The Kerala High Court will next hear the case challenging Aarogya Setu being made mandatory for all employees in the country on May 12. The court directed the Additional Solicitor General for Kerala (who was representing the Indian government) to seek instructions from the Centre within four days. Justice Shaji P. Chaly raised the concern that people who do not download the app may be prosecuted, but while dictating the order he did not stay the Ministry of Home Affairs’ May 1 order that made the app mandatory for all employees in the country.

The division bench of Justices Shaji P. Chaly and M.R. Anitha was hearing a public interest litigation filed by John Daniel, the General Secretary of the Thrissur District Congress Committee, over Zoom. The petition was filed on May 7 in the court, and Daniel was represented by advocates Anupama Subramanian, K.R. Sripathi and Sriram Parakkat. The Indian government was represented by advocate Jaishankar V. Nair on behalf of the Additional Solicitor General’s office. The hearing was truncated due to technical issues, because of which Justice Chaly asked the central government counsel to take instruction on the matter.

Subramanian pointed out that right now employers would be charged if an employee does not download the app. “That is a different matter to be considered ultimately when the matter is heard,” Justice Chaly said. “It’s only 4 days time. Let them take instructions so that we will have a clear picture over it.” Refuting Subramanian’s argument of prosecution in the interim period until May 12, Justice Chaly said, “They [central government] have got other duties too. They will not indulge in these activities.”

Daniel’s petition seeks to get the related clause in the MHA order struck down as “unconstitutional”, and to make downloading of Aarogya Setu voluntary. He also wants the court to pass an order to not impose penal action on non-usage of the app.

Arguments by the petitioner

  • Lack of informed consent: Daniel’s petition argues that when the app is made mandatory, the question of consent does not arise. “Moreover, if a particular citizens disapproves the use of the same, it could be said that the information was forcibly and coercively taken from him without his consent and by inflicting fear of penal consequences [sic],” says the petition.
  • Violation of Puttaswamy judgement: The Puttaswamy judgement said that even in case of an epidemic or public health crisis, “there is an onus on the state to use people’s health information in a manner which preserves their ‘anonymity’,” Daniel’s petition reads. The exchange of personally identifiable information at the time of Bluetooth contact tracing “adds to the vulnerability” of the app, and “to the number points of attack for malicious actors”, as per the petition. However, readers should note that at the time of Bluetooth contact tracing, no PII is sent to another user’s device; the anonymised device ID, location coordinated, duration of interaction, etc. are exchanged.
  • Lack of transparency and fears of overreach: Not specifying which ministry or department of officials will have access to the data, “adds to concerns of overreach”. Also, “stakeholders should be apprised of the systems being deployed to ward off information security and information warfare risks as well”, as per the petition.
  • Too much government discretion in data retention: Although there is a provision to delete “certain personal data” from the app after a 30-day time period, “this claim comes with enough exceptions which facilitate government discretion,” the petition argues. There is also no way to check if the information is actually deleted or of “transparently auditing what the app is doing in the backend”.
  • Lack of involvement of Ministry of Health and Family Welfare: There is “no formal notification in the public domain which acknowledges the constitution of [this] committee” that built the app, the petition argues. Raising concerns about absence of healthcare officials, the petition states that this “raises suspicions about the actual usage and application” of the app. It also decries function creep that the app is indulging in.
  • Lack of government accountability: The Terms of Use of the app exempt the government from any accountability, including in errors “in accurately identifying people who have tested positive for COVID-19”.
  • Attack on informational autonomy: By making the app mandatory, users are “forced to give away data to a system which [s/]he may or may not approve of, thereby attacking his[/her] right of informational autonomy”, the petition states.
  • Arbitrary application: The directives automatically exempt people without smartphones, rendering the directive “mandatory”. “It is unjust and unfair to create an automatic exemption category while imposing an order or direction, especially when this automatic exempted category would defeat the purpose of the compulsion imposition of the usage of the application,” the petition argues. Moreover, no penal action can be imposed on someone who doesn’t have the intention to commit a crime.
  • Conflict between directives and guidelines: The MHA order imposes penal action along with the guidelines stipulated, but the annexed National Directives for COVID-19 Management in the same order are “directives or guidelines” for state governments. This is a conflict, as per the petition.

The petition also cites the interim order from the Sprinklr case that directed the Kerala government to inform every citizen, from whom data is taken in future, if such data will be accessed by a third party, and specific consent needs to be sought for the same.

Correction (May 18, 2020 10:42 am): The petition was incorrectly labelled as a writ petition. It is a public interest litigation. Error is regretted.

Correction (May 12, 2020 11:10 am): Jaishankar V. Nair had been incorrectly identified as Suvin R. Menon. Error is regretted. Originally published on May 8, 2020 at 1:52 pm.