Aarogya Setu App Encroach Upon Right to Privacy

Constitution of India is called the Fundamental Law of India, it is also called the Supreme Deed of Independent India and also known as Living Document of Nation. It is clearing the doctrine, Powers of Separation, which explaining functional system of rules, structures and principles of our nation. The Constitution is defined as ‘a set of devices to subject the freedom of the holders of political power to limitation and restraints, it provides the citizen and other people, Liberty, Equality, Fraternity, Freedom. The Constitution of India has created a constitutionalism environments in our country, it is also helpful to remembering us the ideal goal for freedom fights. . In the world largest democracy country i.e. INDIA is also known for their great constitution. It is reflects, Sovereign, Socialist, Secular, Democratic Republic, Justice, Liberty, Equality, Fraternity. Our Constitution was adopted by Constituent assembly of India on 26th November 1949 and become effective on 26th January 1950.

Governor Charles Evans Hughes once said “We are under a Constitution, but the Constitution is what the Judges say is”. [1]With 395 articles and over 117,000 words in our Indian Constitution, it took almost three years to draft our constitution. Our constitution contains number of things as it is Quasi Federal Structure. Indian Constitution lays down the basic structure of political system and other effective systems under which people are governed by it. It defines the main organs of the state legislature, executive and judiciary also their powers. Constitution demarcates their responsibilities and their relationships.

However, every constitution represents the vision and value for its country. So, it can be clearly stated that our Indian Constitution is framed for the purpose of considering and adopting a constituent assembly and also in order to provide rights and freedoms to the people of our nation.

Our constitution has been drawn from various sources, it has 22 parts and 8 schedules and each part has their different roles in it. In in its Part III it consists of fundamental rights, these fundamental rights constitutes the Magna Carta of individual liberty and human rights. The Fundamental rights have been stated under Article 14 to 31 of our Indian Constitution which provides the rights based on equality, freedom, against exploitation, cultural and education. Article 19-22, are the soul of the human rights in India these are also known as right to freedom. Article 21 of our constitution states that “No person shall be deprived of his life or personal liberty except according to procedure established by law”. [2]This article also states regarding “right to privacy” under it by widening up the dimensions of the word “life”.

Privacy has been stated as a dynamic concept which has been attempted to explain but still it has not been defined exhaustively. As per Black’s Law Dictionary, the term privacy means” a person’s right to be let alone and also a right to be free from any unwarranted publicity or unwarranted  publicity or unwarranted public interference in matters in which public must be concerned about”. [3]It is considered as a crucial term of our society has and it has been emerged in our society from past few years. It is an inalienable right, as our country is a signatory to the UDHR convention in which the right to privacy is part of it and it the duty of the state to abide by it. So, the right to privacy has been granted by the state as fundamental right under Article 21 of Indian Constitution.

Privacy is a human right recognized by the United Nations in the Universal Declaration Of Fundamental Rights (UDHR), but there was no specific provision for it under our constitution, even there was no provision under our constitution specifically dealing with information or personal data and the extent to which that is shared with other parties. But its need was understand by the Supreme Court of our country with changing of technologies and use of internet and other things even our bank accounts are also linked with phones and internet. So, the Supreme Court on 24 August 2017, made a historic judgement and declared the right to privacy as a fundamental right protected under the Indian Constitution under Article 21. This judgement was pronounced in respect of a reference made in connection with the legal challenge to India’s national identity project “Aadhar”.[4]

In this case of K. S. Puttaswamy (Retd.) v. Union of India[5] the ‘Aadhar Card Scheme’ was challenged on ground of collecting and compiling the demographic and biometric data of the people of our country for various purposes which is completely a breach of the fundamental right of privacy. The court clearly stated that “held that the Unique Identity Authority of India (UIDAI) cannot transfer any biometric data without the consent of the person.” Several rights have been covered under right to privacy which includes telephone tapping, personal intimacies of the home, marriage, family, motherhood, etc.

Aarogya Setu App and Privacy Problems

Everywhere in the world this corona epidemic is at very high rate, and for this every country is taking different measures in order to end this epidemic disease. In order to face this citizens willingly gone into lockdown with so manty strict restrictions on their freedom and privacy. This issue of privacy against this app was raised by the opposition leader Rahul Gandhi against this government’s initiative of Aarogya Setu calling it as surveillance system and from there it raised worries over data security or privacy issues of user’s at stake. However, the concept of this app has been taken from Taiwan, Singapore but those countries are having stringent data protection laws to protect the individual privacy rights. But in our country the Personal Data Protection Bill, 2019 still pending in Parliament, The only other legislation in this respect is IT Act 2000 along with its rules but still the provisions have limited scope. They don’t lay any framework regarding state intervention.

Our Country government introduced the new app in respect of it and also making it mandatory to people to download a surveillance application which continuously monitors an individual’s movement and also records the movement of people who came in contact with him. Even The Ministry of Home Affairs (MHA) has stated to make the Aarogya Setu app mandatory for all individuals wherever they are either in home, workplace or outside etc. This app has several security related back draws and it can also became a surveillance tool for the government. This app continuously seeks to access to location and also uses Bluetooth technology and most of the tracing apps works on the same principle. 

As this app need to have continuos location of information for its social movement and use of Bluetooth to alert the people when they come in contact with a covid-19 positive persons. The government pushes for aggressive adoption of this app. It uses a Bluetooth and GPS location, it allows the user to aware the person from Covid 19. “The privacy policy of the app is completely silent on as to what security practices are being followed. Merely saying that data is kept secure through encryption is nothing but lip service. They need to give more details on the security procedures and answer what level of encryption is being used,” said Pavan Duggal, a cyber law expert in Hindustan times.[6]

As every person is entitled to protect his or her personal information from public encroachment. While in this app the information is taken through the device id hash and it gets uploaded to the government servers. This information can be shared with any person engaged in carrying out medical and administrative interventions, as per the app’s privacy policy. This app is not carried by any law, ordinance or regulation, it is being run by the National Informatics Centre under the Ministry of Electronics and Information Technology. But this app is being run by a government agency which clearly means that government has a power to use the data, without any accountability mechanism.

As discussed the Information Technology Act, 2000 has clearly specified the provisions for punishment of breach of secrecy and confidentiality under Section 72 and 72 A[7]. But still these provisions are not able to applicable in present situation because there is no clarity regarding various factors for example the aptness of the applicability of the doctrine of the lifting of the corporate veil. Even the court laid down the three fold test for a legitimate encroachment of privacy in case of K. S. Puttaswamy (Retd.) v Union of India which are (1) Legality – There must be a law in existence to justify the encroachment; (2) Legitimate Aim – the intervention must be for fulfilling a legitimate state interest; (3) Proportionality – the encroachment should not be disproportionate to the purpose. Justice Kaul in his concurring opinion went further to add a fourth element -Procedural Safeguards, to prevent abuse of the state intervention.[8]

So, the court and constitution empowers the state to take valid steps in order to preservation of public health and in such epidemic situation they introduced this application but this application is goes clearly against the privacy concern. In Economic times it has been given in one of the article, the IFF’s parliamentary and policy counsel stated that “In Singapore, for instance, the ministry of health has access to data of its contact-tracing app and decision-making powers, besides clearly stating its purpose of concentration towards disease control and spread. In India’s case, the disclosed purpose for the app is vague enough for the government to repurpose it or expand its scope”. [9]The government has not stated or given the exact thing regarding the information taken by it from the application.

The terms of service of this application clearly removes the liability of government, it states that “You agree and acknowledge that the Government of India will not be liable for any claims in relation to the use of the App, including but not limited to (a) your inability to access or use the App or the Services ; (b) the failure of App or the Services to accurately identify persons in your proximity who have tested positive to COVID-19; (c) the accuracy of information provided by the App or the Services as to whether the persons you have come in contact within the fact has been affected by COVID-19; (d) any unauthorized access to your information or modification thereof.[10]

This app clearly violates the privacy of an individual as there is no such legislation dealing in respect of it. There are two hackers from France they interrogated the data collected by this app without any authorized access. According to one of the hacker Elliot Alderson he stated that “any attacker can open app’s internal file, which have local data base, used by the app. The attacker, may also know who is infected anywhere in India, in the area of his choice, due to app’s malfunctioning ability to know the location or radius of user”. [11]This statement was highlighted in newspapers and news media also. This application clearly questions the Fundamental Right and Human Right violation of privacy.


Aarogya Setu is an application made as a vehicle of disaster management and the initiative behind this app might be good as to keep watch on the spread of the virus infected persons. But this doesn’t mean that the government is allowed to look into privacy although it is not proved but still the fear of privacy is on. This application encroach upon the privacy of an individual At this time of epidemic the health is more important than that of privacy, yes this app is violating the right of privacy but our government should introduce the Personal Data Protection Bill which is still pending in order to regulate this epidemic of COVID-19.


  1. https://www.defindia.org/wpcontent/uploads/2017/09/Privacy%20in%20India%20in%20the%20Age%20of%20Big%20Data.pdf
  2. https://www.worldwidejournals.com/paripex/recent_issues_pdf/2018/August/August_2018_1534776050__142.pdf
  3. https://www.bbc.com/news/world-asia-india-52659520
  4. https://indiankanoon.org/doc/91938676/

[1] GovernorCharles Evans Hughes statement

[2] Article 21 of The Constitution of India 1949

[3] Black’s Law Dictionary

[4] K. S. Puttaswamy (Retd.) v Union of India (2017) 10 SCC 1

[5] (2017) 10 SCC 1

[6] Pavan Duggal cyber law expert

[7] Information Technology Act, 2000

[8] (2017) 10 SCC 1

[9]Sidharth deb author of the article in Economic times

[10]Terms and privacy policy of Aarogya Setu on the App Store

[11] Elliot Alderson a hacker from France; statement given under Business Times Newspaper

Leave a Reply

Your email address will not be published. Required fields are marked *