Authored By:

Prayanshu Taliyan(Research Intern)


The AarogyaSetu Mobile Application is a coronavirus tracking app where this app will use data provided by users through Bluetooth and warn you if someone is suffering from COVID-19. It also warns if somebody has crossed the path and that person is tested positive. The government of India has come up with this name so-called “AAROGYA SETU” for fighting such an extraordinary situation created by the pandemic is key and yet the mechanism for collecting, processing, storing, disseminating and sharing of such information ought to be flawless, intact and transparent to guarantee appropriate insurance to personal information handed over by an individual to the government or its agencies through theApp. along with national security results and since the idea of such information is profoundly critical, computerized insurance and digital protection of such right of privacy of an individual's data is irreplaceable in this powerful advanced world.

Exposure notification and contact tracing have emerged as a potent tool in managing the Covid-19 pandemic. While the idea of contact tracing is as old as the first organized responses to pandemics itself, the use of the latest technology allows this exercise to be conducted on a large scale.

Contact tracing enables speedier medical and administrative interventions, which can be formulated, planned, and implemented in a better manner because of the availability of valuable information related to the pandemic. For example, the AarogyaSetu application enabled the advance detection of 130 potential hotspots at the sub-post office level, which were all later declared as hotspots by the Health Ministry (Aarogya Setu’s Data Access and Knowledge Sharing Protocol, 2020).


A clause limiting the government’s liability to user data for its AarogyaSetu contact tracing app has made some legal experts’ question whether, in case of access to the information, “a legal recourse would be the sole choice available”, particularly since the app has been created necessary for a major section of voters. According to the app’s terms and conditions, the user "agrees and acknowledges that the Government of India will not be liable for any unauthorized access” Although the liability clause is standard practice to indemnify companies or institutions, experts have expressed concern since the government has required all employees of private companies to compulsorily download the app once they start working from offices when the ongoing nationwide lockdown is lifted(Legal experts point out liability concerns with the Aarogya Setu App Read more at, 2020).

Even though Data Privacy is 'one of the most significant worries for any nation, it is similarly, significant in such circumstance of Pandemic to have a legitimate database of the considerable number of people infected with Covid-19 and in light of it, Government of India on second April 2020 dispatches AarogyaSetu Application with contact tracing technology created by the National Informatics Center (NIC) under the Ministry of Electronics and InformationTechnology. It was expressed by the authorities of the service that the App. will be in working till the circumstance of pandemic and is intended to keep the reliable track on the numbers ofCovid-19 positive cases close to the application client and for this App. requires the assent of the portable client to utilize the cell phone's Bluetooth and GPS abilities. The App. is accessible in11 dialects and accommodates self-evaluation study and emergency number if there should arise an occurrence of criticalness. The App. additionally give data to the affirmed COVID-19 testing research laboratories nearby the geographical location of the portable client. The created as an instrument for the assurance against the transmission of the infection and cautioning the portable clients in case of any contact tested positive of Covid-19 and yet it is similarly, essential to consider that the information required by this App. is profoundly personal and sensitive and any sort of carelessness or negligence in dealing with such information would damage the security of a person and his right to privacy.


Numerous Technical specialists and Ethical programmers likewise show concern with respect to the privacy protection insurance utilized by the application for securing and making sure about the information of an individual and as indicated by them there is no such clearness in regards to how the information of an individual application client is secured. Since there is no particular legislative enactment sanctioning with respect to the information assurance in India till now, it is hard to decide the degree of online security which ought to be least and which the state is under the commitment to keep up. Also the Privacy Policy of theAarogyaSetu App. is in itself do not provide for the working of the application and measures and technology used for the privacy protection of an individual’s data.

Aside from the information security and data privacy worries in AarogyaSetu App., The Government of India is convincing and forcing order on the utilization of the AarogyaSetu App. by the general population and public & private employees vide the issue of lockdown guidelines gave by the Ministry of Home Affairs dated May 1 2020, which is disregarding Right to Privacy and Personal self-governance of a person as convincing the workers to reveal their own data by permitting the application to access such delicate data powerfully to the legislature by the vehicle of an application which in itself faces privacy and protection issues puts the privilege to Privacy of a person under the danger and furthermore put the sensitive information of a person at a monstrous hazard.

In a PIL documented under the watchful eye of the Kerala High Court, constitutionality of executive order issued by the Ministry of Home Affairs by name of Lockdown Guidelines Or. No. 40-3/2020-DM-I (A) Clause 15 was challenged with respect to the obligatory inconvenience of the utilization of the AarogyaSetu App. alongside Section 58, Disaster Management Act, 2005 which is a punitive arrangement upon the employers for the non-compliance of direction to use the AarogyaSetu App. by the employees, as such arrangements are arbitrary, subjective, and evasive and in this way infringing upon Article 14, 19, and 21 of the Indian Constitution.

Section 58, Disaster Management Act, 2005 forces the commitment on the employers to get their employees to comply with the directions given by the administration and such commitment will be cumbersome, troublesome and in particular a preposterous limitation on the employer upon the freedom to carry out free trade, business and occupation under Article 19(1) (g) of the Indian Constitution.

Obligatory download and utilization of the AarogyaSetu App. because criminal arraignment isn't viewed as a reasonable restriction forced by the state as a condition of enjoying the fundamental right by the individuals' and subsequently such restrictions, limitations, and conditions should be announced to be void and unconstitutional.

Along these lines, there is a need to orchestrate the fundamental rights ensured by the Constitution with the uncommon and extraordinary circumstance that such pandemic has made and in this way, the state isn't permitted either straightforwardly or in a roundabout way to handle the circumstance at the expense of these fundamental rights. Fundamental Rights are the most essential rights and are superior to all the arrangements of the law and henceforth not permitted to be controlled and manipulated to the hands of remarkable conditions.

Now, as per Section 195 of Criminal Procedure Code, 1972 which lays down a special procedure scheme relating to taking cognizance by courts in relation to certain offences, punishable under Section 171 to Section 188 IPC, except on a written complaint of a public servant. It means no private complaints are entertained and it also bars a court from taking cognizance of this offence on the basis of the final report. This procedural twist in the enforcement of Section 188 IPC has been flouted, or misconstrued, by police authorities, prosecuting agencies, or state authorities. The court proceeds with cognizance of the offences, on final reports by a public servant, which is a comprehensive mockery of the judicial process. Further, upon a conjoint reading of Section 144 (1) CrPC, orders cannot enforce positive obligations on persons to do certain acts, such as download or install an app, on their smartphones, but can only direct them to abstain from a certain act(The Use of Aarogya Setu App: Perplexing privacy rights?, 2020).

The compulsory download of the AarogyaSetu App. by people in public and private workers and convincing the employees to utilize the App. by the employers as a condition to do their business or occupation put undue weight on them and at last a preposterous restriction and limitation in their freedom to unreservedly do any trade, business, or occupation. Such Mandatory inconvenience to utilize the Application would likewise not fulfils the test of reasonability laid down by Article 14, 19 and 21 of the Indian Constitution and in this way, such executive orders ought to require to be proclaimed self-assertive, and arbitrary which isn't just, appropriate and reasonable and even don't back with the legislative enactment.

A historic turn was taken in this right’s history, associated with the case of K.S Puttaswamy v. Union of India [2017 (10) SCC 1] in which, judgement was passed by the apex court that right to privacy is a fundamental right and will not lose its significance/status amongst the Golden Trinity of Article 14 (Right to Equality), Article 19 (Right to Freedom) and Article 21 (Right to Life and Personal Liberty) (Right to privacy v. Aarogya Setu app, 2020).


In light of PIL recorded in Kerala High Court on obligatory downloading of AarogyaSetu App. on May 7, 2020, Ministry of Electronics and Information Technology has released "AarogyaSetu data access and knowledge sharing protocol" on May 11, 2020, which contain standards for the collection, processing, and sharing of personal information of people separated from those conditions previously provided on the terms and conditions and privacy policy of the Application. The Protocol laid down the following Principles:

a.) According to the protocol, each App. the client has doled out a unique randomized anonymous device ID. All interchanges between two devices and between the device and the server were finished utilizing the ID. No personal detail was utilized or imparted to anybody.

b.) The data gathered by the App. was joined with self-evaluation information to recognize the areas that were probably going to transform into a hotspot. The subtleties were imparted to district and State authorities for ideal preventive advances.

c.) The encrypted data of all the users, put away in their gadgets, get erased consequently in 30 days. Information of the users who experience tests is saved for 45 days and for the individuals who have tried positive, it is put away in the server until 60 days from the day they are restored. The contact, area, and self-evaluation information, gathered by the National Informatics Center (NIC), won't be held past the period necessary to fulfil the reason for which it is acquired. The period, except if a particular suggestion with this impact is made, won't conventionally stretch out past 180 days from the date on which it is gathered, after which it will be for all time erased, but the demographic information of an individual might be held by the NIC for whatever length of time that the Protocol stays in power or if the individual demands that it be erased, for a limit of 30 days from such solicitation, whichever is prior.

d.) Infringement may prompt punishments, according to Section 51 to 60 of the Disaster Management Act, 2005, which records punishments extending from prison terms of one or two years and a fine that has not been indicated and other legal provisions.

However, in new guidelines gave on May 17, the MHA has concentrated on the upside of 'AarogyaSetu' application saying it is a useful asset worked by Government of India to encourage identification of people tainted by COVID-19, or in danger of being infected, subsequently going about as a shield for people and the network. Accordingly, the rules stressed upon providing security in workplaces and workplaces, businesses on best efforts premise ought to guarantee that the application is introduced by all employees having compatible cell phones.

Further, it is expressed that the district authorities to "encourage people to introduce the 'AarogyaSetu' application on compatible cell phones and consistently update their wellbeing status on the application". This will, as indicated by the rules, encourage the opportune arrangement of clinical regard for those people who are in danger.

These new guidelines pointedly negate MHA's prior rules as additionally, national orders gave on May 1, which had expressed that the utilization of 'AarogyaSetu' application will be obligatory for all employees, both private and public.

The protocols also reiterate that contact and location data have to remain on users’ phones unless they are required for the “purpose of formulating or implementing appropriate health responses". This part could be in contention with the app’s own privacy policy, which states that data like name, phone number, age, etc. are uploaded to the app’s server when a user signs up for it(Aarogya Setu’s data can be shared with myriad government units, say new protocol, 2020).


Since there is an absence of a legal framework and specific legislative enactment with respect to data privacy and protection, no individual will have liability in the event of information spill as there is no central authority managing and overseeing such information. With no data protection legislation in India till now, there is a need to guarantee that the legislature, at any rate, passes some rules and if not a law, which works in consonance with the standards set down in the Puttaswamy judgment as well as those expressed by Sri Krishna Committee Report on Data Protection Any legislative instrument ought to have a sunset clause, giving an imminent timespan for to what extent the information gained will be put on the administration cloud servers and of its resulting cancellation.

The issue isn't safety versus privacy protection, it's around one may have both safety and privacy as both are noteworthy but sometimes public health, safety, and well-being abrogates different concerns.

Support us

In order to keep our content open accessed and free, we need your support. Please donate any amount up to 500 INR if possible.



Amazing Information. Clear Stats.




Applications for our Internships

every month

Books Published so far

Members so far

© Internationalism™ - AbhiGlobal Legal Research & Media LLP, 2020.


[Registered under the Limited Liability Partnership Act, 2008 | LLP Identification No. AAQ-1629. Please refer to for more details.]