- AI
- Arbitration
- Asia
- Automobile
- Bangladesh
- Banking
- Biodiversity
- Biological Inventions
- bLAWgathon
- Brand Valuation
- Business
- Celebrity Rights
- Company Act
- Company Law
- Competition Law
- Constitutional Law
- Consumer Law
- Consumer Protection Authority
- Copyright
- Copyright Infringement
- Copyright Litigation
- Corporate Law
- Counterfeiting
- Covid
- Design
- Digital Media
- Digital Right Management
- Dispute
- Educational Conferences/ Seminar
- Environment Law Practice
- ESIC Act
- EX-Parte
- Farmer Right
- Fashion Law
- FDI
- FERs
- Foreign Law
- Gaming Industry
- GDPR
- Geographical Indication (GI)
- GIg Economy
- Hi Tech Patent Commercialisation
- Hi Tech Patent Litigation
- IBC
- India
- Indonesia
- Intellectual Property
- Intellectual Property Protection
- IP Commercialization
- IP Licensing
- IP Litigation
- IP Practice in India
- IPAB
- IPAB Decisions
- IVF technique
- Judiciary
- Khadi Industries
- labour Law
- Legal Case
- Legal Issues
- Lex Causae
- Licensing
- Live-in relationships
- Lok Sabha Bill
- Marriage Act
- Maternity Benefit Act
- Media & Entertainment Law
- Member of Parliament
- Mergers & Acquisition
- Myanmar
- NCLT
- NEPAL
- News & Updates
- Non-Disclosure Agreement
- Online Gaming
- Patent Act
- Patent Commercialisation
- Patent Fess
- Patent Filing
- patent infringement
- Patent Licensing
- Patent Litigation
- Patent Marketing
- Patent Opposition
- Patent Rule Amendment
- Patents
- pharma
- Pharma- biotech- Patent Commercialisation
- Pharma/Biotech Patent Litigations
- Pollution
- Posh Act
- Protection of SMEs
- RERA
- Section 3(D)
- Signapore
- Social Media
- Sports Law
- Stamp Duty
- Stock Exchange
- Surrogacy in India
- TAX
- Technology
- Telecom Law
- Telecommunications
- Thailand
- Trademark
- Trademark Infringement
- Trademark Litigation
- Traditional Knowledge
- UAE
- Uncategorized
- USPTO
- Vietnam
- WIPO
Introduction
Recently, the Karnataka High Court passed an interim order on 27th January 2021, by which it prohibited the Government of India and National Informatics Centre (NIC) from sharing the health data of citizens without their informed consent. The court observed that sharing the responses of the users of the Aarogya Setu app without their consent will be a violation of the right to privacy under Article 21 of the Constitution of India.
Brief Facts
In the present case, the writ petition was filed by the petitioner under Article 226 praying the court to direct the government of India, NIC, and other responsible parties to make the use of the Aarogya Setu app released by the NIC voluntary by the citizens and several other directions.
The issue raised by the petitioner is that the Aarogya Setu app was introduced by the Hon’ble Prime Minister on 24th March 2020 after the nationwide lockdown. More than one hundred million users have downloaded the app to date.
The petitioner raised several questions on the use of the response data submitted by the users on the Aarogya Setu app and whether the government of India has the right to transfer the personal data of the users saved in the server of the Aarogya Setu app without the consent of the users.
The petitioner in the petition has prayed for the following directions:
- A writ of mandamus directing the authorities to make the use of app voluntary by citizens.
- A declaration that the app is not required for availing the government service or facility.
- A writ of mandamus directing the respondent no. 6 and 7 to release the complete and corresponding source code of all the versions (current and future) of the Aarogya Setu application.
- A direction to the respondents to delete the data collected on the app at the time of registration after the declaration is made by the appropriate authority that the pandemic is over.
- A direction to the respondents for not transferring the personal data of the citizens collected on the app to third parties except the cases where such transfer is required for the treatment of a patient. Moreover, the data shared with the third parties should also be deleted once the pandemic is over.
- An order setting aside Clause 3(vii) of Annexure N issued by respondent no. 8. This clause makes the installation of the Aarogya Setu app compulsory to prevent the spread of the virus in the offices.
- A direction to respondent no. 9 not to make the use of the Aarogya Setu app mandatory for the commuters traveling in Bangalore Metro.
- An order of injunction to prevent the respondents from using the app and the data collected thereon.
Meanwhile, the petitioner made an interim prayer before the court in which the petitioner has prayed the court for the issuance of the following directions:
- To put a stay on Clause 15 of National Directives for Covid-19 Management.
- A direction should be made to the respondent not to make the use of the app compulsory for accessing any service, and the services should not be denied to any person on the same ground.
- An order restraining the respondents from proceeding with the app and the data collected thereon till the disposal of the petition by the court.
This court vides its order dated 19th October 2020 declared that the Central and State Government cannot deny the benefit of any services to a citizen on the ground of non-installation of the app till the disposal of the petition. However, the Government of India, Bangalore Metro, and Airport Authority have taken a stand on various occasions before the court that as per the orders passed by the National Executive Committee under National Disaster Management Act, 2005, the use of the app for traveling is not mandatory and the usage of the app is completely voluntary. As per Clause 3(vii) of the Standard Operating Procedure dated 4th June 2020, the installation and use of the Aarogya Setu app shall be advised to all. It is merely an advisory clause.
Arguments Raised By the Parties
For supporting the arguments raised in the petition, the petitioner has relied on the landmark judgment passed by the Apex Court in the case of Justice K.S. Puttawamy (retired) vs Union of India, in which the Right to Privacy was declared as a fundamental right under Article 21 of the Constitution of India. Relying on the Puttaswamy judgment, the petitioner argued that the data controller is not entitled to disclose the personal data of the users of the app to third parties without taking the informed consent of the users. The petitioner also relied on the provisions of the Personal Data Protection Bill, 2019. Furthermore, the petitioner pointed out that the data collected on the app is shared with various government departments and Public Health Institutions of the Government by the NIC, and such transfer violates the right of privacy of the users as the consent of the user is not taken before making such transfer.
Contrasting to this, the counsel for the respondents submitted to the court that the use of the Aarogya Setu app is not mandatory and no services are denied to any citizen on the ground of non-installation of the app. Further, the counsel for the respondents submitted that all the personal information on the app is securely encrypted and stored on the server and the same is also mentioned in the 11th May 2020 order of the Chairperson of Empowered Group on Technology and Data Management. The Aarogya Setu app tracks the infected COVID-19 persons and it is an important tool in curbing the spread of the novel coronavirus.
Observations Made By the Court
In the present case, the Karnataka High Court has considered only the interim prayer of the petitioner and the final disposition of the petition is still pending. Vide this interim order, the High Court has made it clear that no citizens can be denied the benefits of any government services or the services offered by the instrumentality of the government on the ground of non-installation of the app. Further, the Airport Authority of India and Bangalore Metro Rail Corporation Limited (hereinafter referred to as “BMRCL”) have not issued any such orders as a precondition to travel.
The question before this court was “whether the transfer of the personal data of the users collected on the app without seeking the consent of the users is violative of the right to privacy under Article 21 of the Constitution of India”? To answer this question, the reliance was placed by the High Court on the judgment passed by the Apex Court in the case of Justice K.S. Puttaswamy vs Union of India wherein the court has held that Privacy is the constitutional core of human dignity and it emerges from the guarantee of life and personal liberty in Article 21 of the Constitution of India.
In the case of Puttaswamy, the Apex Court has also discussed in detail the issue of informational privacy. The court observed that ours is the age of information. Data such as medical information would be a category to which a reasonable expectation of privacy attaches. Nine principles of privacy for the protection of privacy were laid down by the Apex Court in this case. The two principles which are relevant for deciding the question at hand are produced as follows:
Notice: A data controller shall give simple-to-understand notice of its information practices to all individuals in the clear and concise language before personal information is collected.
Choice and consent: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices.”
The High Court referred to the terms and conditions of the Aarogya Setu app and observed that a person who downloads the app is put to notice about the terms of the service and Privacy Policy. The user is put to notice that the data of the user stored in the app will be used for specific purposes, the transfer of the data to the server, retention of the data, etc., as set out in the privacy policy. Thus, the High Court held that the informed consent of the user is taken at the time of installation of the app.
Lastly, the High Court referred to the Aarogya Setu Data Access & Knowledge Sharing Protocol, 2020 issued by the order dated 11th May 2020 of Chairperson, Empowered Group on Technology and Data Management. The court referred to the above-mentioned protocols to find out the prospective use of the personal data of the app users by the government. As per Clause 6 of the protocol, the personal data of the users can be shared by NIC with the State Government, Public Health Institution, etc. Further, Clause 8 of the protocol permits NIC to share the response data with third parties for research purposes. However, there is no mention of such sharing and transfer in the Privacy Policy of the Aarogya Setu app.
The High court observed that the collection of data and sharing of response data as per various clauses of the protocol is not done with the informed consent of the user. Thus, such sharing of response data of the citizen by NIC without their consent is in violation of the right of privacy under Article 21 of the Constitution of India. To reach this conclusion, the High Court takes note of the fact that the users of the Aarogya Setu app were not informed about the above-mentioned protocol issued by the Chairperson of the Empowered Group, and the protocol was not made a part of the Privacy Policy available on the Aarogya Setu app.
Disposing of the application for interim relief, the High Court restrained the Government of India, National Informatics Centre, and the Respondents no. 7 and 8 from sharing the response data collected by applying the provisions of the protocol unless the informed consent of the users of the app is taken.
Author: Pratiksha Rawat, a Final Year student of Amity Law School (Delhi ), an intern at Khurana & Khurana, Advocated and IP Attorneys. In case of any queries please contact/write back to us at aishani@khuranaandkhurana.com.