It is only a matter of time before the lockdown starts to ease. The threat of COVID-19 , however, will continue. Studies say that there will be multiple waves of infection following the first wave. This will lead to a fundamental transformation in the role of the state in regulating society. Heightened epidemic surveillance by the government could lead to an increased risk of institutionalised surveillance of individuals. To protect large swathes of the population from possible exposure to the infection, the movement of individuals will also be heavily regulated.
Also read: Coronavirus | Survey of India maps to bolster Arogya Setu app
Purpose limitation
At present, the movement of individuals is subject to permits in various parts of the world, including India. In China, it’s alarming to note that a phone app was started as a voluntary service for informing users of their potential exposure to infected persons, but soon began to be used as an e-pass for allowing access to public transport. The situation in China raises similar concerns in India. The Aarogya Setu app launched by the government is designed to enable users who have come in contact with COVID-19 positive patients to be notified, traced and suitably supported. It has been criticised for not complying with data protection principles of data minimisation, purpose limitation, transparency and accountability, all of which are crucial to protecting the privacy of its users.
According to the app’s privacy policy, Aarogya Setu collects the personal data of its users and allows the disclosure of such data to the government to provide it with necessary details for “carrying out medical and administrative interventions necessary in relation to COVID-19.” Such vague articulation weakens the app’s purpose limitation. The government is also at liberty to revise the terms of the privacy policy at its discretion (and has done so) without notifying its users.
Given the design of the app, it is not difficult to conceive of the wide dangers of its misuse to carry out surveillance of users. Concomitantly, the app also equips the government with an instrument for restricting and regulating the right of freedom of movement of citizens, especially due to its fluid terms of service. Some reports suggest that the government is considering using the app as a criterion for restricting users’ movement. The potential restriction on freedom of movement will have considerable impact on an individual’s access to basic government benefits and services, thus endangering citizens’ right to life. For example, entry into banks and access to PDS may become subject to the colour coding of the person on the Aarogya Setu app. There is no limitation on the gamut of restrictions that may be imposed using the app. The resultant impact will be disproportionately higher on the most vulnerable sections of the society.
The unconstitutional bargain
A seemingly benign app based on voluntary consent is thus loaded with potential to be used as a tool to violate fundamental rights. Individuals may be forced to download the app to be able to access basic amenities and services. This situation could posit the problem of an unconstitutional condition or barter — a situation where citizens are forced to give up their rights (right to autonomy and privacy in this case) in exchange for government benefits. Further, the existing users of the app could be subject to arbitrary restrictions in their fundamental rights without their informed consent as they would not have foreseen such restrictions at the time of giving their consent to downloading the app.
The situation bears resemblance to Aadhaar. Originally designed as an optional programme to provide government benefits to citizens based on their voluntary consent, Aadhaar was later made compulsory, even for private services such as banking and mobile phone registrations. The Supreme Court then disallowed private parties from using Aadhaar for authentication on grounds that it exceeded its intended purpose.
To avoid unforeseeable dangers of mass surveillance and disproportionate restrictions of fundamental rights, it is therefore imperative that the Aaorgya Setu app is implemented only through law, especially since India lacks a comprehensive data protection or surveillance law. It is already a settled legal principle that any limitation of fundamental rights must be implemented only through a law pursuing legitimate state interest. Enacting such a law will not only subject government actions to limitations but will also facilitate its constitutional scrutiny.
Kashish Aneja, a practising lawyer in New Delhi, specialises in global health and privacy law; Nikhil Pratap is a practising lawyer in New Delhi
