The following article addresses the privacy problems that India faces in the
wake of this corona pandemic. Several countries such as China, Singapore, and
also the USA are facing, or have faced, concerns about privacy. Besides, during
this pandemic, India is among these countries, where citizens' rights in matters
of privacy are violated. Under Article 21 of the Indian Constitution of 1950,
the right to privacy is guaranteed. The breach with respect to such matters was
found when the government created and made it mandatory to download an app
Aarogya Setu for the safety of its people during these emergencies.
The app is
developed by the National Informatics Centre (NIC) for which there is no law
passed by the Parliament to allow the app to be created and to make it
compulsory for each citizen to download it in violation of the laws of the
Information Technology Act, 2000. Several other issues were also observed and it
was, therefore, necessary to approach the court and provide different guidelines
for the citizens to use and impose such an app.
History of Right To Privacy
Before 2017, the right to privacy was not at all a fundamental right within the
country. In 1976 Supreme Court of India held in ADM Jabalpur v. Shivkant
[i], which is popularly referred to as the Habeas Corpus case, where a
five-judge-bench decided that under the emergency provisions nobody could seek
the assistance of any Court within the country to try & save his liberty, life,
limb threatened to be taken away by the State. But recently in 2017, the Supreme
Court of India overruled its own previous decision.
The Court consisting of a
nine-judge constitutional bench of K .S Puttaswamy v. Union of India
I), recognized the right to privacy is an integral component of fundamental
right under the right of life and personal liberty. The Puttaswamy judgment lays
down a three-part test to examine whether an action of State alleged of
breaching a citizen's privacy is valid.
These are as follows:
First, it has to be an action sanctioned by law.
Second, it has to be an action that is necessary for a legitimate aim.
Third, it's to be an action which is proportionate for the achievement of that
aim. So, the technical methods adopted by the govt should qualify the
three-part test before being enforced.
Meanwhile, a five-judge bench of the Supreme Court deciding the
constitutionality of Aadhar (Puttaswamy II)[iii], further reiterated the
principles of informational privacy and recognized personal data protection as a
component of the right to privacy. Also, The Lok Sabha, through the Personal
Data Protection Bill introduced in December 2019, sought to establish a
regulatory framework for the collection and use of personal data. Section 3(21)
of the Bill defines “health data as data relating to the physical or mental
health of the data principal, i.e. the owner of the data[iv].
How Government Is Breaching Right To Privacy?
During this pandemic, it was observed that individuals' right to privacy has
violated widely in various forms. Karnataka was among India's primary states to
publish lists of COVID-19 patients and individuals who self-quarantined in late
March. The state government, in line with media reports, released the data on
its website which included the names and addresses of the individuals staying
indoors. Some people also posted the lists on social media that could spot and
quarantine people through [v].
A plea was filed before the High Court in Kerala alleging that the personal
details of Covid-19 patients were leaked by hospitals that treated these
patients to private companies. Hospitals sell their patient's details to other
private entities and so those private players use this information for their
benefit. People from different states have lodged lawsuits about these kinds of
issues. One of the petitioners stated in his plea that after giving his contact
number to a government hospital, he was contacted by a private entity. Because
of this incontrovertible evidence, he charged in his petition that hospitals
treating Covid-19 patients were revealing details of those patients to private
companies, breaching their privacy rights[vi].
The Epidemic Diseases Act of 1897 and also the National Disaster Management Act
of 2005 show that no provision in these Acts permits or legitimizes the
publication of personal data of the persons in a public database. As such, the
executive's action to upload private information of quarantined individuals
within the public domain is prima facie infringement of the fundamental right to
privacy. The Govt executives' justification for such public disclosure is that
harmonized data sharing has become an essential instrument in the ongoing fight
The release of data about people to the general public does
not serve any useful purpose.
Also, the central government took a huge hit and launched an Aarogya Setu app
without any legislation passed by the parliament allowing the creation and the
government made the app mandatory for people working in public and private
offices, for all train travelers and for people living in areas considered
high-risk for the spread of the virus. MHA guidelines also indicated that the
authorities will ensure that everyone in Containment Zones uses the Aarogya Setu
There is even a threat of fines and prison terms for people who refuse to
install the app that makes this application mandatory, which contravenes the
secure your data is. No mention is made of any cybersecurity parameters and it
does not explain how it complies with IT Act 2000 and IT Rules 2011. The app
still doesn't tell us who, in terms of government departments, will all access
A clause in the official policy says exempts the govt from liability in the
event of 'any unauthorized access to the user's information or modification thereof[vii]. This means there is no liability for the govt, whether the users
' personal information is leaked or not. It also raised concerns about how much
data the app collects. It asks its users to share their name, phone number, age,
gender, profession, and country details that have been visited in the last 30
days. Leader of Congress Rahul Gandhi alleged that the mobile application of
Aarogya Setu was a sophisticated surveillance system outsourced to a private
operator without institutional supervision
But a representative of the
government rejected the allegations that the Aarogya Setu app is outsourced to
the private sector. Another interesting thing happened on twitter, an ethical
hacker claimed that 90 million Indians' privacy is at stake because of security issues
with the Indian app and tagged Rahul Gandhi, saying you were
right[ix]. Once again, the Centre Government gave the same answer that there was
no data or security breach and that this ethical hacker has proved that no
personal information of any user is in danger. Is that center government
response satisfactory for those whose privacy is at risk?
Do Drastic times imply drastic measures?
Using those methods can raise legitimate concerns about the invasion of people's
privacy. Some arguments would be that it is necessary to take these steps during
this condition even if it breaches any citizen's rights and the government has
the right to try and do so because it is an emergency. Everyone should know it's
not an emergency it's a pandemic and emergency provisions and emergencies did
not match this situation unless the central government applied an emergency
under Article 352 of the Indian Constitution, 1950, and even in an emergency,
the government could not violate the fundamental rights of Indian citizens.
right to privacy is therefore a fundamental right, and this right cannot be
violated by anyone. The right to privacy must not be sacrificed to the full for
the benefit of public health. Even in health emergencies, governments need to
ensure that their citizens' privacy rights are not infringed disproportionately.
They must also be sure of other fundamental rights such as the right to free
movement, which the government has restricted. The govt should be allowed to
behave in the best interests of its citizens, even if it means a short-lived
suspension of privacy rights.
A pandemic doesn't need to mean a complete reform
of human rights. The State must make every effort to retain as much of the
rights of its people as it can. Collecting information isn't an issue for anyone
but removing that data in public without their consent is a problem. Every
citizen should support the government at this pandemic time, but the government
should also understand what steps they take and it does not infringe any
citizen's fundamental rights. They have to take these things together to achieve
a free Corona India.
- ADM Jabalpur v. Shivkant shukla, (1976) 2 SCC 521
- K .S Puttaswamy v. Union of India, (2017) 10 SCC 1
- K .S Puttaswamy v. Union of India ,2018 SCC Online SC 1642
The author is a student of Symbiosis Law School, Pune