Updated: Aug 15, 2020
Author: Simran saluja
Bharti Vidyapeeth New Law College, Pune
The Aarogya Setu is cellular software launched as India’s technological device to fight in opposition to the radical Coronavirus disorder (COVID-19). The App relies on contact tracing, which indicates that it helps to become aware of humans which might be probable to be vendors of the ailment. While the erstwhile strategies of touch tracing required physical interviews with people, cell generation has made the venture lots less difficult and more secure.
The usage of such applications, but, has raised various privacy issues. Ever since the app has been launched, there are several concerns towards the extensive series of knowledge and its use, mainly within the absence of any clear legal basis or legislative framework to address those growing issues.
The Ministry of Electronics and expertise generation (MeitY) on May 11, 2020, informed about the Aarogya Setu the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 . With this Protocol, the govt approach to answer general queries surrounding the collection and use of know-how. However, the legal basis for assemblage and give up-use of the data stays ignored.
The seizure of privacy by such assemblage of data can be effectively justified only if it satisfies the three-fold requirement as enunciated by the Apex court in Justice KS Puttaswamy (Retd.) v. Union of India. The Protocol, which is in the essence of an executive order, does not even fulfil the primary requirement of legality, which postulates that there should be a law alive to justify an encroachment on of privacy. An executive notification cannot be used to intervene on fundamental rights. Only a legislation or an Ordinance (when the Parliament isn't in session) provides a legal framework for the app can fulfil the legal requirement.
Definitions underneath the Protocol
One region wherein the Protocol resulted well is simply defining the key phrases all around, unlike the privacy approach of the app. “Appropriate health responses” are described to incorporate prevention and management of the COVID-19 pandemic, syndromic mapping, touch tracing, communique to an affected or the individual whose family is at risk and, overall performance of statistical analysis, clinical research, components of remedy plans or other clinical and public health responses related to the redressal and control of the COVID-19 pandemic. The definition of “individual” includes ones who are infected, vulnerable of being infected, or those who have come in touch with the infected people. Whilst this definition can be a welcome explanation, it is nonetheless not clear why this definition was adopted considering the information of "all" users of the app is collected. “Response data” is that the hypernym used for all facts collected via the app. Within its broadcast coverage, this includes demographic statistics, contact information, self-evaluation records and site records. This division of data into different classes is beneficial to spot the information being accumulated, but the utilization of data all over the Protocol is indicated in the form hypernym of the response data and not their particular classes. Though the meaning of each the constituent classes of retaliation information is self-apparent, the terms have nonetheless been defined under the Protocol, that is encouraging from a privacy angle.
Placing of duty
The ministry in charge or the government department managing the operation of the App and enforcement of any claims become doubtful before the launching of the Protocol. The Protocol has undoubtedly installed the MeitY as the authority accountable for its enforcement. However, the Protocol also lays down that the MeitY shall act below the overall route of the Empowered Group 9 on Technology and Data Management (“Empowered organization”) which has been formed through the National Disaster management Authority.
Accumulation and processing:
The Protocol imbibes equation and motive limitation for the accumulation of information and its usage. It is administered that the response data will be accumulated in a proportionate manner and will be strictly used just for the intention of formulating suitable health responses. The collection of exposure and location statistics on the device by way of default is a step towards the right direction. These facts will also be uploaded to the server for relevant health responses.
Data sharing concepts