Opinions and Legal Insights

A violation of Right to Privacy- Aarogya Setu app

Vijaya Gupta | School of Law, Bennett University | 30th August 2020


Today, every country in the world is fighting with the novel coronavirus diseases. Many people in the world have lost their lives after getting infected with this virus. The Government of every country has taken various measures to protect people getting infected form this deadly virus. The Government advised the citizens to maintain social distance and take proper precautions while they are out for some work. 

The Government of India had announced nationwide lockdown for 21 days in India after the outbreak of coronavirus in the country. The Central and State Government along with various healthcare officials, non-profit government organizations took various steps to protect the citizens and to slowdown the spread of COVID-19 in the country. After 21 days, the lockdown was extended by the Government because of the rise of the coronavirus cases in the country. During the second lockdown, the Central Government launched Aarogya Setu App, a contact tracing app through which the server will record the data of all the people who came in contact with infected people to limit the spread of coronavirus. It is an app which uses both GPS and Bluetooth to determine the location of the users, when and where the person came in contact with the infected person. The App collects various information of a person such as name, gender, age, profession, phone number, travel history, present location, access to the contacts and health status. Within few days, the app had 98 million downloads and was the fastest downloading app of all time. The App records all the data of the person and accessed by the Government whenever necessary. After the launching of the app, every company, local authorities, societies made it mandatory to download the app. The Government also made mandatory for the travelers to download the Aarogya Setu App while travelling through train or flight. The users had privacy concerns in the App as it is collecting personal data and tracking location with Bluetooth and GPS technology. Therefore, the question arises whether the App is invading the right to privacy of the citizen in the country. 


Privacy is an important concept in every life of the person. With the advancement of technology, it is necessary to protect and maintain privacy of each person. In our country, there is no proper data protection law in our country which legally protects the sensitive data of the citizens. With the existing legal provisions such as Information Technology Act, 2000, there is limited protection to the data of the citizens of India. Hence, there is very less protection to data privacy in our country. This issue was raised in the case of K.S. Puttuswamy v. Union of India, it was held that the privacy of the individual is an essential aspect of dignity. The ability of the individual o protect a zone of privacy enables the realization of the full value of life and liberty.[1]

In this landmark judgment Justice DY Chandrachud laid down three fold test for encroachment on privacy– 1) There must be a law in existence to justify the encroachment 2) The intervention must be for fulfilling a legitimate state interest 3) The encroachment should not be disproportionate to the purpose.[2]

Analyzing the App with the test stated in Justice K.S. Puttuswamy v. Union of India, it is seen that the App is not backed by any particular law but it has been made under Section 35 of Disaster Management Act, 2005 which gives the power to the Central Government to make rules whenever it is necessary. There is a legitimate aim to invade the privacy of a person in this case as it uses the information to suspect coronavirus patient and to trace that how many people had came in contact with the infected person. For this aim, there must large smartphone base which consist of 60-70% population as per the policy. But as per the India Internet 2019 report by IAMAI and Nielsen, the benchmark of smartphone is below the line[3]. This shows that there is no connection between the aim of the State and the policy implemented by the State. This concludes that the App has failed the second test. While studying the test of proportionality, it is necessary to determine whether the said law is acting as a reasonable restriction in the fundamental right to privacy. In this case, the privacy policy of the App states that the Government is not liable for any unauthorized access of information. It also states that for the personal information can be used for  necessary medical and administrative interventions. But the policy also states that all personal information is stated in an anonymized manner. This shows that though the App stores the information in encrypted form but it does not guarantee that if the information can be used by any unauthorized user. Therefore, it does not pass the test of proportionality. As the App does not fulfill the criteria mentioned in the test, therefore it invades the right to privacy of a person and challenge stating that the encroachment is unreasonable. 

After few weeks of the launch of the App, there were many legal, privacy and security issues relating to the App. It is stated that the information can be used for medical and administrative interventions. This states that the personal information can be used by any department of the Government. There is no specified rules and regulations by the Government in the App regarding the security to protect the collected data. There is no proper legal framework to control the work of the App apart from privacy policy and terms of use. Apart from the legal issues of the App, there were many other security and technical issues regarding the App. The app will be able to provide reliable results only if 60% of the population will download the App but according to reports there are only 24% Indian population own a smartphone.[4]Many questions were raised regarding the use of both location and Bluetooth, and not only Bluetooth as a source to track the users of the app because the geographic location can be misused by any unauthorized users. The App is not open source and it is not available to the public as there was fear to point flaws in the app’s development.[5]The security issue is one of the major issues in the Aarogya Setu App. There was a person who had hacked the App and stopped it from gathering the data from GPS and Bluetooth. It was also stated by the India’s cyber security agency that there were many phishing attacks in the name of the App and it was at a rise during this pandemic situation

Recently, the Ministry of Electronics and Information Technology of India released Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020. In this protocol, the government has given certain clarifications regarding the app such as the data can be used by other departments of the Government. But the protocol did not the clear the fact of using both Bluetooth and GPS for tracking the users and also about the data collected and stored in an anonymized manner.  


Privacy is an vital aspect in an individual’s life. Both are protected and an intrinsic part of Article 21. Today, every country is fighting with the novel coronavirus disease and taking different measures in order to keep their citizens safe. One of the measure is the contact tracing app where the app tracks the users using GPS or Bluetooth or both. India also launched a contact tracing app named Aarogya Setu App which uses both Bluetooth and GPS for tracking the users. There were many legal flaws stated in the Aarogya Setu App main being the violation of fundamental right to privacy as per the test stated in the Puttuswamy case. Though the Government is trying to protect the citizens from coronavirus but it is also necessary to protect the privacy of every citizen in the country. The App has different privacy issues and it is important to resolve all the issues the data stored with the Government is for the public interest. The Government can make the App as an open source code and maintain the transparency with the citizens. It should also secure the data within themselves and do not share with the third party. With all these effective changes, the App will create a proper balance between security, privacy and the protection of public health. 

[1] Justice K.S. Puttuswamy v. Union of India, (2017) 10 SCC 1

[2] Ibid.

[3] India Internet 2019, Internet and Mobile Association of India, Nielsen, available at https://cms.iamai.in/Content/ResearchPapers/d3654bcc-002f-4fc7-ab39-e1fbeb00005d.pdf, (last visited on August 29, 2020)

[4] Shashank Mohan, No Covid-19 silver bullet: Aarogya Setu endangers India’s Privacy and Its Usefulness is uncertain, May 12, 2020, available at https://scroll.in/article/961641/no-covid-19-silver-bullet-aarogya-setu-endangers-indias-privacy-and-its-usefulness-is-uncertain, (last visited on August 29, 2020)

[5] Andrew Clarance, Aarogya Set App: Why India’s Covid-19 Contact Tracing App is Contraversial, May 14, 2020, available at https://www.bbc.com/news/world-asia-india-52659520, (last visited on August 29, 2020)

The post A violation of Right to Privacy- Aarogya Setu app appeared first on LexForti Legal News & Journal.