wordpress blog stats
Connect with us

Hi, what are you looking for?

‘MEITY’s Data Access Protocol is not a legislative backing for Aarogya Setu’: Petitioner in Kerala HC

Aarogya Setu, Constitutional Law
Credit: Aditi Agrawal

You’re reading it here first: “[The] Protocol is not a statute, and nor does it offer any legislative foundation for the Aarogya Setu Mobile Application, and therefore the primary issue of Aarogya Setu lacking legal basis, as raised in the captioned writ petition, is still alive and unaddressed,” Jackson Mathew has said in his affidavit filed in the Kerala High Court today. The affidavit argues that the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, issued by the Ministry of Electronics and Information Technology, is not a “statutory authorisation” that can be used to infringe upon fundamental rights granted under the Constitution. The affidavit has also cited Justice B.N. Srikrishna’s comments, as per which, the Protocol was “akin to an inter-departmental circular” that “was not adequate to protect privacy”. Justice Srikrishna also said that the government’s push to mandate Aarogya Setu is “utterly illegal”, as quoted in this Indian Express article.

Mathew had filed a writ petition in Kerala High Court challenging the Ministry of Home Affairs directive that holds employers liable for ensuring that all their employees download Aarogya Setu on the grounds that it fails the tests laid down in the Puttaswamy judgement on right to privacy.

Empowered Groups do not have the power to legislate: As per the affidavit, the 11 Empowered Groups created to contain the pandemic — of which Empowered Group 9 on Technology and Data Management developed this Protocol — do not have the power “to formulate laws or even binding guidelines”.

The Protocol also suffers from “excessive delegation”, as per the affidavit, since “a core legislative function (of formulating binding laws and regulations)” is delegated to a committee set up by the government. The Protocol, the affidavit says, has not been signed by a member of the Central Government authorised/empowered to do so under the Disaster Management Act, 2005, but by Ajay Prakash Sawhney, MEITY Secretary and chairperson of Empowered Group 9.

The lack of public information about the constitution of Empowered Group 9 and how it sought external inputs for drafting the Protocol is an issue, as per the affidavit. There is also no public information if the Empowered Group 9 is “responsible for the creation and execution” of Aarogya Setu, “much like the Unique Identification Authority of India (UIDAI) for the Aadhaar number”.

Advertisement. Scroll to continue reading.

Privacy problems with the Protocol itself: The Protocol, as per the affidavit, stresses on the need for “efficient data collection and sharing” instead of “ensuring that the most privacy-respecting practices are adopted in this regard”. It does not answer why existing data, such as from the Indian Council of Medical Research and the Integrated Disease Surveillance Programme, are inadequate, and collects data for purposes “beyond the immediate issue of identifying persons affected/at risk of being infected with Covid-19”. It also does not state how it will interact with its Terms of Use and Privacy Policy, and “how to resolve any conflict between the provisions”. Most of the concerns that are highlighted in the affidavit — such as conflict between the Protocol and Privacy Policy in terms of data deletion, lack of clarity around the data deletion process, broad and vague terms such as “appropriate health responses” lack of obligation to open source the code, lack of liability for breaches after expiry of the Protocol, lack of details about security standards, insufficiency of the Sunset Clause, etc. — had been outlined by MediaNama earlier.

Nature of consent given is under question since unlike the app — which is available in 11 languages, including Malayalam —, the Privacy Policy, Terms of Use and the Protocol are not available in 11 languages.

Read: All you need to know about MEITY’s Data Access and Sharing Protocol for Aarogya Setu

Matter not listed for today

In the last hearing on May 12, Mathew’s advocate, Santhosh Mathew had pled for an interim order that stayed any prosecution of employers for failures on part of an employee to download the contact-tracing app. Justice Gopinath Puzhankhara had not stayed the order, but had instructed the counsel for the Ministry of Electronics and Information Technology (MEITY) to get instructions from the Home Ministry and MEITY on how the government proposed to practically implement this requirement, and the matter was to be heard today. However, it has not been listed for today.

Since the Ministry of Home Affairs issued revised guidelines yesterday as per which Aarogya Setu is no longer mandatory and employers “on best effort basis should ensure” that the app is installed by all employees with “compatible mobile phones”, it appears that the two immediate concerns in the petition have been addressed. And as S. Mathew argued in court last week, that the legality of the move in the absence of legislative anchoring — which is a concern that the writ petition brings up — “is a larger issue which can be considered later”.

Mathew’s is not the only petition in Kerala High Court against the mandatory nature of Aarogya Setu. There are two other PILs that were supposed to be heard today, but neither of them is listed. Both made similar pleas.

Advertisement. Scroll to continue reading.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ