By Sohini Chatterjee and K.S. Roshan Menon
The conceptual obstacle in the Aarogya Setu debate has been the false dichotomy between privacy and public health. It is thus critical to reiterate – privacy is important even during a pandemic. In this article, we will argue that despite the government’s recent efforts, the Aarogya Setu application is still afflicted by privacy concerns. Addressing these concerns holds the promise of achieving a high efficacy – high privacy equilibrium for India. On the other hand, an inability to do so would sacrifice enduring civil liberties in exchange for immediate gains.
Privacy risks and accomplishments
The roadmap for building a proportionate and privacy compliant public health intervention was illuminated by the Supreme Court in various passages of its 2017 judgement in Puttaswamy. To contextualise some of the privacy principles acknowledged in Puttaswamy, a proportionate and privacy compliant Aarogya Setu would do the following – clearly inform users about the purposes of the application before collecting their data, obtain their consent to such collection or processing, only collect such data as is necessary for contact tracing (collection limitation), use such data only for protecting public health (purpose limitation), and finally, keep the design of the application clear and publicly available to help identify and address vulnerabilities.
It is worth noting that for Aarogya Setu, a robust commitment to these principles is a work in progress. At present, companies are no longer required to compel employees to use the application. The data sharing protocol ensures that personal data processed is only shared with governmental agencies for formulating appropriate health responses. However, the application still does not inspire trust with its data collection methods and lack of appropriate safeguards against indiscriminate use. For a transparent and trustworthy Aarogya Setu, the government is required to undertake some further steps.
We highlight five rungs the Aarogya Setu application must climb in order to safeguard civil liberties of individuals. First, it is critical for the decision-maker (currently the Indian government) to retain public trust and be perceived to act in the best interests of the public.
Hence, it is worth considering whether an independent body consisting of a variety of stakeholders may be better suited to the task of administering a digitally enabled contact tracing solution. Such a body could ensure much needed ethical oversight and inspire public confidence. Second, the application should address practical weakness arising from reliance on GPS and Bluetooth data. The precise accuracy of both GPS and Bluetooth data are suspect. Further, coders have drawn attention to underlying security weaknesses of Bluetooth deployment in such applications. It is also crucial to remember that geolocation data can potentially reveal confidential information about an individual, such as socio-economic status, religion, sexual orientation and health habits. Location data may be combined with other data points to paint a full picture of an individual. It is therefore advisable to exercise caution in the use of location data.
Third, the application must achieve ‘qualified transparency’ – transparency that promotes confidentiality while simultaneously helping users to understand how their privacy is affected by the relevant processing. For the same, the application must explain to the individual, the potential risks associated with contact tracing in a clear and user-adapted manner. Further, the application must not profile children, or at the very least, provide the parent/guardian of a child with specific information related to any decision arrived at by the application based on the information volunteered by the child.
Fourth, the application must institute relevant mechanisms to prevent a ‘mission creep’ for the Aarogya Setu. Examples such as making the application initially mandatory for air travel attest to this creep, opening up the possibility of linking the application to other services, such as travelling on trains or buses. This sets a dangerous precedent for the application, risking its transition into a pervasive tool that denies individuals access to public services. It is critical therefore, to implement legal safeguards that restrict the use of the application to contact tracing, self-assessment and dissemination of relevant information.
Fifth, the lack of equitable access to persons who do not own internet enabled smartphones could render whole communities vulnerable by skewing access to healthcare and exacerbating the spread of disease. This is particularly concerning because such communities may have higher rates of existing co-morbidities, feed essential services at greater risk of infection, and face greater barriers to healthcare. Moreover, residential segregation based on economic lines can mean that the spread of disease disproportionately affects particular communities. Such disparities will only entrench existing inequalities. Thus, the application must promote equitable access for the poor, aged and other marginalised groups.
The Aarogya Setu is a unique public health intervention that undertakes contact tracing, self-assessment and dissemination of information at the same time. Such interventions necessitate adjustments that preserve privacy, promote efficiency and minimally interfere with an individual’s constitutional rights. The five actionable rungs suggested above may hold the key to the same.
- Sohini Chatterjee is a Research Fellow and K.S. Roshan Menon is a Research Scholar at Shardul Amarchand Mangaldas & Co. Views expressed are the authors’ own.