This post is written by Kavya Agrawal a student of Gujrat National Law University, Gandhinagar.
The outbreak of the covid-19 pandemic has had a huge impact on the world economy, tourism, the hospitality sector and the businesses. Over 13-14 lakh people all over the globe have been tested for this contagious community spreading virus. The origin of this virus was found to be in Wuhan, a city in China and Italy was hit hard by this. So, in companies, the employees were required to give a travel history of their past 6 months so as to check if there was any possibility if the particular person might have contracted the virus. There was continuous surveillance and monitoring of the people by the Government of India on the citizens through various apps which asks the users about their names, addresses and health updates to analyse if they are showing symptoms or not. However, this data might contain some personal information which the user doesn’t want to share with the central government. However, we need to draw a line between the personal data and the interest of the public at large. In this case, although some details of the user are being shared with the government but such data is necessary for detecting cases in a particular area and then taking the appropriate measures as to curtail the spread of the virus in the community. Such information would be asked to the users in conformity with the data protection laws in India.
In accordance with the Information Technology Act 2000 and Information Technology Rules 2011, the information extracted from the users can be categorized into two types namely, sensitive personal data which contains information related to physical and mental health of a person and personal information, like the body temperature and other medical records which comprises of the users identity which can help identifying the person such as the travel history of the person and his family. The SPDI may be collected only when it is necessary and has to be used for a specific purpose such as a national emergency. However, it is important for the user to know that the information would be passed on to a third person and that the government would delete all the information collected once the purpose for which it was required is fulfilled. The right to privacy under article 21 of the 1948 Universal Declaration of Human Rights is an innate right and is now also recognized as a freedom under part3 of the constitution. According to this right, no one is subject to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. The right to privacy also encompasses informational privacy. Informational privacy is the collection, dissemination and protection of data collected by an organisation from several people. In the landmark case of KS Puttaswamy v. Union of India (2017), the supreme court held that right to privacy is protected as a fundamental constitutional right under Articles 14, 19 and 21 of the Constitution of India. The court also held that this right is not absolute, however the restrictions imposed should be within the legal framework of India.
In India, the government launched the aarogya setu app when cases in India started rising at an unreasonably fast pace. This app uses the GPS of the users so as to detect their location and asks them about their health updates so as to check if there is possibility of coronavirus in a particular locality. The app has an agreement with the user that all of the personal information of the user would be shared with the government but would be deleted once the cases become zero. The legal framework of India in terms of data protection is not well developed.
However in foreign jurisdictions, there is a much structured and comprehensive law about the data protection. So, in countries like Singapore, China, UK etc., there are such loctaiom tracing apps too but there is a guarantee by the app that their personal details would remain anonymous and that the users would have full control over their personal information. In UK, the law states that the government can process the personal information of users only if there is a national emergency in the country. The government of U.S. works with brands like Apple and Google, so as to develop location tracing tools within their devices.
In the corporate sector, the employers are taking all the measures they can to curb the spreading of covid-19. All information related to the health of the employees as well as their family is being collected but they need to establish a specific process in which they would ask about the employees all this information. During this lockdown, almost all employees are working from home and so data protection of their work is a matter which is very essential. In the end, I would like to conclude by saying that in order to minimize the risk of covid-19, the health authorities and the government are taking the best steps they can by the use of such apps but at the same time the government needs to make sure that the personal information of the users should be in conformity with their privacy. They should use the information in such a way that the fundamental right of the people i.e. right to privacy is not infringed in any way.