Aarogya Setu App: The Trade-Off Between Public Health and Data Privacy
Written by Samiksha Agarwal
Fifth Year, BBA. LLB. Symbiosis Law School, Pune
Disclaimer: Please note that the views expressed below represent the opinions of the article's author. The following does not necessarily represent the views of Law & Order.
The Right to Privacy has been held as a fundamental right by the Indian Supreme Court, disregarding all the efforts and actions of the democratically- elected government of India, to inflict its complete and absolute authority over the privacy rights of the individuals. The Indian Government has, at multiple instances, tried to circumvent the reproached stand of the Supreme Court on this issue, one of them is introducing the mandatory use of Aadhar and now this step of introducing the Aarogya Setu App.
Keywords: Aarogya Setu, Right, Privacy, Government
The Aarogya Setu app
In light of the COVID-19 pandemic, the Ministry of Electronics and Information Technology has recently launched “Aarogya Setu", a contact-tracing app that informs the users regarding COVID-19 positive cases in their proximity. It uses the Location Settings and Bluetooth data of the individuals to provide the mentioned information. It further assists the government to accumulate sensitive data such as the identity, gender, and the traveling details of the app user.
The mandate by the Government of India
In its initial guidelines regarding the use of the application, the government made it mandatory to download and use the app for both public and private employees. The employer or the head of the organization is responsible for ensuring that each employee adheres to these guidelines. However, these guidelines were reformed later, making downloading of the app optional rather than mandatory.
The government has been continuously citing the benefits and advantages of the app, such as the fact that it enables early identification of risk of infection among individuals and enhances community safety.
Various states have also developed their own contact tracing apps such as ‘Chikitsa Setu’ by Uttar Pradesh, ‘T-COVID-19’ by Telangana, ‘Cova Punjab’ by Punjab, among others. Their main objective is to track and contain the spread of the virus.
However, a major problem lies in the fact that these State-mandated apps are following a similar framework as the ‘Aarogya Setu’ app, that compromises the privacy of individuals.
Underlying Concerns: Legal and Social Perspective
There are multiple issues that plague the use and administration of the Aarogya Setu app and other apps mandated by the Centre and State authorities. The main concerns are as follows:
The app has been introduced through an executive order and is not backed by any legislation, which is a necessary precondition for the reasonable and democratic implementation of any law. This is a pertinent concern, especially because there is no specific law for personal data protection for citizens.
The terms and services of the app give out a blanket limited liability to the government, which implies that there is no guarantee against data theft or breach of security. The blanket limited liability clause majorly compromises the privacy of citizens due to the power it provides the government in terms of data collection.
The source code of the Aarogya Setu app is not open, that means it is not extended to the user or developers to make any modifications as deemed necessary. This is violative of the government’s own principle of transparency in administration. The application should undergo a community audit in order to understand more about its origin.
The terms of reference lay down that it is the obligation of the government to delete certain data after a period of 30 days, but there is no way for citizens to confirm the same. Therefore, this deprives the citizens of their legal rights over their own data.
These apps also acknowledge the possibility of tracking false-positive cases, which might lead to a high incidence of wrongful judgments made by people, leading to unwarranted stigmatization within their communities.
These loopholes indicate that these apps have created various pathways to privacy breaches that violate data security. Moreover, apps similar to the Aarogya Setu that have been mandated at the State-level have been created by private companies, that indirectly allows these corporations unrestricted access to the personal data of the individuals, without conferring any liability in the case of wrongful use or breach of data. Therefore, the information can be collected with a blanket right to later use it for the profit or benefit of any unknown authorities. This shows a blatant disregard for the rights of individuals over their privacy.
The dominant concern is that this app could become a citizen spying or surveillance tool.
The government needs to establish a relationship of trust with the citizens in order for people to follow and respect their authority.
There are various kinds of databases being formed in India for purposes of public health in order to create a better pharma-structure and tele-medicines to develop efficient treatments in the future. For the sake of such initiatives, the government must be more cautious while handling the private data of citizens. In case the privacy concerns are proven to be correct, the public will significantly lose their trust in such government initiatives and actions in the future even if they are bonafide in nature.
Furthermore, the privacy-oriented concerns that are being raised by various experts, researchers, and opposition parties regarding the app must be outrightly addressed. This would work as a panacea to any skepticism towards government practices.
Simultaneously, it must be ensured that the right to privacy accorded to the citizens by the Supreme Court is not, in any manner, seized or jeopardized. This is essential in order to uphold the safety and rights of Indian citizens as enshrined by the law of the land.
1. Justice K. S. Puttaswamy (Retd.) v Union of India, (2019) 1 SCC 1.
2. Aashish Aryan, UP, other states launch app to track virus, raise privacy concerns over unfettered access to data, Indian Express, May 19, 2020, at 11.
3. M V Rajeev Gowda, Seven Questions about an app, Indian Express, May 12, 2020 at 7.
4. Our concerns with the Aarogya Setu App, Sflc.in (Apr. 08, 2020, 12:02 PM), https://sflc.in/our-concerns-aarogya-setu-app
5. Manavi Kapur, India’s Aarogya Setu app is another chapter in its chequered history of data protection, Scroll.in (May 14, 2020, 08:30 PM), https://scroll.in/article/961847/indias-aarogya-setu-app-is-another-chapter-in-its-chequered-history-of-data-protection
6. Govt highlights advantage of Aarogya Setu, but stops short of making it compulsory in new guidelines, The Economic Times, (May 17, 2020, 11:20 PM), https://economictimes.indiatimes.com/tech/software/govt-highlights-advantage-of-aarogya-setu-but-stops-short-of-making-it-compulsory-in-new guidelines/articleshow/75794082.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst