AAROGYA SETU APP DURING COVID 19: AN INFRINGEMENT OF RIGHT

TO PRIVACY

Priyanka Mittal

Abstract
Undoubtedly a digital economy has immense transformative potential for a country like India. It can
significantly improve lives of Indians, given its tremendous contribution to sectors that affect masses
such as healthcare, research and development, emergency services, and transportation, to name a few.
However, a booming digital economy also brings about unique challenges and potential for
discrimination, exclusion and harm. In current scenario of covid 19 pandemic the dichotomy between
public health preservation and protection of the citizens fundamental right to privacy, is a serious
concern which cannot be ignored. Tracking and surveillance in the present situation does serve a
compelling state interest, however, for the purposes of constitutional sanctity and to protect Right to
Privacy it is imperative to enforce safeguards as well. Currently, the law in India and many other nations
across the globe provide limited protection to personal data of individuals. In this paper an attempt has
been made to discuss that how digital technologies like Aarogya setu app offer tools for supporting a
pandemic response but at the same time how it is difficult to provide protection to personal data of
individuals.

1. Introduction
Conflicts between privacy and new technology is not a new thing. With the rise of mass media
concerns as to legal protections against the harms or adverse consequences of intrusion upon
seclusion, public disclosure of private facts and unauthorized use of name or likeness in
commerce have also arisen. Digital technologies are reshaping the practice of science. 1 With the
growing interest in technology enabled contact tracing governments, technology companies, and
research groups are trying to track "close contacts" and to identify prior contacts in the event of
an individual's positive test. However, there is currently significant tensions between effective
technology based contact tracing and the privacy of individuals. Digital technologies are being
used as a tool to support the public-health response to COVID-19 worldwide, including
1
Dash Shakyawar, Big data in healthcare: Management, Analysis and Future Prospects, 6 JBD 54, (2019),
https://doi.org/10.1186/s40537-019-0217-0 pdf.
population surveillance, case identification, contact tracing etc. However, some have raised
security and privacy concerns as well as broader concerns about its efficacy.2
This article traces the use of Aarogya setu app as a digital tool to combat the pandemic of
COVID-19. The challenges faced by user’s of this app due to its mandatory use and how it is
effecting on individual’s right to privacy. The article concludes that while Aarogya setu app
helps in tracing and isolating the contacts of infected people in the fight against the COVID-19
pandemic but it lacks transparency and absence of data protection regulations due to which
user’s right to privacy is at stake.

2. Meaning of privacy in a digital age

The term privacy encompasses not only avoiding observation, or keeping one‘s personal matters
and relationships secret, but also the ability to share information selectively but not publicly.
Anonymity overlaps with privacy, but the two are not identical. Likewise, the ability to make
intimate personal decisions without government interference is considered to be privacy right, as
is protection from discrimination on the basis of certain personal characteristics such as an
individual‘s race, gender, or genome. Privacy is a condition or state of being. It is the right to be
left alone or being able to be free from certain kinds of intrusions. This is also recognised
internationally in Article 8 of the European Convention of Human Rights and Article 17 of the
International Covenant of Civil and Political Rights as the right to respect for private and family
life, home and correspondence.3
The conflict between privacy and technology is not new, except perhaps now in its greater scope,
degree of intimacy and pervasiveness. Nowadays, people are more afraid that the digital systems
they use on an everyday basis may bring unwanted effects into their lives by infringing their
right to privacy. Today anyone can be tracked through mobile phones, emails and data left on the
Internet may be used to spam, or even worse.

3. Evolution of Right to Privacy under Indian Constitution:

2
Allison Gardener, There’s No Evidence Contact-Tracing Apps Are Helping Stop COVID-19, SCIENCE THE WIRE (Oct.
25, 2020, 11:08 AM) https://science.thewire.in/health/theres-no-evidence-contact-tracing-apps-are-helping-stop-
covid-19.
3
Vrinda Bhandari and Renuka Sane, Towards a privacy framework for India in the age of the Internet, NATIONAL
INSTITUTE OF PUBLIC FINANCE AND POLICY (Oct. 20, 2020, 10:04 AM),
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2892368.
According to Justice Krishna Iyer,“Personal liberty makes for the worth of human person”.
Hence, the notion of dignity and liberty are not independent of privacy. The right to privacy
emerges primarily from Article 214 of the Indian Constitution which states that “No person shall
be deprived of his life or personal liberty except according to the procedure established by law”.
The Constitution of India does not specifically recognize ‘right to privacy’ as a fundamental
right, it is, however, implicit in the provisions of Article 21 of the Constitution of India as is now
evident from judicial pronouncements discussed here. Whether the ‘right to privacy’ is a
fundamental right was first considered by the Supreme Court in the case of M. P. Sharma and
Ors. v. Satish Chandra, District Magistrate, Delhi and Ors.5 Where it refrained from giving
recognition to the right to privacy as a fundamental right. In Kharak Singh v. State of Uttar
Pradesh and Ors.6, the matter considered was, whether the surveillance by domiciliary visits at
night against an accused would be an abuse of the right guaranteed under Article 21 of the
Constitution of India. It was held that such surveillance was, in fact, in contravention of Article
21. Thus it was held that right to privacy is not a part of Article 21 of Indian Constitution.
Subsequently, in the case of Gobind v. State of M.P,7 held that Right to privacy is a fundamental
right guaranteed by the Constitution of India but negated it to be absolute in nature. In the case of

People’s Union for Civil Liberties (PUCL) v. Union of India8 it was held that right to privacy is a
part of right to life and article 21 will be attracted where facts of right to privacy are constituted.
Recently, this issue was once again raised before the Supreme Court in the case of K. S.
Puttaswamy v. Union of India9, in which case the ‘Aadhaar Card Scheme’ was challenged on the
ground that collecting and compiling the demographic and biometric data of the residents of the
country to be used for various purposes is in breach of the fundamental Right to privacy. Right to
privacy is very much a fundamental right which is co-terminus with the liberty and dignity of the
individual and this right is found in Articles 14, 19, 20, 21 and 25 of the Constitution of India. 10
Thus through these judgements a more vibrant colour has been given by judiciary to the Right to

4
INDIAN CONST. art. 21.
5
M. P. Sharma and Ors. v Satish Chandra, District Magistrate, Delhi and Ors., (1954) 3 SCR 300.
6
In Kharak Singh v. State of Uttar Pradesh and Ors., (1964) 5 SCR 332.
7
Gobind v. State of M.P, AIR 1975 SC 1378.
8
People’s Union for Civil Liberties v. Union of India, AIR 1997 SC 568.
9
K. S. Puttaswamy v. Union of India, AIR 2017 SC 494.
10
Rahul Kumar, Jurisprudence of Right to privacy in India, UTTARANCHAL UNIVERISTY, (Oct. 26, 2020,
11:04 AM) https://papers.ssrn.com/sol3/Data_Integrity_Notice.cfm?abid=3664257.
Privacy under the Indian constitution.

4. Aarogya setu app

4.1 For the purpose of surveillance
The covid 19 emergency is occurring in a vastly connected and digital world in comparison to
prior infectious disease outbreaks e.g. Spanish flu pandemic of 1918 and Asia flu pandemic of
1957. Efforts are being made by various governments in multiple countries to contain its spread
through digital technology. Digital surveillance is the most effective way to contain spread of its
outbreak but at the same time privacy rights of public are badly impacted. So it is difficult to
maintain balance between use of opportunities provided by technology to control the outbreak
and at the same time to ensure that right to privacy of user is secured. Many apps are being
launched by various countries with the most common functionalities like to monitor and control
home isolations, to keep updates of confined cases, to locate infected cases through GPS etc. but
a few of these apps ensure anonymity and security of user’s data. It still gives chills to many that
how the data collected by government through these apps be used after the covid 19 situation is
over.
In India Aarogya setu app has been introduced to identify a person who could potentially be
infected as soon as possible. It is an application designed for android and IOS user’s. Availability
of this app is made in 12 different Indian languages. Through the help of this app user figure out
the risk of being infected simply by answering a few questions. If a person is infected, it tracks
him concerning his geological location through GPS. It uses least intrusive bluetooth signals
between phone of individual and that of infected person to determine proximity. Objective of this
app is to help tracing the movement of virus. But the challenge is to use it as a tool for
surveillance and to ensure privacy of the user’s data at the same time.
4.2. It’s Constitutional validity
In 2017, a democratically elected government referred to privacy as an “elitist” concern, that its
surveillance powers has no constitutional limits and no fundamental right to privacy was
guaranteed by the Constitution. The Court disagreed to it unanimously. Aarogya setu app uses
GPS and Bluetooth to track infected persons. But the app has witnessed a metamorphosis from
voluntary, voluntary-mandatory to effectively mandatory.11 Installation of this app remains still

11
Anmol Dhindsa and Sashwat Kaushik, The Constitutional Case against Aarogya Setu, (Oct. 25, 2020, 11:04 AM)
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3610569.
unchallenged. To check the legality of government actions, a proportionality test was adopted in
famous case of Puttaswamy. It was held that privacy infringing technology must satisfy five
tests. It must have a legislative basis, must pursue a legitimate aim, it should be a rational method
to achieve the intended aim, there must not be any less restrictive alternatives which can also
achieve the intended aim and lastly benefits must outweigh the harm caused to the right holder.
In the present case, Aarogya setu fails the very first test of the proportionality standard because it
does not derive its legitimacy from a legislative framework to govern its functioning and to
ensure adequate procedural safeguards.12 Now the result of which is that data collected through
this app could possibly be misused for profiling and mass surveillance even after pandemic is
over.
4.3. Privacy concerns and mandatory use
Aarogya setu app collects personal information about user which includes name, phone number,
age, sex, profession, countries visited in last 30 days etc. All user’s location details are accessed
by this app at the time of registration. It has over 120 million user’s and has been recommended
by the central and state governments. In response to privacy concerns, the government
established an empowered group on technology and data management to ensure effective
operation and implementation of the app. But the first issue is that the app collects both
Bluetooth data and GPS location data. Collecting location data is largely considered unnecessary
by most global standards. This is because Bluetooth data is generally considered a better tool for
collecting location data, as it only collects data based on its proximity to other phones that have
Bluetooth services enabled. This is in contrast to GPS location data which will allow the
government to track a user’s precise location leaving them vulnerable to being directly identified.
The second issue is that since personal information of users of the app is stored on one server
which potentially allows the government to not only access but also share personal data of users.
In India information of user is being disclosed by state authorities on digital means and thereby
infringing their right to privacy. The third issue is that the tenth clause in the data sharing
protocol states that it is valid for only 6 months from its date of issue, unless the pandemic
continues. This is also problematic since the empowered group provide an end date to the
protocol and not for the app itself. In addition, the clause provides no clarity on whether the user

12
Devansh Kaushik, Covid 19- Aarogya Setu- The False Dichotomy Between Health and Privacy, LAW SCHOOL
POLICY REVIEW (Oct. 15, 2020, 11:07 AM) https://lawschoolpolicyreview.com/2020/04/30/aarogya-setu-the-
false-dichotomy-between-health-and-privacy.
data will be deleted or repurposed post the pandemic. 13 Excessive amount of personal
information that the app secures is against the norm of data minimisation, purpose limitation,
transparency and accountability hence, this app raises concerns as to right to privacy.
4.4. Navigating between National and individual interest
The novel coronavirus pandemic has been not only causing tens of thousands of deaths
worldwide, damaging economies and disrupting normal lifestyles of people, but it is also posing
several legal challenges. One such challenge is between the right to privacy and the right to
public health. The collection and sharing of biomedical data is sine qua non for containing the
infectious diseases in order to identify point of contact. The pandemic has further escalated the
need for collecting and sharing data, as well as for tracking people’s movements. This aggressive
digital surveillance has been justified by governments worldwide in the name of public health
crises during the pandemic. 
The Indian government finds legitimacy through statutes such as National Disaster
Management Act; Section 5(2) of The Indian Telegraph Act (1885), which allows lawful
interception of phones and computers; and Section 69 of Information Technology Act (2000),
which deals with interception, monitoring and decryption of information. However, despite such
exceptions, strict regulations for data protection should not be blatantly suspended or
ignored. There has to be a right balance between serving the national and public interests in such
a crisis situation and the privacy of individuals especially when privacy rights have received
spectacular national and international recognition.14

5. CONCLUSION

Digital technologies offer tools for supporting a pandemic response but they are not a silver
bullet. The future of public health is likely to be increasingly digital and recognizing the
importance of digital technology in this field and in pandemic preparedness planning has become
urgent. It is equally important, to use these data and algorithms in a responsible manner, in

13
Upasana Sharma, Understanding Covid 19: Navigating Privacy During A Pandemic Proves To Be Tricky, LSE
(Oct. 21, 2020, 11:50 PM) https://blogs.lse.ac.uk/covid19/2020/07/02/understanding-aarogya-setu-privacy-during-
the-pandemic-may-be-compromised.
14
Anu Monga, India: Unleash The Fight Against COVID-19: Is It Possible To Balance Right To Privacy And
Public Interest?, INDUSLAW (Oct. 25, 2020, 11:20 PM)
https://www.mondaq.com/india/data-protection/915778/unleash-the-fight-against-covid-19-is-it-possible-to-balance-
right-to-privacy-and-public-interest.
compliance with data protection regulations and with due respect for privacy and confidentiality.
Failing to do so will undermine public trust, which will make people less likely to follow public-
health advice or recommendations and more likely to have poorer health outcomes. Viruses
know no borders and, increasingly, neither do digital technologies and data. Undoubtedly
Aarogya setu app uses digitally available data and algorithms for prediction and surveillance
which is of paramount importance in the fight against the COVID-19 pandemic.15 But the
government’s poor record on privacy, the lack of transparency and the absence of data protection
legislations have warranted grave concerns. Primal issues like grounds for the breach of privacy,
its legislative validity, unambiguous safeguards against data theft, why is the app not open source
still need to be addressed. The ambiguity of the Protocol fails to address the threat to privacy
posed by the app. The government must address these concerns in an open manner. Since at the
end of the day, no clever technology standing alone is going to get us out of this unprecedented
threat to health and economic stability.

15
Marcella Lenco, On the responsible use of digital data to tackle the COVID-19 pandemic, 26 Nat Med, 463
(2020).