Computers, Privacy & the Constitution
DATA PRIVACY IN THE WORLD WHERE COVID-19 EXISTS : INDIA

Citizens of the world in normal circumstances have time and again had to fight with their governments for data privacy, the world we are in now makes it even so more difficult. In the Covid-19 times, the use of people's data is the only way that can get us out of the situation. However, there must be an attempt to be a balance between need of such private data and the right to health.

In India, Kerala High Court in the case of Balu Gopalakrishnan v. State of Kerala issued interim order directing the Government of Kerala to anonymize all the data that have been collected and collated from the citizens of the State with respect to the pandemic. It also directed to anonymize the data and only then provide it to Sprinklr, which was to be used to process and analyze data with regard to patients and those vulnerable and susceptible to Covid-19 in the state of Kerala1.

This was a very fresh and surprising ruling with respect to data privacy. Such a ruling was required, because India has no guidelines for online data protection and no policy set out for how the Indian Government or the Indian State Governments protect data. There is a need for laws, policies and oversight mechanisms to place strict limits on the use of digital proximity tracking technologies and on any research that uses the data generated by such technologies2. The launch of Aarogya setu App, India's contact tracing mobile app, is a proof of how an app launched for keeping track of Covid-19 positive persons is violating people’s privacy. *

Download Aarogya Setu App as a Bail Condition*

The whole purpose behind the Aarogya Setu App was for contact tracing to help manage the pandemic situation in India. The purpose of the App was to achieve a public health objective and was to be used only for the limited scope. On 11th May 2020, the Ministry of Electronics and Information Technology had released its data-sharing protocol for Aarogya Setu on how the data will be used3. As per the said protocol, such data was to be used strictly for the purpose of formulating or implementing appropriate health responses and constantly improving such responses. However, on 15th April 2021, a Delhi Court granted bail to an activist Umar Khalid upon installation of the Aarogya Setu app on his phone upon his release amongst other bail conditions4. Never has a Court in the past one year posed this condition for a bail. In violation of the underlying protocols and policy, the said App is now used as a device for surveillance of alleged criminals.

Additionally, in light of a Right to Information (RTI) query, it was found out that a chief medical officer shared users’ data with the police in Kulgam District of Jammu & Kashmir.

Mandatory use of the App

The digital rights organization Internet Freedom Foundation (IFF) called the app a “privacy minefield” and that it does not adhere to the principles of minimization, strict purpose limitation, transparency and accountability. The executive director of IFF even said that “the app runs very palpable risks of either expanding in scope of becoming a permanent surveillance architecture”. As per the Interim Guidance issued by WHO , Governments should not be mandating use of such an application. However, the Government of India has made the app mandatory under the Disaster Management Act, however there is no law that authorizes the app’s use. The use of the app is not authorised by any elected members of the Parliament.

Too many cooks...

As per the App's policy "persons carrying out medical and administrative interventions necessary in relation to Covid-19" can have access to the data from Aarogya Setu App.There is no defined Ministry or Committee that will have an access and is very broad which keeps the access to the data open to undefinable people.

Sunset Clause

The Sunset Clause in the Protocol states that the Empowered Group will review this Protocol after a period of 6 months from the date of its notification or may do so, at such earlier time as it deems fit. However, this review is only for the Protocol and not for the App itself. Therefore, there is no indication that the use of the app must stop after the pandemic ends. It was very well possible that the Government may expand the scope of the App like how it is done in Singapore. In Singapore, the TraceTogether? App which was launched for beating the pandemic is now being used for the purpose of criminal investigations.

Future of Data Privacy

The Personal Data Protection Bill introduced in Parliament in December 2019 aims to protect personal data of people in India. Although not many experts are happy with the said Bill and have an opinion of it having many loopholes, it is time such a Bill, which is drafted on the basis of GDPR is passed by the Government soon. The biggest loophole being, government agencies being exempt from the Bill's requirements.

the Right Balance*

The Aarogya Setu Application over all seems to have helped the government in keeping track of people who have been tested positive for the virus and alert people about the number of infected cases in their area.What is needed in the situation is the balance between Right to Privacy and Right to Health. With improved Deep Learning techniques employed and fixing data privacy issues in a more secure manner, the application can be useful to curb the spread of the virus while taking into consideration the privacy concerns. Governments in democratic societies, must make an extra effort to make reasonable efforts to instill confidence amongst its people for using these apps. However, the Government in India is now more concerned about the health (considering the rising cases of Covid in India) but the citizens maybe wary and the Courts must come to the rescue of the citizens just like the Kerala High Court. Civil society organizations, although having the right to warn against data misuse by such apps, also have an added responsibility during pandemics of avoiding being adversely critical and cause cause complete distrust on the government.

1.https://globalfreedomofexpression.columbia.edu/wp-content/uploads/2020/05/Balu-gopalakrishnan-v-State-of-kerala.pdf 2. https://www.who.int/publications/i/item/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1 3. https://www.meity.gov.in/writereaddata/files/Aarogya_Setu_data_access_knowledge_Protocol.pdf 4. https://images.assettype.com/barandbench/2021-04/1e7fddbf-5036-4a0f-8ba6-17db26b3a441/State_vs_Umar_Khalid___Khajuri_Khas___bail_order.pdf

Navigation

Webs Webs

r3 - 21 May 2021 - 12:07:03 - AparnaPujar
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM