wordpress blog stats
Connect with us

Hi, what are you looking for?

A Legal Framework for Digital Surveillance in the COVID-19 Pandemic – by Shashank Mohan and Divij Joshi

Contact Tracing

By Shashank Mohan and Divij Joshi

Governments around the world have struggled to contain and manage the COVID-19 pandemic, even as they significantly reorient technology and governance resources to respond to the outbreak of the disease. Alongside methods such as imposition of large-scale lockdowns, governments have rapidly repurposed digital technologies for surveillance to contain and respond to the COVID-19 pandemic. These technologies have primarily been utilised for three interconnected purposes — Digital Contact Tracing, Exposure Notifications, and as Digital Health Codes or Immunity Passports.

Aarogya Setu is one such digital surveillance technology, deployed by the Government of India for the purpose of digital contact tracing, which has been installed by upwards of 100 million people. It collects detailed information about individual location, movement and associations, correlated with their health information. Aarogya Setu has been a mainstay of the Government of India (as well as many state and local governments’) response to containing and responding to the COVID-19 pandemic, since April, 2020, raising distinct concerns of inefficacy, exclusion, non-transparency, and risks to fundamental rights and civil liberties.

Many of these concerns arise from the lack of democratic control or oversight over the development and deployment of Aarogya Setu. The Government has failed to communicate or test the reliability, efficacy or utility of Aarogya Setu. The procurement of the technology, and the use and sharing of personal information has been notably opaque. The centrality of digital technologies as a public health response disregards concerns about lack of smartphone and internet access faced by a majority of the population. This is compounded by conditions and sanctions imposed on persons who do not have access to the technology, by governments as well as by private persons, such as being barred from using forms of public transport.

Policy Brief and draft legislation

Our policy brief and draft legislation on Aarogya Setu and digital health surveillance technologies in India can be accessed here.

Our analysis indicates deficiencies in the present framework for governance of Aarogya Setu. In our policy brief on Aarogya Setu and digital health surveillance technologies in India, we have focussed on issues of legal and constitutional concern in the manner of deployment of digital surveillance technologies in India during the COVID-19 pandemic, focussing particularly on Aarogya Setu. We have highlighted four specific areas of concern:

  1. Legality and Proportionality
  2. Data Protection
  3. Equity and Discrimination
  4. Transparency and Accountability

Our analysis indicates that the use of Aarogya Setu lacks a clear legal basis, does not meet standards of proportionality and necessity, and is plagued with issues of non-transparency and unaccountability. The lack of a clear regulatory and governance framework impedes the public health measures it is intended to assist in, and the lack of safeguards and protections for users of the technology has led to arbitrariness, discrimination, and exclusion, besides concerns about individual privacy and decisional autonomy.

The legal and regulatory framework for Aarogya Setu does not adequately address these concerns. In May, 2020, the Ministry of Electronics and Information Technology, under the ostensible authority of the Disaster Management Act, 2005, released the Aarogya Setu Data Access and Knowledge Sharing Protocol, with the aim of ensuring secure data collection by Aarogya Setu, protection of the individual’s personal data, and the efficient use and sharing of personal or non-personal data for mitigation and redress of the COVID-19 pandemic. Although one of the key aims of the Aarogya Setu Protocol is to ensure secure data collection and protection of user privacy, we believe that it falls short on certain core data protection safeguards.

Firstly, as the Aarogya Setu Protocol is in the form of an executive circular/ notification, it cannot be considered a law, as passed by Parliament. Second, the Protocol does not sufficiently lay down the exact purposes for which user data shall be used, thereby running the risk of ‘function creep’ of the information collected. Lastly, the Protocol does not demonstrate a rational nexus between usage of Aarogya Setu and containment of COVID-19 or illustrate how Aarogya Setu is the least privacy-intrusive option for building mitigation strategies against the spread of the virus, thereby failing on the test of proportionality. We argue that even if usage of Aarogya Setu is purely voluntary, it must be backed by a comprehensive legislation backed by Parliament, considering the relationship between the citizen and the State and the legitimate concerns of citizens and the State towards maintenance of public health.

To address these concerns, we have provided detailed recommendations to bridge the legal and governance concerns identified. To aid the central and state government in implementing an appropriate rights-based regulatory framework for these technologies, we have also drafted the Coronavirus Digital Technologies Bill, which incorporates our recommendations into the structure of a draft legislation. The Draft Bill implements rights based frameworks to address data protection, discrimination and exclusion arising from the use of digital surveillance technologies in the pandemic, and provides for an independent oversight and regulatory mechanism for accountability and transparency of when, how, and to what extent digital surveillance should be utilised in the context of the COVID-19 pandemic.

Accountability and transparency are integral to the appropriate and democratic use of technologies in responding to the COVID-19 pandemic. These technologies must exist within both technical and legal frameworks and institutions which can ensure their effectiveness and can encourage their trustworthy use among the population. The Government of India must recognise and rectify the harms arising from the irresponsible and undemocratic use of digital surveillance systems like Aarogya Setu, if it hopes to successfully leverage digital technologies to respond to the pandemic.

*

(Views expressed in this document are the authors’ own, and do not reflect the views of any organisation they are affiliated with. Comments are welcome at divij[dot]joshi[at]gmail[dot]com or shashank[dot]mohann[at]gmail[dot]com)

Republished from here, under CC BY SA 4.0

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

News

By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...

News

By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...

News

By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...

News

This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like

News

While these steps by the social media platform could improve the safety of children online, some of the updates will only be rolled out...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ