The sudden outbreak of the pandemic has caused some major health care concerns due to the high population density of India. With a viewpoint of monitoring the risk involved in the transmission of the virus, the government launched a mobile application named ‘Aarogya Setu’. The Supreme Court unanimously held in K.S. Puttaswamy v. Union of India [i] that the right to privacy is a fundamental right protected under the ambit of Art. 21 of the Constitution. Justice DY Chandrachud said that it is a basic right that emanates from the right to life and personal liberty. Also, it is the constitutional core of human dignity.

Whether The Mandate Of ‘Aarogya Setu’ App Qualifies The Test Of Privacy As Laid By The Supreme Court In K.S. Puttaswamy?

The right to privacy is not absolute, and the state can interfere for the preservation of state interest. The Apex Court in K.S. Puttaswamy's judgment laid down a threefold reasonableness test for restricting the right to privacy. That is:

• Legality (requirement of law)
• Necessity (with an aim & least restrictive alternative)
• Proportionality and Suitability (legitimate state purpose for the object sought to be achieved)

The Order Of Mandating The Use Of ‘Aarogya Setu’ Flows From Statutory Provisions

It is pertinent to note that the mobile application has been launched amidst a global pandemic for creating awareness and for curbing the massive spread of the virus. It is for safeguarding the masses.

The order of mandating the use of the application for the public and private sector employees has been passed by the Chairman of the National Executive Committee (NEC) under Section 10[ii] of The Disaster Management Act, 2005. Section 10(l) of the act empowers the NEC to law down guidelines or to give directions to the concerned ministry or department of the government for the measures to be taken in response to threatening disaster situation or a disaster.

The NEC has issued directions for implementing lockdown guidelines and has mandated the use of the App for public and private sector employees under the power conferred in Section 10(1) of the act. Thus, it fulfills the first requirement of the existence of law as laid down in K.S. Puttaswamy for limiting the right to privacy.

The Aarogya Setu App Quififies The Test Of Necessity

The object of introducing an App is to ensure the minimum spread of the disease by tracing the affected people. The app uses Bluetooth as well as Location for the tracing of the person infected with Coronavirus and informs the person who is at risk of getting affected. Further, it helps to sanitize places that might be affected. [iii]

Even if a person takes up a self-assessment test on the App along with the location information, the government can identify the hotspot places where the disease might spread. This helps the government to control the further spread of the virus.[iv] It is not so simple to control the spread of a virus in a densely populated nation like India.

It is possible through tracing the GPS information of affected people. The ‘Aarogya Setu’ app traces the affected people through GPS information provided by them that constitutes an important aspect of its functioning. Such details are intrinsic for the functioning of the App and could not be termed as excessive or malafide.

After analysing the order given by NEC and the purpose of seeking location, it is crystal clear that the action of State aims to secure the public health during the health emergency like situation. It fulfills the second requirement as laid down in K.S. Puttaswamy that is a necessity for the betterment of the masses.

The ‘Aarogya Setu App’ Has Legitimate Purpose With The Object Sought To Be Achieved

Taking access to the health record of someone is an invasion of privacy. However, the Supreme Court of India has said that health records of an individual can be accessed in the case of a health emergency. [v] The outbreak of noble coronavirus has caused a health emergency like situation but accessing the health records is immensely helpful to minimize its spread.
The App takes health-related data from the users only when one undertakes a self-assessment test.

Also, the data received is for the larger interest of the people that would help in minimizing the spread of the virus. That makes the ‘Aarogya Setu’ application Constitutionally valid. Thus, the last requirement of ‘Proportionality & Suitability’ can be said to be fulfilled that is essential to invade privacy.

The mandatory provisions of the App are only for the public sector employees now as laid down in order given by the Ministry of Home Affairs on 30th May 2020.[vi] It is only advisory for the private sector. It is a legitimate order as the public sector employees have a potentially high risk of getting in contact with the virus because they are exposed to a large number of people.
Henceforth, the mandate of using ‘Aarogya Setu’ qualifies the tests laid down in the judgment of K.S. Puttaswamy v. Union of India. It does unreasonably invades the privacy of the people and has legitimate functioning. Its objective justifies the mandating use of the App for the public sector and has a reasonable nexus with the health of the people.

The Data Is Preserved Anonysonously

The Aarogya Setu App is being criticized on various grounds for the invasion of privacy. The data that is made available for research purposes by the NIC only after following hard anonymization. It means that the identification of the concerned person is impossible. It is done in consonance with the protocols laid down by an expert committee appointed by the Principal Scientific Advisor to the Government.[vii] Also, if any university or research institution tries to identify the people from the available data, they would be liable for the penalty for the same.[viii]

It has been observed in K.S. Puttaswamy v. Union of India [ix] that unauthorized parting of medical records is an invasion of privacy. However, if the state preserves the anonymity of the data available, it can assert a valid state interest for parting the health record. It can design appropriate policies for the invasion of privacy to secure social benefits.

It is well settled that the health records of people are made available to research institutions after following the hard anonymization. That makes the identification of the people next to impossible. Also, the state can regulate the right to privacy of health records when it is anonymized. So, the Aarogya Setu App does not violate the privacy of the people.

Data Shared Is De-Identified

The data is shared only with the ministry, department, and public health care institution of the government for assisting in the formulation or implementation of critical health responses. The data shared is de-identified by randomly generated IDs that are assigned to the data to prevent the identification of the person.[x] Also, the NIC shall maintain a list of the agency with whom the data is shared.[xi]

Any department, ministry of government, NDMA, SDMA, or public health institution with whom the data is shared shall strictly use it for its desired purpose and not otherwise. They shall process response data in a fair, transparent manner.[xii] Also, any response shall be shared with a third party only when it is strictly important for the implementation and formulation of health response, and not otherwise. The third-party will also be under the obligation of the protocol.[xiii]

Henceforth, the data made available for the health responses protect the privacy of the concerned individual by the process of de-identifying.

Aarogya Setu App Adheres To Privacy Concerns

The information collected from the user shall remain in the mobile device for 30days and on the server for 45days, incase the person is tested negative. Also, the data of the person tested positive shall be purged from the server after 60 days of recovering from the virus.[xiv]

Every registered user has a right to cancel his/her registration from the App. The data of the concerned person shall be deleted after the expiry of 30 days of such cancellation.[xv] Also, the data provided during the process of registration is stored in a secured encrypted server.[xvi]

Lastly, the Aarogya Setu Protocol shall remain in force for six months unless extended by the Empowered group due to the continuation of a global pandemic that acts as a sunset clause.[xvii] Therefore, the Aarogya Setu App has transparency and also allows the user to withdraw his/her information. The data is stored in an encrypted server for a limited period of time for controlling the further spread of the virus. The app specifically asks for consent from the users.[xviii] The Application adheres to the privacy of the users through its features.

Public Interest v/s Individual Interest

In case of a conflict among the community right or individual right, it is former that prevails over the latter. The responsibility of an individual towards society plays a vital role in the betterment of society. There exists a public health contract in which the individuals forgo certain rights for prevention of risk to society. [xix] The Supreme Court of California said that the government has the authority to pass quarantine laws envisaging the individual rights to protect the nation during an emergency.[xx]

Also, the WHO has observed that surveillance in the time of quarantine was necessary to monitor the spread of the SARS outbreak.[xxi] It is important to protect the privacy of an individual. However, the protection of public interest stands on a higher pedestal than an individual.

Conclusion
The Aarogya Setu Application satisfies the limitation test laid down by the Supreme Court in K.S. Puttaswamy v. Union of India. Also, it preserves the various facets of privacy through its functioning features. The people all over the world share their ‘location’ and other data with various applications in their phones.

However, they are facing issues to provide the same for Aarogya Setu application. The app is designed to regulate the spread of COVID-19 and is for the public interest in an emergency like situation.

End-Notes:

1. 2017 SCC OnLine SC 762
2. The Disaster Management Act 2005 § 10.
3. The Aarogya Setu Data Access and Knowledge Sharing Protocol 2020.
4. Ministry of Electronics and Information Technology, The Aarogya Setu Data Access and Knowledge Sharing Protocol 2020 (Jun. 4, 2020).
5. K.S. Puttaswamy, supra note 2, at 1.
6. Ministry of Home Affairs, Guidelines for phased re-opening (Unlock 1) (Jun. 4, 2020).
7. The Aarogya Setu Data Access and Knowledge Sharing Protocol 2020 ¶ 8(a).
8. Id. ¶ 9.
9. K.S. Puttaswamy, Supra note 2, at 1.
10. The Aarogya, Supra note 8, at 3,¶ 6(b).
11. Id. ¶ 6(c).
12. Id. ¶ 7.
13. Id. ¶ 7.
14. Aarogya Setu Privacy Policy ¶ 3.
15. Id. ¶ 4.
16. Id. ¶ 5.
17. Id. ¶ 10.
18. Id.
19. Barbera, J., et al., Large-Scale Quarantine Following Biological Terrorism in the United States: Scientific Examination, Logistic and Legal Limits, and Possible Consequences, 286 JAMA 2711, 2712 (2005).
20. In re Culver, 187 Cal. 437, 202 P. 661 (1921).
21. World Health Organization, First Global Consultation on SARS Epidemiology, Travel Recommendations for Hebei Province (China), Situation in Singapore-Update (Jul. 24, 2020, 06:34 PM), http://www.who.int/csr/sars/archive/ 2003_05 17/en/print.html.