Obvious That Aarogya Setu Impinges On Privacy, But It Does So Only After Meeting All The Conditions Laid Down By Supreme Court

The outbreak of Covid-19 in the country raised serious public health concerns on account of the high population and population density in India.

Countries such as the US having population density of 36.19 persons per square kilometre, faced a herculean task in handling the outbreak of the virus though following social distancing and other precautionary measures is feasible even at public places.

As against this, India’s population density is 464.1 persons per sq/km —over 12 times of that of the US.

With a view to effectively trace Covid-19 patients, their contacts and potential risks and to avoid large-scale community transmission, the central government launched Aarogya Setu application (App).

The App uses bluetooth and GPS data for contact tracing and to sanitise areas potentially infected with the disease and identify the persons in such areas, who might have been infected.

The Ministry of Home Affairs, in its order dated 1 May 2020, inter alia, mandated usage of the App for all employees, both working in public and private sector.

It further obligates the heads of the organisations to ensure 100 per cent coverage among the employees. The order can be said to have been modified vide orders dated 17 May 2020 and 30 May 2020 whereby the mandate ostensibly continues only for public sector employees, whereas the private sector employees are merely ‘advised’ to use the App.

This led to a furore amongst the advocates of right to privacy. The issue that arises is whether the government can mandate usage of an application, which requires sharing of one’s location and other data? Does it amount to infringement of right to privacy? If yes, whether such infringement is valid in the eye of law?

Right To Privacy: Whether A Fundamental Right?

The Constitution does not expressly confer the fundamental right to privacy. The eight-judge bench of Supreme Court in the case of M P Sharma verus Satish Chandra District Magistrate, Delhi [AIR 1954 SC 300] unanimously refused to read such right into the constitutional scheme since there is no explicit provision conferring right to privacy.

Again, in the case of Kharak Singh versus State of UP [AIR 1963 SC 1295], a six-judge bench of Supreme Court by majority refused to recognise the right to privacy as a fundamental right and held that Article 21 has no relevance in the context of right to privacy. Judge Subba Rao gave a dissenting opinion and held that nothing is more deleterious to a man's physical happiness and health than a calculated interference with his privacy.

Thereafter, a three-judge bench of the Supreme Court for the first time in the case of Gobind versus State of Madhya Pradesh [(1975) 2 SCC 48] recognised right to privacy as a part of the fundamental rights or emanating there from.

However, there was no finding that the right to privacy is a basic human right and a part of right to life and personal liberty, thus protected under Article 21.

It was in the case of R Rajagopal versus State of TN [(1994) 6 SCC 632] that the Supreme Court recognised right to privacy as a fundamental right implicit in right to life and personal liberty guaranteed under Article 21. The Supreme Court reiterated this position in the case of People’s Union for Civil Liberties versus Union of India [(1997) 1 SCC 301].

The judgements in the cases of Gobind (Supra), Rajagopal (Supra) and PUCL (Supra), which held that the right to privacy is a fundamental right are delivered by benches of smaller strengths than the earlier judgements, which had taken a diametrically opposite view. Thus, the said issue was not settled even after six decades of the Constitution having come into force.

The debate over infringement of right to privacy was reignited with respect to collection of biometric data for Aadhaar Card registration. A batch of petitions was filed in the Supreme Court challenging the mandatory Aadhaar registration for availing various social benefits. The issue whether the right to privacy is a fundamental right was referred to a larger bench of nine judges.

The larger bench in the case of K S Puttaswamy versus Union of India [(2017) 10 SCC 1] unanimously held that right to privacy is a fundamental right and included within the scope of Article 21 of the Constitution, which guarantees right to life and personal liberty.

Justice D Y Chandrachud (speaking for the majority) held that right to privacy is a basic right of every individual. It is constitutionally protected right which emerges primarily from the guarantee of life and personal liberty in Article 21 of the Constitution. It was further held that privacy is the constitutional core of human dignity and has both a normative and descriptive function.

At a normative level, privacy subserves those eternal values upon which the guarantees of life, liberty and freedom are founded. At a descriptive level, privacy postulates a bundle of entitlements and interests which lie at the foundation of ordered liberty.

Whether Right To Privacy Is Absolute?

The Supreme Court in the case of Puttaswamy (Supra) held that the state can interfere with the right to privacy to protect legitimate state interests subject to fulfillment of a threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate state aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.

It was pertinently held therein that...

The court further held that the right to privacy may also be infringed for protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits.

Thus, the Supreme Court while reading right to privacy as a part of life and personal liberty also acknowledged that such right would not be absolute and the state can impinge upon such right by a law, which is able to withstand the requirements as laid down therein.

Whether Mandate To Use Aarogya Setu App Qualifies The Tests Laid Down By The Supreme Court For Valid Intrusion On Right To Privacy?

It needs to be borne in mind that the application has been launched amidst a pandemic with the object of containing its spread and bringing awareness in the public at large with the risks posed by the virus as well as the safety measures to be adopted.

The order mandating use of the application has been passed by the Chairman of National Executive Committee (NEC) by virtue of the powers conferred under Section 10 of the Disaster Management Act, 2005.

Section 10(2)(l) of the said act empowers the NEC to lay down guidelines for or give directions to the concerned ministries or departments of government of India, state governments and state authorities regarding measures to be taken in response to any threatening disaster situation or disaster.

By exercising such power, the NEC has issued directions to all district magistrates (state authorities) for implementing lockdown measures as enlisted at Annexure-1 to the order. Condition number 15 at Annexure-1 to the order mandates usage of Aarogya Setu App by all employees working in public or private sector.

Thus, the order flows from a statutory provision and fulfills the first requirement of existence of law providing for invasion of right to privacy.

Secondly, if the order is read as a whole, the object of directives cumulatively is to ensure minimum spread of the virus, for which it is imperative to trace all contacts of Covid-19 positive patients.

The frequently asked questions (FAQs) on the App regarding privacy concerns due to access to GPS Data are answered, as...

A conjoint reading of the order passed by the NEC and the purpose of seeking access to GPS data as described on the App itself, the legitimate state aim, that is of securing public health in times of the pandemic is demonstrated. The state interest in procuring such details is apparent and cannot be termed to be excessive or malafide.

The final requirement for infringement on right to privacy is reasonableness. The data required is for the larger good and securing public health. The Supreme Court has in the case of Puttaswamy (Supra) cited an example that the access to health records of individuals in a health emergency can be held to be valid.

It is precisely for the said reason that the privacy of an individual is sought to be invaded in the present case. The application does not require any health data unless the self assessment is undertaken by any individual. The location of individuals would be immensely helpful to the authorities in minimising the spread of the virus.

The application does not require any data, which is not useful for the government to contain the spread of virus. It appears that the said mandate is now only applicable to public sector employees; which makes the mandate even more reasonable insofar as most of the public sector employees are themselves exposed to large number of people and thus need to be more vigilant about their health status.

This would also contain the spread of virus amongst the frontline workers in these crucial times. Thus, the last requirement of reasonableness with respect to a law invading right to privacy can also be said to have been satisfied.

The mandate to use Aarogya Setu App thus qualifies the tests laid down by the Supreme Court and does not amount to an illegal or unreasonable invasion on the right to privacy.

It also depicts state interest in seeking such data and therefore, justifies the ‘intrusion’. The government may not be able to check the implementation of such a directive, nevertheless, it does not appear to be illegal.