This article is part of a 5 part series authored by AnantLaw partners
Part 4: Data privacy & governments technology driven Covid-19 tackling mechanisms
Containment and Lockdown!! – the only strategy most governments (across the globe) have agreed to be an effective ‘solution’ against this pandemic. In an attempt to contain the COVID-19 pandemic, governments and other responsible authorities of various international jurisdictions including the USA, Europe, China, South Korea, Singapore and Iran, have deployed technology driven measures to cope with COVID-19 pandemic. These technology driven measures require rapid identification and quarantine of the infected individuals, determination of whom they have had close contact with, in the previous days and weeks, and decontamination of locations the infected individual has visited (in few countries followed by aggressive testing). This is achieved by inter alia tracking the locations, analyzing the data, thermal screening, contact tracing and mass surveillance. This raises potential questions as to how this innovative use of data directly or indirectly collected by the Government, may affect the privacy of an individual.
On the other hand, India (presently) does not have a data protection framework which can hold the government accountable for data privacy infringements, however, every action of the government will have to stand the scrutiny of ‘right to privacy’, which is a fundamental right. Therefore, the question arises, whether a technology driven measure which inter alia involves tracking the locations, analyzing the data, thermal screening, contact tracing and mass surveillance can be implemented in a country like India.
It is worth noting that the Disaster Management Act, 2005 and Epidemic Diseases Act, 1897 (currently invoked in India) empower the central government and other responsible authorities to take any measure, whatsoever, for prevention, or mitigation, or preparedness and capacity building for dealing with the threatening disaster/ epidemic, as it may consider necessary. The aforesaid legislations further provide immunity to the central government, state governments and other responsible authorities from legal processes undertaken in their official capacity.
The Technology Development Board (“TDB”), a statutory body under the Department of Science & Technology has already invited proposal applications from Indian companies and enterprises to address protection and home-based respiratory intervention for COVID-19 patients. The TDB has also proposed to provide financial assistance by means of soft loans to the companies (up to 50% of project cost @ 5% simple interest per annum) or equity participation (up to a maximum of 25% of the project cost). The TDB has inter alia invited technologically innovative solutions in low-cost masks which can capture virus from the air and absorb respiratory droplets, cost-effective thermal scanning, bioinformatics and surveillance as well as AI and IoT based solutions for contactless entry.
Meanwhile, the ‘Founders v. COVID-19’ movement in India has gained momentum wherein founders of more than 200 startups have joined together to develop and launch an application11 which is likely to act as a quarantine application and will live-track the patients who are in home quarantine and those who have tested positive and on basis of the same, perform contact tracing.
The application (named Aarogya Setu) (“App”) developed by the Ministry of Electronics and Information Technology (MeitY) was launched on April 2, 2020 and has already recorded 5 million downloads. The App tracks the registrants’ vicinity as long as their location is shared. Considering that this App has access to the government’s database of known coronavirus cases; it can directly alert its registrant with a notification when they come, even unknowingly near an infected person. A short registration process on the App involves making a choice of language and mobile number. One may skip the section which requires details such as name, age and gender. One of the features of the App facilitates a self assessment test; which seeks answer questions like - name, phone number, age, sex, profession, countries visited in last 30 days; and whether or not one is a smoker. The privacy policy of the App also indicates that upon registration the App is likely to collect the above mentioned information. As per news reports as well as App’s privacy policy, data of this App’s registrant will be uploaded to and used by only the Government of India in anonymized, aggregated datasets, however, such information can be shared with other necessary and relevant person to carry out medical and administrative interventions. The App does not allow the registrant’s name and mobile number to be disclosed to the public at large at any time.
To implement, what might be the outcome of the functions sought to be performed with this App (to fight COVID-19), several state governments have already introduced state specific regulations under the Epidemic Diseases Act, 1897 for instance the Delhi Government has introduced Delhi Epidemic Diseases COVID–19 Regulations, 2020 which allows surveillance of the infected or likely to be infected person, lawful. Thus, for the reasons that COVID-19 has incubation periods and asymptomatic manifestation, more new technologies are proposed to be deployed which is indeed a necessity in these unprecedented times. Alas, the dilemma of greater efficiency however, will come at the cost of reduced privacy. It is however expected that the government will inter alia regulate the access to such data which are collected by the apps, maintain the anonymization of data, decentralize the data, refrain from processing the data for purpose other than fighting COVID-19 pandemic and destroy the data as and when the world survives this pandemic.