy issues, it strongly affirms that the app has a robust framework of privacy policies. In pursuance of this agitation, many cyber activists have put forth their arguments against the app, challenging the inefficient policy framework and the lack of an underlined legal protection.
With the booming doubts and arguments between the Centre and the concerned privacy rights activists, citizens only wish for lucidity regarding the functioning of the app and the assurance of the protection of their private data. Justice B.N. Srikrishna in his latest views about the app expressed that the push for mandating the use of the app is “utterly illegal”.
What is right to privacy?
On the global level, this right is considered to be a fundamental human right recognized by international declarations like the UN Declaration of Human Rights, the International Covenant on Civil and Political Right and in numerous other treaties and conventions. This right co-exists with the elements of human dignity, security, and reserve. Considering this right’s significance, many countries have already recognized the right to privacy in their constitution. In a few countries like the United States, Ireland and India, the apex courts have implied that the right is found in other provisions of their respective constitutions.
The Constitution of India encompasses Right to Privacy under Article 21, which is a requisite of Right to life and personal liberty. The scope of this article is considered as multi-dimensional in our constitutional history. The very first instance of the debate about whether privacy is a fundamental right or not, was in the case of M.P. Sharma v. Satish Chandra [AIR 1954 SCR 1077] where it was held that the right to privacy will not be considered a fundamental right. The same was reiterated in the case of Kharak Singh v. State of Uttar Pradesh [AIR 1964(1) SCR 332]. But after about eleven years, another case before the Supreme Court, Gobind v. State of Madhya Pradesh [1975 (2) SCC 14], it was decided that the right to privacy is implicit in Article 21, bolstered by personal liberty.
A historic turn was taken in this right’s history, associated with the case of K.S Puttaswamy v. Union of India [2017 (10) SCC 1] in which, the judgement was passed by the apex court that right to privacy is a fundamental right and will not lose its significance/status amongst the Golden Trinity of Article 14 (Right to Equality), Article 19 (Right to Freedom) and Article 21 (Right to Life and Personal Liberty).
With the constant expansion of the digital world, the government has been vigilant and particular is securing the privacy of the data of its subjects. “Section 43 of The Information Technology Act, 2000 also includes Right to Privacy which makes unauthorized access into a computer resource as an offence.”Since this right is emerging as one of the most essential rights of this era, it is imperative for the governments to protect the rights of privacy as more and more personal data is being acquired by both governmental and non-governmental organizations for various purposes.
The Aarogya Setu app vis a vis right to privacy:
The Aarogya Setu app is one that has a questionable premise. It is an app that can be used to track the movement of the people, more so, without asking for their consent. The Aarogya Setu App, and its current mandate of use do not offer a person the right to opt-in to the security and privacy violations that the app tends to commit to. With recent judicial luminaries such as Former Supreme Court Judge B N Srikrishna, the chair of the committee that drafted the Privacy Protection Bill 2011, stating that the government’s move was “utterly illegal” (as reported in Indian Express 12th May, 2020, 1:31:56 pm, by Apurva Vishwanath), the true ends of this right need to be justified. The protection of data is guided by the Aarogya Setu Data Access and Knowledge Sharing Protocol, which is considered to be an order that has been issued by the Empowered Group on Technology and Data Management. This body has been set up under the Disaster Management Act.
Given the government’s penchant for ordinances (for example, the Kerala government issued an order to circumvent the high court’s judgment on salaries), it is unlikely that the requirement of legislation will present an effective check on executive abuse. However, that makes it necessary to emphasize that serious substantive constitutional issues exist with the compulsory use of the Aarogya Setu app.
As is well established, the principle of proportionality for deciding whether or not a violation of the right to privacy is justified has four prongs: validity (requirement of a statute with a valid purpose), Suitability (the government’s intervention must be sufficient to resolve the issue, i.e. a reasonable relationship must exist between means and ends), necessity (i.e., it must be the least restrictive alternative) and proportionality stricto sensu (a balance must be struck between the degree to which rights are infringed and the legitimate intent of the State).
The data collection activities of the Aarogya Setu app have already been thoroughly addressed and how they fall short of constitutional requirements. There is, however, a wider legal argument to remember, it is for the state to demonstrate that the suitability and necessity prong of the standard of proportionality are satisfied.
This case of the Aarogya Setu app is one that has to be carefully noted and the extent of its capabilities fully understood. Once a person has downloaded this app on to their phone, and given their personal details, their movements, the people they associate with and the activities they indulge, practically becomes government knowledge. It is important to consider whether such an aggressive means of the violation of the right to privacy is in fact, good for the country, or the population.
One of the most important tests to be applied herein is that of proportionality. It needs to be seen whether the restriction that has been imposed on the right to privacy is reasonable to the end it seeks to achieve, i.e. the prevention of the spread and containment of the COVID-19 virus. Without the development of a vaccine and practically no other way to tackle the virus, it seems that the only means of containing the spread of the virus is through aggressive contact tracing and social distancing, which are the main goals of this app. In this scenario, the reasonability of this app also highly hinges on whether the protection of data collected is comprehensive and strong.
However, with a protocol being issues by a body set up under the Disaster Management Act, the standards of protection of data are not trustworthy. The same was vocalized recently by Hon’ble Justice Srikrishna as well. So the question one must ask herein is, if the security of their data gives them enough reason to believe in the proportionality of the measure.
In the light of this current quagmire about all the privacy issues surrounding the Arogya Setu App, given the urgency of a digital system that helps in tracking the virus, it is of utmost importance to the public that their data is safe and secure. With an elaborate constitutional mechanism to preserve the rights of citizens, the present request for transparency and security must be met with. It would mean a failure on part of the constitutional machinery of the fundamental rights if this right of privacy is taken away from the individuals.
For more practical purposes, the government bears the responsibility of demonstrating that the design of the device meets both the suitability and the requirement prongs of the check – a responsibility that remains uncharged up to now (indeed, it goes by Lightened ministerial comments on how the software will continue to be in operation for two years, the government seems to have very little appetite to even seek to discharge the burden).
Within three days of its launch, Arogya Setu crossed 5 million downloads making it one of India’s most successful government apps. It became the world’s fastest-growing smartphone app beating Pokémon Go, with more than 50 million installs, 13 days after its launch in India on 2 April 2020. In an order released on 29 April 2020, the central government made it compulsory for all employees to download and use the app, they had to check their status on Aarogya Setu and only turn to Aarogya when the device is secure or low-risk.
Even though Aarogya Setu has received a wider acceptance by the public, numerous concerns are also being raised about the usage and storage of this data. It is time for the government to be called for a deliberative clearance of all the existing doubts surrounding the app.