privacy-concerns-during-a-pandemic

Context: The AarogyaSetu app, developed by the National Informatics Centre (NIC) under the Ministry of Electronics & Information Technology (MEITY), has been launched for pan-India use. It is available in 11 languages and has crossed the 75 million mark of user downloads.  Of late, it has raised privacy concerns amid executive overreach.

Background:

  • While India is grappling with a grave public health crisis, it goes beyond doubt that the government should take charge of tackling the COVID-19 pandemic. 
    • And thus the extraordinary actions of the Central and federal governments to maintain a nationwide lockdown, to enforce norms of physical distancing and to restrict movement, have garnered popular support.
  • However, the arguments like executive's powers are limitless even to the extent of suspending Fundamental Rights can seem appealing in these circumstances, but the overreach at executive’s end shouldn’t turn into a new normal. 
    • So it becomes critical to pay close attention to the matter of civil rights, to ensure that rights that are fragile at the best of times, and particularly vulnerable in a crisis doesn’t become inconspicuous in the long run.

 

How does it work?

What are the concerns?

1. No privacy policy of the App

Currently, there is no legislation that elaborates on how the online privacy of Indians is to be protected. AarogyaSetu users have to accept the privacy policy provided by the government. 

2. Storage, Access to the data: 

Though there is some light on where and how long the data will be retained, who will have access to it has been left vague. To quote the policy, “persons carrying out medical and administrative interventions necessary in relation to COVID-19” will have access to the data. 

3. Technical loopholes:

The unique digital identity in AarogyaSetu is a static number, which increases the probability of identity breaches. A better approach would be constantly-changing digital identification keys like what Google and Apple deploy in their joint contact tracing technology.

4. Data abundance:

AarogyaSetu uses both Bluetooth as well as GPS reference points, which could be seen as an overkill. Other apps such as TraceTogether make do with Bluetooth.

5. Black box: 

The Internet Freedom Foundation and the Software Freedom Law Center have raised the concern that the AarogyaSetu app is something of a black box. There is no documentation publicly available on the app.

6. Aftermath concerns: 

In creating a list of infected persons, State governments have used the Epidemic Diseases Act of 1897. But this law scarcely accords the state power to publicise this information. These lists have also generated substantial second-order harms. 

The stigma attached to the disease has led to an increase in morbidity and mortality rates, since many with COVID-19 or flu-like symptoms have refused to go to hospitals.

Given that the right to privacy is not absolute, it can be legitimately curtailed. However, any such restriction, as the Court held in K.S. Puttaswamy v. Union of India (2017), must be tested against the requirements of:

  1. Legality (the restriction is sanctioned by legislation), 
  2. Necessity(the restriction made is in pursuance of a legitimate state aim and there exists a rational relationship between the purpose and the restriction made) and 
  3. The doctrine of proportionality (that the State has chosen the “least restrictive” measure available to achieve its objective.). 

Inter arma silent leges, said Cicero: For among [times of] arms, the laws fall mute. But our fight against COVID-19 is not a war. Even if it were, our Constitution is intended for all times - for times of peace and for times of crises.
Source: https://www.thehindu.com/opinion/op-ed/privacy-concerns-during-a-pandemic/article31456602.ece

Image Source: The Hindu