These are testing times, but they do not call for untested new technologies. This is not a time to innovate in haste and repent at leisure.
Rachel Caldicott
Defining the concept of privacy and explaining its ambit would be an arduous task. For, a concept like privacy is ever growing. It starts with the birth and continues even after the demise of a human. Right to privacy is itself attached to various other rights, like the right of choice. If we take an example from the present scenario, there is a new development in the form of Covid-19 and a consequent increase in web-seminars. We see that some of the participants don’t open their cameras while others choose to open theirs. Now, those who make a decision to close their camera are exercising their right to privacy and using their right to choose. This example shows that “right to privacy” is a very wide concept.
The term “privacy” has been described as “the rightful entitlement of an individual to consider the extent upto which he wishes to share himself with the society and his control over the time, place and circumstances to communicate with others. In other words, it is his right either to withdraw or to participate as it deems fit to him. It also means the individual’s right to control the dissemination of information about himself; which is his own personal possession”[1].
The law of privacy is a recognition of the individual’s right to be left alone and to have his personal space secured. The demand for privacy and its recognition as a fundamental right is a contemporary phenomenon. It is the result of an increasingly individualistic society in which the focus has diverted from ‘society’ to the ‘individual’. In earlier times, the law afforded protection only against physical interference with a person or his property but now it has changed. As civilization progressed, the personal, intellectual and spiritual facets of the human personality gained recognition and the scope of the law expanded to give protection to these needs as well.
Fundamental Right of Privacy
We shall now discuss whether we have fundamental right of privacy under the Indian Constitution. Article 21 is one of the most vibrant and living articles of the Constitution. The Supreme Court has widened the scope of this article and held that right to life includes within itself the right of privacy. Though, in the early judgment of MP Sharma v. Satish Chandra[2]and Kharak Singh v. State of U.P.[3] it was held that there is no fundamental right of privacy under the Constitution. In Govind v. State of M.P., Justice Mathew delivering the majority judgment held that the right to privacy is a fundamental right, subject to various restrictions in the public interest.
Presently, we are facing a global pandemic and the Government, being the custodian of social welfare and wellness, has introduced a contact tracking app known as “Aarogya Setu”.
This app uses GPS and Bluetooth to track if an infected person had come in contact with the user and identifies persons with Covid-19 symptoms. While the government’s intention appears to be legitimate it is important to understand whether the App fulfills the privacy safeguard in the absence of strong Data Protection Law.
The most important case in respect to data protection is Justice KS Puttaswamy (Retd.) & Anr. v. Union of India & Ors[4]which overruled M.P. Sharma and Kharak Singh judgments and held that right to privacy is a fundamental right. Under the aforesaid judgment, for invasion of right to privacy there is a need to fulfill the underneath threefold criteria.
1. Legality – Although there is no Aarogya Setu Ordinance or Law, we can still indirectly trace its legality from Section 35 of Disaster Management Act , 2005 which gives wide power to the Central Government to take measures which it deems necessary.
2. Defined in terms of Legitimate State Aim – To invade the privacy of an individual, there needs to be a legitimate state aim. However, we should keep in mind Maneka Gandhi’s[5] judgment which made it clear that the procedure established by law to take away a fundamental right must not be arbitrary, freakish or bizarre.
In the present case, the legitimate aim could be- firstly, to identify the Covid-19 suspect and secondly, to do contact tracing of the suspected person, which in present time can be said to deal with epidemic. To reach this aim, the policy devised by the state is Aarogya Setu App. To successfully realize the aim, there must be a large smartphone base consisting of at least 60-70% of the population, but in reality that is not the case. But according to the India Internet 2019 report by IAMAI and Nielsen[6], smartphones lie significantly below this benchmark range. Thus, there is no concord between the aim which the State considers as legitimate and the policy which is implemented, thereby failing the second test.
3. Test of Proportionality – Proportionality test measure the balance between the positives and negatives. Positives mean the obligation on the state to protect the rights while negatives being the right of state to take away the rights.
In order to determine whether the provisions of any act or policy acts as reasonable restrictions in the interest and welfare of the general public, restrictions imposed and fundamental rights have to be equated together, and if the result is negative, then clearly the policy framework didn’t satisfy the proportionality test[7].
Also Read: How Societies Deal With Pandemics, A Short Introduction
For the analysis of the present case, we must consider the Terms & Conditions and Privacy Policy of this app for safeguarding individual interests. Under the limitation of liability clause, the T&C clearly states that the government can neither be held liable for inaccurate identification of infected persons, nor for the inaccuracy of the information provided by its inbuilt services. This raises the question as to how the government is supposed to prevent the spread of fake news when it itself can’t guarantee the correctness of information released by it.
Ironically, according to its privacy framework, the liability clause exempts the Government from liability in the event of “any unauthorised access to the [user’s] information or modification thereof”. However, the app has a privacy policy in place, Clause (5) of which states that in order to protect the confidentiality and security of information, data of individuals is to be stored securely in end-to-end encrypted format.
More surprising is clause 2(a), which provides that the information obtained from the individual will be used by the government only in ‘anonymized, aggregated dataset’ for statistical visualization to manage COVID-19. However, that personal information can be ‘shared to other necessary and relevant persons to carry out other necessary medical and administrative interventions’. After deletion of the app, an individual’s data would be automatically deleted after 30 days, but there is no knowledge as to how the account will be deleted.
The above reasoning clearly proves that these provisions do not conform to the proportionality test. In fact, they not only intrude into an individual’s privacy, but also do not guarantee our right to have access to accurate information.
Crucially, this app clearly comes without appropriate procedural safeguards concerning monitoring and oversight of the data collected to keep a track over infected individuals.
Moreover, the current provisions also fail to maintain a balance between the two facets of dignity- privacy and autonomy on one hand, and the ability to live a dignified life, on the other. Thus, the whole policy framework of this app is nothing but a mere illusion, which completely fails the proportionality test, lest we decide to count heavily on the government’s promises and satisfy ourselves with the “minimal” inroads into privacy rights like we did with the Aadhaar judgment.
Conclusion
As it’s very much clear from the above discussion that “Aarogya Setu” app doesn’t conform to the threefold criteria that needs to be fulfilled to justify the invasion of right to privacy, we are not afraid to remark that this app violates the privacy of individuals.
Justice Chandrachud in his dissenting judgment in the Aadhar case said, “Constitutional guarantees cannot be subject to the vicissitudes of technology.”[8] Despite this, we cannot turn a blind eye to the use of technology. We need to keep in mind that rights and technology should go hand in hand. It should always be remembered that it is rights which help us to live with dignity and fulfill our potential.
“Whether it is technology or individual actions, all are subjected to constitutional safeguards and thus, must conform to them”.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of Kanooniyat
[1] Adam Carlyle Breckenridge: The Right to Privacy, 1971
[2] 1954 AIR 300
[3] 1963 AIR 1295
[4] WRIT PETITION (CIVIL) NO 494 OF 2012
[5] 1978 AIR 597
[6] https://cms.iamai.in/Content/ResearchPapers/d3654bcc-002f-4fc7-ab39-e1fbeb00005d.pdf
[7] Modern Dental College V. State of Madhya Pradesh, Civil Appeal No. 4060 of 2009
[8] WRIT PETITION (CIVIL) NO 494 OF 2012
