Aarogya Setu App Needs Legislative Backing
This Blog is written by Amrith R. from School of Excellence in Law, Tamil Nadu. Edited by Saumya Tripathi.
The COVID-19 pandemic is an unprecedented one. The Severe Acute Respiratory Syndrome coronavirus 2 or SARS-CoV-2, the strain of the novel coronavirus that causes the coronavirus disease COVID-19, has already claimed more than 5 lakh lives over the world. A virus, invisible to the naked human eyes, has wreaked havoc across the globe, affecting over 7 million people. The virus made its first entry into Kerala in India on January 30, 2020 and has, since then, affected over 2.5 lakh people, and claimed almost 7,000 lives. The pandemic, which is supposed to be the worst after the World War II, has brought the economic activities in the entire globe to a complete standstill. India, although not as badly affected as the European nations, has imposed a 68-day total lockdown in the country. The lockdown has obviously been successful to a large extent; it has reduced the doubling rate of the virus and has delayed the inevitable stage – the community transmission – of the virus. As far as the medical war with the coronavirus is concerned, we have been able to ramp up the testing activities, arrange isolation beds and ventilators, improve the production of testing kits, drastically increase the manufacture of masks, sanitizers, gloves and Personal Protective Equipment (PPEs), improve the recovery rate, and even produce 30 vaccines in human-trial mode. Every stakeholder – doctors, nurses, frontline healthcare workers, researchers and scientists, the Government of India, various State Governments, the Opposition, the bureaucrats and the officials, the Armed Forces – has risen up to the challenge and has been working day-in and day-out to emerge victoriously from the war against corona. We are trying to convert a major challenge into a big opportunity.
AAROGYA SETU: A BRIEF INTRODUCTION
Aarogya Setu app is a contact tracing application which was developed by the National Informatics Centre under the Ministry of Electronics and Information Technology. It aids the user by providing essential health services and information regarding nearby COVID-19 positive patients. Besides, the app also informs the user about the regular updates and advisories released by the Health Ministry, Central and State Governments. The app, which was launched on April 2, 2020, raised many eyebrows across the legal fraternity. The objective of the application was stated to raise awareness and knowledge about the virus and make healthcare services accessible to people along with keeping a record of the number of people affected in a particular area. The app finds out the proximity of a person to those who have tested positive for the virus. The application is also based on a ‘closed source code’ which means that nobody except for the original proprietor can access the data, examine it or improve upon it even if they have the necessary skills to do so.
Features like ‘COVID updates’ and ‘e-pass’ are available on the app. Through COVID updates, users can access the official information provided by the Ministry of Health. ‘E-pass’ is a filter for people who want to travel in public places. This feature will provide three colors Green, Orange, and, Red based on the information provided by the user. Green status indicates a risk-free individual who can travel to the public places, Orange status advises people to avoid social gatherings and should maintain social distancing and, persons with Red status will be strictly instructed to self-quarantine.
SIGNIFICANCE OF AAROGYA SETU APP
Through the introduction of Aarogya Setu App, technology is deployed in the fight against the pandemic. As the Government has to open the economy gradually, real time response mechanisms require real time insights. As the app works on processing and collecting ‘personally identifiable information’, the right to privacy guaranteed under the Constitution as a fundamental right gets invoked. The Government may collect and process personal data, but any such processing for targeted surveillance mechanisms must be reasonable, necessary and proportionate. The fight against the pandemic is dependent on active participation by the citizenry. It is on this basis that technological solutions which are people centric have been deployed. A system which involves rapid data collection, analysis, assessment and timely reporting is extremely essential in a highly populated country like India to prevent or at the very least delay the community transmission of the virus.
The app although brought ahead with a good intention has so many shortcomings, legal loopholes and challenges. They can be broadly classified as the following: –
• Challenges to privacy laws and harmonizing right to privacy and right to health
• Legal challenges in general
CHALLENGES TO PRIVACY LAWS AND HARMONIZING RIGHT TO PRIVACY AND RIGHT TO HEALTH
2) Data auditing is not allowed on the app as of today. By allowing data auditing, concerns regarding lack of checks and balances, and accountability could be It is important that technologies used for minimized data must have an in-built privacy and security architecture that is auditable.
5) The current time frame for storage of data is 30 days on mobile phone, 45 days on server if the patient has tested negative but has come in contact with an infected person, and 60 days in case patient has tested positive, from the date of uploading on the It is important that the data be stored for a lesser period to prevent any misuse and external interference.
7) The right to health is a facet of the right to life under Article 21 of the Constitution. It also guarantees the right to privacy of an individual. However, when the two rights are in conflict, it is critical to ensure a harmonious construction by applying the said doctrine. The two rights need to be weighed in the balance, to ensure that the least amount of infringement is caused cumulatively.
LEGAL CHALLENGES IN GENERAL
1• First and foremost, the app does not have any legal standing of its own. Neither an Ordinance, nor an Act was passed by the President or the Parliament respectively to give a legal foothold to this application. The Puttaswamy judgement makes it clear that the right to privacy may only be curtailed per a law which has a legitimate purpose at a proportionate level.
2• The privacy judgement laid down three key tests that a legislation should satisfy if takes away the right to privacy. They are necessity, proportionality and legality. The measures taken must harmonize with the right to privacy and should limit themselves to the extent necessary and proportional, in order to meet the ends of maintaining public health. Without a data protection law in our country, it is necessary that utmost caution be taken to adhere to privacy principles.
IMPACT OF AAROGYA SETU APP
As economies open up and normal life resumes, this app may enable all governments to detect outbreaks and prevent community transmission. This app assumes more significance since as of now, there is no vaccine for the rapidly spreading disease.
The COVID-19 pandemic is an unprecedented situation. Circumstances like these allow the imposition of ‘reasonable restrictions’ on the right to freedom of movement and privacy. Even while imposing such restrictions, the onus is on the State to follow the principles laid out in the Puttaswamy Judgement. The ‘proportionality test’ laid down by the Supreme Court in Puttaswamy for deciding whether a restriction of right to privacy is reasonable or not has three prongs:
1• Legality – Requirement of a law, with a legitimate purpose.
2• Suitability – Government’s action must be suitable for addressing the problem, i.e., there must be a rational relationship between means and ends.
3• Necessity – Must be the least restrictive alternative.
The Government must strike an exact balance between confidentiality of information of the individual, privacy and data protection concerns so as to benefit the community at large and ward off all the suspicions about the application. The Government is facing a dilemma in ensuring the individual’s right to privacy is maintained while at the same time communities across the country do not fall victim to the chain of the virus. In times of a public health emergency of such huge proportions, the individual cannot be isolated from the community. The responsibility of the individual towards their community is greater in this scenario. As the virus spreads at a rapid pace, once the host comes close in contact with their neighbour, the individual has a moral obligation on those around them to take maximum precautions and preventive measures in place. At the same time, it is also imperative that the privacy of the infected and high-risk individuals is protected to prevent social stigmatization once they re-enter the community. Moreover, leaking the information and sensitive healthcare records of patients, infected people or recovered people might expose them to their physical community, which could potentially increase the harm. Therefore, privacy is not just important from an individual’s rights perspective, but also from a community rights perspective, and therefore an important aspect to the right to health. The Government should seek to maximize individual rights by according the highest levels of privacy, while at the same time ensuring that community is protected as a whole as well.
ABSENCE OF LEGLATIVE PROVISIONS FOR AAROGYA SETU APP
Aarogya Setu, though well intentioned, falls short of widespread public confidence. Its mandatory use has raised questions of restricting the right to privacy, without a law that is essential, specific and explicit with respect to the rights that it seeks to infringe and the procedural safeguards that it establishes. Health data should be confidential; any leak not only violates privacy and individual autonomy; it also degrades public trust among the people. The Puttaswamy judgement mandates that right to privacy may only be curtailed by a law which has a legitimate purpose. Any law restricting fundamental rights needs to spell out the right which it seeks to infringe, the basis of the infringement, and the procedural safeguards that it establishes. Therefore, The Prime Minister’s Cabinet must consider advising the President to pass an Ordinance since the Parliament is not in session. An Ordinance can not only legitimize the executive mandate to download the app based on certain predefined considerations, but can also establish procedural safeguards which would inspire public confidence. An Ordinance would suffice the need of such law which may be passed by the Parliament once it reconvenes. An Ordinance would be an important milestone to garner public trust. There is no website detailing the project and the purposes of the App. The Government has a policy and has assured on adopting open source code software. However, this privilege has not been extended to the Aarogya Setu App. Hence, the highest standard of transparency is not be achieved.
RELATED CASE LAWS
In the landmark case of Justice K. S. Puttaswamy vs Union Of India, the Supreme Court recognized ‘right to privacy’ in Article 21 of the Constitution and stated that in concern to the health issues the scope of the right to privacy can be extended if there are any necessary encroachments into the individual’s privacy. In the case of State of Madhya Pradesh v. Thakur Bharat Singh, the Supreme Court held that all the executive action operates only when it has the authority of law to support it. Therefore, a legislation backing the app is sine qua non.
ANALYSIS OF AAROGYA SETU APP
For Aargoya Setu to work as a successful app in contract tracing, it must be deployed at a mass scale. Hence, a citizen’s trust of the app will be central to its usage. Trust cannot be built without transparency and accountability from the Government. Instead of forcing the people and making the download mandatory, the Government should encourage professionals working in public and private spaces to voluntarily download the app. Mandated or forced downloading of the app faces multiple implementation challenges. Firstly, access to smartphones or internet connectivity is limited and may not be affordable for or available to everyone. The imposition order is unclear on whether the professionals have to use the App only while they are reporting to work, as employers might not be in a position to request their staff to use the App during non-working hours. Moreover, keeping track of all private professionals to download the App is a cumbersome work.
 Justice K.S.Puttaswamy(Retd) vs Union Of India (2017) 10 SCC 1(India).
 Central Public Information Officer, Supreme Court Of India v Subhash Chandra Agarwal, Civil Appeal No. 10044 of 2010.
 (1967) 2 SCR 454 (India).
1) The Constitution of India, 1950
1) Justice K. S. Puttaswamy vs Union of India (2017) 10 SCC 1(India).
2) State of Madhya Pradesh v. Thakur Bharat Singh (1967) 2 SCR 454 (India).
1) “Privacy Framework for the Aarogya Setu App”, The Dialogue,