Introduction
The Central Government created an application which is capable of tracking persons infected by the corona-virus in the vicinity of the user. And consequently advised every citizen of the country to use this application as a safety precaution. The general public welcomed this application with open arms and it is now a mode of active tracking for each user.
However, this application requires a lot more study and analysis. The methods through which we collect data, store data, the scope of its accessibility, and the concerns of privacy violations emerge with the growing use of this centralized application . Some experts have also drawn an analogy between the data collection policy of Aadhar Card the Central Government rolled down earlier and the current functioning of the application.
Legal concerns raised with regards to the privacy policy of the Application
Several legal experts noted that the downloading of the application comes with the clause of limitation of liability. The government has seemingly reduced its liability in case an unauthorized person gets access to the information of the user. Such clauses provide a disclaimer to the users that the company or the developers of the app are not responsible for privacy violation. And this is a very common and approved phenomenon in the country; it is recognizable that the case is different in the context of the present subject matter.
The present application is an effective tracker for a virus. It is now mandatory for certain classes of people in the country. For instance, all the workers of the private sector who resume work once the lockdown lifts. They are expected to download the app and provide their credentials. While the government was quick to make the rules, it substantially fails to protect the interests and information of its users.
This scenario[1] attracts certain legal penalties on the developer of the application . The functioning of the application is in violation of the provisions of the IT Act and the proposed Personal Data Protection Bill. The application service provider falls under the definition of an intermediary. Who, in the eyes of the law, is under the obligation to ensure the security of the collection of data; and is liable for loss of it under the intermediary guidelines.
The national concerns of the privacy policies that the developer of the application adopted were addressed by the government. The government argues that their intention is only to protect and save lives; substantial changes in policy would wile away time. Hence, making it important to embark with the existing technologies via adjustment, in the existing framework of policies. The developers also assert that they ensure the incorporation of the best privacy protection software in the world to protect the data of its users.
Functioning Mechanism of the App
The application requires constant access to the location information in order to track the social and movement graph; it uses the Bluetooth technology to notify and alert people when they come in the vicinity of an infected person. Mainly all the applications requiring contact and location knowledge work on a similar technology; but the cyber law experts have concerns. Their concern arises from the ambiguity and secrecy government maintains on release of information on the privacy policies used. The source code is kept completely confidential and no details are known on the level of encryption or software used; except a mere futile assurance of using standardized policies.
Another important aspect is its incapacity to stay in consonance with the privacy policies of the country. It refuses to tell the users what is happening to the information that is updating continuously on the app. It takes and updates the location of every individual every 15 minutes and provides limited information to the user; where the application only tells them how the information is in the process of uploading to the server. The mechanism and process of data transaction is completely unknown to the cyber experts till now. And this creates an unsettling atmosphere where the concerns regarding the safety of the users remains unattainable.
Through the mechanism of this application, the users face direct monitoring and surveillance throughout the day with access to location and all such important details; it remains unchecked and unsupervised. It can cause safety hazards as the violators may use the information to cause harm to the innocents. Also it is not an overstatement that such a process can further terrorist activities in the country due to the sheer negligence of the Central Government.
Privacy watchdog Internet Freedom Foundation (IFF) also appealed to Prime Minister Narendra Modi to not make the use of the application mandatory as it may have a damaging effect on privacy, autonomy, and dignity of workers. 45 organizations endorsed a joint representation including Amnesty India, Access Now and Red Dot Foundation, and over 100 individuals have already sent to the government highlighting the concerns for privacy violations of the users and reflecting the serious stature of the matter.
Conclusion
The concerns raised by the legal experts and cyber professionals are genuine and grave in nature. Reflecting upon the functioning of the application and the response of the government towards any of the concerns experts raise makes the author believe that it is of utmost importance to review the privacy policy of the application. Further, the idea of making the application mandatory for certain classes proves to be a clear violation of privacy safeguarded under the Indian constitution; resulting in the exercise of arbitrary powers by the government under the pretext of a medical emergency.
References:
[1] https://economictimes.indiatimes.com/tech/software/legal-experts-point-out-liability-concerns-with-the-aarogya-setu-app/articleshow/75561944.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
0 Comments