The sudden outbreak of the pandemic has caused some major health care concerns
due to the high population density of India. With a viewpoint of monitoring the
risk involved in the transmission of the virus, the government launched a mobile
application named ‘Aarogya Setu’. The Supreme Court unanimously held in K.S.
Puttaswamy v. Union of India
[i] that the right to privacy is a fundamental right
protected under the ambit of Art. 21 of the Constitution. Justice DY Chandrachud
said that it is a basic right that emanates from the right to life and personal
liberty. Also, it is the constitutional core of human dignity.
Whether The Mandate Of ‘Aarogya Setu’ App Qualifies The Test Of Privacy As Laid By The Supreme Court In K.S. Puttaswamy?
The right to privacy is not absolute, and the state can interfere for the
preservation of state interest. The Apex Court in K.S. Puttaswamy's judgment
laid down a threefold reasonableness test for restricting the right to privacy.
- Legality (requirement of law)
- Necessity (with an aim & least restrictive alternative)
- Proportionality and Suitability (legitimate state purpose for the object
sought to be achieved)
The Order Of Mandating The Use Of ‘Aarogya Setu’ Flows From Statutory Provisions
It is pertinent to note that the mobile application has been launched amidst a
global pandemic for creating awareness and for curbing the massive spread of the
virus. It is for safeguarding the masses.
The order of mandating the use of the application for the public and private
sector employees has been passed by the Chairman of the National Executive
Committee (NEC) under Section 10[ii] of The Disaster Management Act,
2005. Section 10(l) of the act empowers the NEC to law down guidelines or to
give directions to the concerned ministry or department of the government for
the measures to be taken in response to threatening disaster situation or a
The NEC has issued directions for implementing lockdown guidelines and has
mandated the use of the App for public and private sector employees under the
power conferred in Section 10(1) of the act. Thus, it fulfills the first
requirement of the existence of law as laid down in K.S. Puttaswamy for limiting
the right to privacy.
The Aarogya Setu App Quififies The Test Of Necessity
The object of introducing an App is to ensure the minimum spread of the disease
by tracing the affected people. The app uses Bluetooth
as well as Location
for the tracing of the person infected with Coronavirus and informs
the person who is at risk of getting affected. Further, it helps to sanitize
places that might be affected. [iii]
Even if a person takes up a self-assessment
test on the App along with the location information, the government can
identify the hotspot places where the disease might spread. This helps the
government to control the further spread of the virus.[iv] It is not so simple
to control the spread of a virus in a densely populated nation like India.
possible through tracing the GPS information of affected people. The ‘Aarogya Setu’ app traces the affected people through GPS information provided by them
that constitutes an important aspect of its functioning. Such details are
intrinsic for the functioning of the App and could not be termed as excessive or
After analysing the order given by NEC and the purpose of seeking location, it
is crystal clear that the action of State aims to secure the public health
during the health emergency like situation. It fulfills the second requirement
as laid down in K.S. Puttaswamy that is a necessity for the betterment of the
The ‘Aarogya Setu App’ Has Legitimate Purpose With The Object Sought To Be Achieved
Taking access to the health record of someone is an invasion of privacy.
However, the Supreme Court of India has said that health records of an
individual can be accessed in the case of a health emergency. [v] The outbreak of
noble coronavirus has caused a health emergency like situation but accessing the
health records is immensely helpful to minimize its spread.
The App takes health-related data from the users only when one undertakes a
Also, the data received is for the larger interest of the
people that would help in minimizing the spread of the virus. That makes the
‘Aarogya Setu’ application Constitutionally valid. Thus, the last requirement
of ‘Proportionality & Suitability’ can be said to be fulfilled that is
essential to invade privacy.
The mandatory provisions of the App are only for the public sector employees now
as laid down in order given by the Ministry of Home Affairs on 30th May
2020.[vi] It is only advisory for the private sector. It is a legitimate order
as the public sector employees have a potentially high risk of getting in
contact with the virus because they are exposed to a large number of people.
Henceforth, the mandate of using ‘Aarogya Setu’ qualifies the tests laid down in
the judgment of K.S. Puttaswamy v. Union of India
. It does unreasonably invades
the privacy of the people and has legitimate functioning. Its objective
justifies the mandating use of the App for the public sector and has a
reasonable nexus with the health of the people.
The Data Is Preserved Anonysonously
The Aarogya Setu App is being criticized on various grounds for the invasion of
privacy. The data that is made available for research purposes by the NIC only
after following hard anonymization. It means that the identification of the
concerned person is impossible. It is done in consonance with the protocols laid
down by an expert committee appointed by the Principal Scientific Advisor to the
Government.[vii] Also, if any university or research institution tries to
identify the people from the available data, they would be liable for the
penalty for the same.[viii]
It has been observed in K.S. Puttaswamy v. Union of India
[ix] that unauthorized
parting of medical records is an invasion of privacy. However, if the state
preserves the anonymity of the data available, it can assert a valid state
interest for parting the health record. It can design appropriate policies for
the invasion of privacy to secure social benefits.
It is well settled that the health records of people are made available to
research institutions after following the hard anonymization. That makes the
identification of the people next to impossible. Also, the state can regulate
the right to privacy of health records when it is anonymized. So, the Aarogya
Setu App does not violate the privacy of the people.
Data Shared Is De-Identified
The data is shared only with the ministry, department, and public health care
institution of the government for assisting in the formulation or implementation
of critical health responses. The data shared is de-identified by randomly
generated IDs that are assigned to the data to prevent the identification of the
person.[x] Also, the NIC shall maintain a list of the agency with whom the data
Any department, ministry of government, NDMA, SDMA, or public health institution
with whom the data is shared shall strictly use it for its desired purpose and
not otherwise. They shall process response data in a fair, transparent
manner.[xii] Also, any response shall be shared with a third party only when it
is strictly important for the implementation and formulation of health response,
and not otherwise. The third-party will also be under the obligation of the
Henceforth, the data made available for the health responses protect the privacy
of the concerned individual by the process of de-identifying.
Aarogya Setu App Adheres To Privacy Concerns
The information collected from the user shall remain in the mobile device for
30days and on the server for 45days, incase the person is tested negative. Also,
the data of the person tested positive shall be purged from the server after 60
days of recovering from the virus.[xiv]
Every registered user has a right to cancel his/her registration from the App.
The data of the concerned person shall be deleted after the expiry of 30 days of
such cancellation.[xv] Also, the data provided during the process of
registration is stored in a secured encrypted server.[xvi]
Lastly, the Aarogya Setu Protocol shall remain in force for six months unless
extended by the Empowered group due to the continuation of a global pandemic
that acts as a sunset clause.[xvii] Therefore, the Aarogya Setu App has
transparency and also allows the user to withdraw his/her information. The data
is stored in an encrypted server for a limited period of time for controlling
the further spread of the virus. The app specifically asks for consent from the
users.[xviii] The Application adheres to the privacy of the users through its
Public Interest v/s Individual Interest
In case of a conflict among the community right or individual right, it is
former that prevails over the latter. The responsibility of an individual
towards society plays a vital role in the betterment of society. There exists a
public health contract in which the individuals forgo certain rights for
prevention of risk to society. [xix] The Supreme Court of California said that
the government has the authority to pass quarantine laws envisaging the
individual rights to protect the nation during an emergency.[xx]
Also, the WHO
has observed that surveillance in the time of quarantine was necessary to
monitor the spread of the SARS outbreak.[xxi] It is important to protect the
privacy of an individual. However, the protection of public interest stands on a
higher pedestal than an individual.
The Aarogya Setu Application satisfies the limitation test laid down by the
Supreme Court in K.S. Puttaswamy v. Union of India. Also, it preserves the
various facets of privacy through its functioning features. The people all over
the world share their ‘location’ and other data with various applications in
However, they are facing issues to provide the same for Aarogya Setu
application. The app is designed to regulate the spread of COVID-19 and
is for the public interest in an emergency like situation.
- 2017 SCC OnLine SC 762
- The Disaster Management Act 2005 § 10.
- The Aarogya Setu Data Access and Knowledge Sharing Protocol 2020.
- Ministry of Electronics and Information Technology, The Aarogya Setu Data
Access and Knowledge Sharing Protocol 2020 (Jun. 4, 2020).
- K.S. Puttaswamy, supra note 2, at 1.
- Ministry of Home Affairs, Guidelines for phased re-opening (Unlock 1)
(Jun. 4, 2020).
- The Aarogya Setu Data Access and Knowledge Sharing Protocol 2020 ¶ 8(a).
- Id. ¶ 9.
- K.S. Puttaswamy, Supra note 2, at 1.
- The Aarogya, Supra note 8, at 3,¶ 6(b).
- Id. ¶ 6(c).
- Id. ¶ 7.
- Id. ¶ 7.
- Id. ¶ 4.
- Id. ¶ 5.
- Id. ¶ 10.
- Barbera, J., et al., Large-Scale Quarantine Following Biological Terrorism
in the United States: Scientific Examination, Logistic and Legal Limits, and
Possible Consequences, 286 JAMA 2711, 2712 (2005).
- In re Culver, 187 Cal. 437, 202 P. 661 (1921).
- World Health Organization, First Global Consultation on SARS Epidemiology,
Travel Recommendations for Hebei Province (China), Situation in
Singapore-Update (Jul. 24, 2020, 06:34 PM), http://www.who.int/csr/sars/archive/