Former Supreme Court Justice BN Srikrishna described the central government’s push for the use of the Aarogya Setu app as “utterly illegal”, The Indian Express reported on Tuesday. Srikrishna was the chair of the committee that came up with the first draft of the Personal Data Protection Bill.
“Under what law do you mandate it on anyone?” he asked. “So far it is not backed by any law.”
On May 1, the Union Ministry of Home Affairs ordered that downloading the app was mandatory for employees of private and public sector organisations, making the heads of private organisations liable for non-compliance. It also mandated 100% coverage of the Aarogya Setu app within containment zones. The guidelines were sent out by the National Executive Committee, established under the National Disaster Management Act.
- No Covid-19 silver bullet: Aarogya Setu endangers India’s privacy – and its usefulness is uncertain
- Coronavirus: Aarogya Setu app mandatory for passengers travelling on special trains, says Railways
The Aarogya Setu app is meant to alert users if they have come in contact with a Covid-19 patient and what measures they need to take in case that happens. Cybersecurity experts, however, have expressed concerns that it could violate the users’ privacy and become a surveillance tool in the hands of the government.
Srikrishna said the Centre’s guidelines cannot be considered to have the required legal support to make the use of the app mandatory. “These pieces of legislation – both the National Disaster Management Act and Epidemic Diseases Act – are for a specific reason,” he added. “The national executive committee in my view is not a statutory body.”
The Aarogya Setu Data Access and Knowledge Sharing protocol was released on Monday, setting up standards for collection and processing of data collated by the app. This is an order issued by the Empowered Group on Technology and Data Management set up under the NDMA.
Srikrishna termed the protocol a “patchwork”, which will lead to more concerns for the public than benefits, reported Live Law. “It is highly objectionable that such an order is issued at an executive level,” the former judge said during a webinar organised by Daksha Fellowship, a programme for young lawyers. “Such an order has to be backed by parliamentary legislation, which will authorise the government to issue such an order.”
He highlighted that due to the lack of a proper legislation, accountability what would be the main concern in case of a security breach. “If there is a breach of data here, who is answerable? What action has to be taken?” he said. “This should really have been traced ideally to Personal Data Protection Act or through NDMA by an appropriate amendment.”
Srikrishna highlighted the absence of a “sunset clause” to stop the app’s operations. “What starts off with great beneficial ideas, ultimately at the end of some period when the emergency ceases to exist, we will be into a regime which is disastrous for any citizen of a democracy,” he added. The former judge said that if the Parliament was unable to act, an ordinance could be issued that may be replaced after 180 days.
Meanwhile, on Monday night, the Ministry of Railways made it compulsory for passengers travelling in special trains to download the Aarogya Setu mobile application. Those who do have the application may be asked to download it after their arrival.