The government making the use of Aarogya Setu app mandatory is “utterly illegal” as there is no law to support it, former Supreme Court Judge B N Srikrishna said on Monday, according to a report in the Indian Express.
The former judge who headed the committee of experts that made the first draft of the Personal Data Protection Bill, said, “Under what law do you mandate it on anyone? So far it is not backed by any law.”
India is yet to get its data protection law after the Supreme Court made the right to privacy a fundamental right in 2017.
The Home Ministry in its guidelines on May 1 made the Aarogya Setu App mandatory for employees of private and public sector offices. It also asked local authorities to ensure everyone uses the app in containment zones which are areas with high number of coronavirus cases.
The National Executive Committee under the Home Ministry issued the guidelines under the National Disaster Management Act (NDMA), 2005.
Meanwhile, the Noida police then said that not having the Aarogya Setu application would be punishable with imprisonment up to six months or fine up to Rs 1,000, the Indian Express reported.
“The Noida police order is totally unlawful. I am assuming this is still a democratic country and such orders can be challenged in court,” Justice Srikrishna told the newspaper.
He also added that the MHA guidelines could not be considered as having sufficient legal backing to make the use of Aarogya Setu mandatory. “These pieces of legislation — both the National Disaster Management Act and Epidemic Diseases Act — are for a specific reason. The national executive committee in my view is not a statutory body,” he said.
Amid concerns expressed in certain quarters about data privacy of people who use the app, the government on Monday issued a set of protocols for processing of data collected through Aarogya Setu app that bar storage of data for more than six months and specify jail term for violators of certain rules.
It also provides an option to individuals to seek deletion of their data from the record within 30 days of making such a request.
Justice Srikrishna said that the protocol would not be adequate to protect the data as it was similar to an “inter-departmental circular”. He asked, “It is good that they are keeping with the principles of the Personal Data Protection Bill but who will be responsible if there is a breach? It does not say who should be notified.”
Speaking at a webinar organised on Monday by Daksh, an advocacy group, the former judge called the new protocol a “patchwork” that will cause more concern to citizens than it will benefit them.
“It is highly objectionable that such an order is issued at an executive level. Such an order has to be backed by Parliamentary legislation, which will authorise the government to issue such an order,” said Justice Srikrishna.
Meanwhile, the Indian Railways, which had on Monday "advised" the passengers availing the special trains that started operating on Tuesday to install the government's Aarogya Setu mobile application, has now made it "mandatory" to do so.
While the guidelines issued by the railways for the 15 pairs of special trains running between Delhi and major cities of the country did not say installing the mobile app was mandatory, a late night (12:24 am) tweet by the railway ministry made it compulsory.
The Aarogya Setu app has been installed on 9.8 crore smartphones so far and is used by the government for contact-tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.