- Home
- /
- News Updates
- /
- 'Harmonise Contact Tracing With The...
'Harmonise Contact Tracing With The Right To Privacy': New Plea In Kerala HC Against Mandatory Use Of 'Aarogya Setu' App For Employees
Akshita Saxena
11 May 2020 1:44 PM IST
"Mandatory imposition of Aarogya Setu on persons under threat of criminal prosecution, making it a condition to the exercise of other basic rights and services, including the right to practice a profession or carry on an occupation, trade, or business under Article 19(1)(g) of the Constitution, amounts to an unconstitutional condition." A petition has been filed in the Kerala High...
"Mandatory imposition of Aarogya Setu on persons under threat of criminal prosecution, making it a condition to the exercise of other basic rights and services, including the right to practice a profession or carry on an occupation, trade, or business under Article 19(1)(g) of the Constitution, amounts to an unconstitutional condition."
A petition has been filed in the Kerala High Court, challenging the "unconstitutional, unduly onerous and privacy infringing" directives issued by the Centre making the use of 'Aarogya Setu' app mandatory for public and private employees and persons residing in containment zones.
The plea has been filed by the Managing Partner of Leetha Industries, Jackson Mathew, who has been made responsible, in the aftermath of the Govt order, to ensure 100% coverage of the App in his organization.
At the outset, the Petitioner has clarified that he does not contest the use of "contact-tracing apps" however, strives to highlight that the Aarogya Setu app, in its present form, "disproportionately invades" the Constitutional rights of individuals. He has thus prayed for harmonization of contact tracing with the right to privacy of individuals.
The plea states that existence of a pandemic does not efface the Constitutional rights of individuals and hence, contact tracing must be "reconciled" with these rights. However, it is pointed out that Contact-tracing apps are experimental technology whose harms are not yet fully understood.
"By their very nature, contact tracing apps collect, store, and use sensitive personal data. For this reason, their utilisation raises serious questions about the rights to privacy, data protection and security, and informational self-determination," the plea states.
The Petitioner has submitted that when compared to alternatives in use in other countries, Aarogya Setu is significantly more intrusive in terms of data collection. He has emphasized that the Aarogya Setu creates a centralised data collection system, by design. This is opposed to a decentralised system, which is in use in many countries.
"A decentralised system is relatively as efficacious in tackling Covid-19, while being significantly more protective of privacy and other fundamental rights. Consequently, despite the availability – and international use - of less intrusive alternatives, the Indian government has chosen a more intrusive alternative, with no explanation as to whether other models were considered, or why they were rejected. It is important to note that design choices in cases involving data collection are not merely questions of policy, but directly impact fundamental rights, and are therefore subject to rigorous judicial review," the Petitioner has submitted.
In particular, Petitioner has pointed out the following issues with the Aarogya Setu app:
Mandatory download of Aarogya Setu constitutes an infringement of the right to privacy, dignity, and liberty under Article 21 of the Constitution of India
- The App violates core principles of data privacy (as set out by the Supreme Court in KS Puttaswamy v. Union of India, (2017) 10 SCC 1 and KS Puttaswamy v. Union of India (II), (2019) 1 SCC 1), including "purpose limitation" and "data minimization";
- It collects more personal data than is required to combat Covid-19 through contact-tracing, thus violating the principle of collection limitation;
- There is no prohibition against the sharing of personal information amongst different government departments of the Government of India, thus creating an enabling structure of surveillance and use of the data collected on the app for purposes other than tackling Covid-19 (such as, for example, use by the police);
- The App violates the basic precept of privacy by coercing consent under threat of prosecution and constitutes a prima facie violation of Article 21.
Impugned Order fails to satisfy the requirement of legality as it lacks any legislative basis
- Mandatory imposition of Aarogya Setu is prima facie contrary to Articles 14, 19, and 21 for it lacks a valid legal basis, and solely relies upon executive instructions.
- Reliance is placed on State of Madhya Pradesh v. Thakur Bharat Singh, 1967 (2) SCR 454, whereby it was held that all executive action, which operates to the prejudice of any person, must have the authority of law to support it.
- Neither the provisions of the Disaster Management Act or the Epidemic Diseases Act authorise the Respondent to infringe the privacy rights of Indian citizens.
The App lacks both a legal framework, and legally enforceable procedural safeguards against abuse
- The only safeguards and privacy protections currently can be found in the "Terms of Service" and the 'Privacy Policy" of the app, which can be changed unilaterally at the instance of Union of India. Thus, the fundamental right to privacy of the Petitioner is subject to a one-sided contract that he has been forced to enter into with Union of India, under the threat of criminal sanctions;
- Contact tracing apps are experimental technologies, with their efficacy under doubt, and numerous privacy concerns. For this reason, their use - if they are to be used - must take place within a strict rule of law framework, and must be "self-limiting by design" - that is, these apps should disable themselves after the pandemic is over. However, there is no such "sunset clause" in the Aarogya Setu App.
Executive guidelines requiring employers to ensure 100% coverage of Aarogya Setu creates an undue and unconstitutional burden upon, inter alia, private employers;
- Besides casting an undue burden upon employers such as the Petitioner, the app is prima facie contrary to law for it renders employers "vicariously liable" for potential criminal acts of employees, in the absence of a clear legislative basis for the imposition of such liability.
"The proportionality standard is the appropriate standard of review to evaluate the constitutionality of the Impugned Order, and under the proportionality standard, on demonstration of a prima facie infringement of a constitutional right, the burden of justification shifts to the State," the Petitioner has argued.
The Petitioner has thus prayed that the provision that requires employers to ensure 100% coverage of Aarogya Setu App be declared unconstitutional.
In the alternative, he has sought that Section 10(2)(1) of the Disaster Management Act, 2005 be read down to "exclude the collection of personal data and sensitive personal data of individuals" without a separate anchoring legislative framework in place, which complies with the constitutional standards and the requirement of proportionality.
As an interim relief, the Petitioner has prayed for an injunction, restraining the concerned authorities from taking any coercive action against the Petitioner for failure to comply with the impugned Order. He has also sought for constitution of a High Powered Committee with independent members to examine the privacy practices and security architecture of the Aarogya Setu app.
Counsels for the Petitioner- Santhosh Mathew, Arun Thomas, Jennis Stephen, Vijay V. Paul, Karthika Maria, Veena Raveendran, Anil Sebastian Pulickel, Divya Sara George, Jaisy Elza Joe, Abi Benny Areeckal & Leah Rachel Ninan.
In related news, the Kerala High Court had sought the response of the Central Government in a similar petition. A division bench comprising Justices Shaji P Chaly and M R Anitha had posted the matter on May 12.