By Nidhi Jitendra Patel


The catastropic impact of the COVID-19 pandemic encouraged the government to promote digital technology for public healthcare in India. Subsequently, the Government has launched the Aarogya Setu App as a digital medical aid. Indeed, the digital healthcare proves to be beneficial but at the same time it raises certain issues related to privacy and confidentiality. This article discuss interface amid Aarogya Setu App and right to privacy. The Government may invoke public health as an exception under ‘right to privacy’ prescribed under Article 21 of the Constitution. To handle controversies associated with the App, there is an urgency for robust data protection mechanism.


On April 2, 2020, the Ministry of Electronics and Information Technology (MEIT) has launched Arogya Setu (hereinafter referred as ‘App’), contact tracing application. It is a useful technological solution developed to facilitate contact tracing of persons infected with COVID-19, inform persons at risk of precautions to be taken and allow health departments to take effective actions to mitigate the spread of the pandemic and enhance their preparedness.[1] This app uses cutting edge technology that comprises of Bluetooth, GPS and Artificial Intelligence. It has entered into top five most downloaded apps from play store or ios.


In the 21st Century, a government that cannot protect its citizen’s right to privacy cannot credibly maintain a democratic regime of equal treatment under the law”.[2] From the very inception, the right to privacy is not encapsulated in the Constitution of India as a fundamental right. The question arises for determination is whether right to privacy is considered as a fundamental right under Part III of the Constitution.

In Kharak Singh v. State of Uttar Pradesh,[3] Justice Subba Rao in his minority opinion upheld that the right to privacy will come under the expression ‘personal liberty’ under Art 21 and in Govind v. State of Madhya Pradesh, [4] the SC has recognized a limited fundamental right to privacy ‘as an emanation’ from Articles 19(1) (a), (d) and 21. The right to privacy is not an absolute right, so the reasonable restrictions can be placed on it under Article 19(5) for public interest. Justice Mathew in the Govind case observed that “assuming that the fundamental rights are explicitly guaranteed to a citizen have penumbral zones and that the right to privacy is itself a fundamental right, that fundamental right must be subject to restriction on the basis of compelling public interest”.

In K. S. Puttaswamy v. UOI (Aadhar Verdict),[5] nine judge bench of SC has delivered a landmark judgement and held that the right to privacy is an intrinsic part of right to life and personal liberty under Article 21. Justice Chandrachud in this case opined “Privacy postulates the reservation of a private space for the individual, described as the right to be let alone. The notion of privacy enables the individual to assert and control the human element which is inseparable from the personality of the Individual. The inviolable nature of the human personality is manifested in the ability to make decisions on matters intimate to human life. The autonomy of the individual is associated over matters which can be kept private”. This judgement further laid down that the right to privacy cannot prevail where there is threat to health for which data collection may be necessary by proportionate interferences into an individual’s life.


The government has put forth the arguments that there is no infringement of right to privacy on using this App. Firstly, prior to release of this app in public domain, rigorous security testing has been conducted to measure security, usability and performance across all the devices. The IIT Madras and tech-savvy audit firms have tested this app and it has passed all stages without any technical glitches. The government has assured this App is secure and there is no breach of user’s privacy.

Secondly, in case of Mr X v. Hospital Z,[6] the Supreme Court espoused the view that the right to privacy can be curtailed when rights of the society at large needs to be protected. Further in Govind v. State of Madhya Pradesh,[7] the Superme Court has observed that the right to privacy can be deprived of when there is a significant countervailing interest such as health of public at large. Then, there arises a question of proportionality between the app and COVID-19 pandemic. Further to support this argument, the Puttaswamy judgment has laid down the ‘test of proportionality’. The privacy of an individual can be compromised to an extent if it is for larger public good or interest. Hence, infringing of an individual right for greater public good can be allowed.

Thirdly, in case of Ananga Kumar Otta v. UOI & Ors[8], the Odisha High Court has referred to Puttaswamy verdict which laid down triple or three prong test. The disclosure of private information about an individual must pass triple test then only it would be justifiable in law. The test comprises of three elements as- (i) the action is sanctioned by law, (ii) the action is intended at achieving a legitimate aim and (iii) the action is necessary and proportionate for the achievement of that aim. The digital healthcare measure undertaken by the government in form of this app has fulfilled the triple test.

Lastly, the Indian government asserted that the countries like Austraila and Singapore was successful in implementing the contact tracing application to reduce the number of COVID-19 cases.

Nevertheless, the critics argues that this app infringes the right to privacy. Firstly, this App violates the right to privacy as laid down in the case of K.S.Puttaswany by Supreme Court and the Information Technology Act, 2000 (‘IT Act’).

Secondly, neither the Central Government has stated how it will make use of data nor specify how long the Central Government will retain that data. According to clause 1(d) of the Privacy Policy of the Application,[9] this App gathers locational information in fifteen minute intervals and the places visted by user. The Policy states that the information of those who are not tested positive of COVID-19 will be removed from the server within 45 days and information of those person who are tested positive will be purged from the system within 60 days. There are probabilities for hacking into the system or leaking of vital information about COVID patients. The personal and sensitive data uploaded in the App is a valuable commodity in the market which can fetch millions of dollars on selling it. If there is any leak of data, then the individuals whose information became public may face a number of potential harms. They can also experience social or psychological harm due to revelation of personal health information to strangers. It is a fundamental and constitutional obligation vested on the state to protect the privacy of its citizens and to maintain confidentiality of their personal medical data.

Thirdly, smartphone users in India are less in comparsion to Australia and Singapore. So, all citizens of India are not able to register themselves in this App. Lastly, the government cannot pass the notification mandating all government as well as private sector employees and inhabitants of containment zones to download this App. Hence, it leads to violation of fundamental rights under Article 14 and 19(1)(a) of the Constitution.


It can be concluded that this app does not violate the right to privacy per se but the way information is gathered and stored under this app can be used in unlawful manner that violates right to privacy. The right to privacy is a fundamental right and it is an obligation of State to protect personal data of an individual. This right is at nascent stage and it will continue to develop in the future. There is no definite hierarchy for fundamental rights enshrined under Part III of the Constitution, thus the decision of the court depends on the facts of a case and the judicial interpretation done by the judges of apex court. The Supreme Court in Puttaswamy judgement posited that “the state is obliged to put a robust personal data protection mechanism in place in this digital age”.


[1] Ministry of communication and Informational Technology, Notification No. 2(10)/2020-CLeS. [2] Eben Moglen and Mishi Choudhary, “Aadhaar and the right to privacy” (The Hindu, 20 October 2015) <> accessed 29 August, 2020. [3] Kharak Singh v. State of Uttar Pradesh AIR 1963 SC 1295. [4] Govind v. State of Madhya Pradesh AIR 1975 SC 1378. [5] K. S. Puttaswamy v. UOI (2017) 10 SCC 1. [6] Mr. X v. Hospital Z, (1998) 8 SCC 296. [7] Govind v. State of Madhya Pradesh AIR 1975 SC 1378. [8] Ananga Kumar Otta v. UOI & Ors, Writ Petition No. 12430 of 2020. [9] Aarogya Setu Privacy Policy, <> accessed 30 August 2020.

Recent Posts

See All

Article of the Day.

Abstract In Indian Legal System Insanity Defense is a tool in criminal law to save an alleged from the accountability of a crime. It is based on the assumption that at the time of the crime, the perso

Media - The Shaking Pillar of Democracy

By Khyati Relan Abstract Serving democracy and nourishing the common good is, for the media, something that requires not only attacking corrupt secrecies in a society, but also defending non-corrupt c