research paper on aarogya setu app

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Cambridge University Press - PMC COVID-19 Collection

Effective Contact Tracing for COVID-19 Using Mobile Phones: An Ethical Analysis of the Mandatory Use of the Aarogya Setu Application in India

Several digital contact tracing smartphone applications have been developed worldwide in the effort to combat COVID-19 that warn users of potential exposure to infectious patients and generate big data that helps in early identification of hotspots, complementing the manual tracing operations. In most democracies, concerns over a breach in data privacy have resulted in severe opposition toward their mandatory adoption. This paper examines India as a noticeable exception, where the compulsory installation of such a government-backed application, the “Aarogya Setu” has been deemed mandatory in certain situations. We argue that the mandatory app requirement constitutes a legitimate public health intervention during a public health emergency.

To date, no effective vaccine and no licensed medication for protection or cure is yet available against the global pandemic caused by the Coronavirus 2 (COVID-19), a disease with high transmission potential that spreads through respiratory droplet infection. 1 Contact tracing constitutes a key mechanism for breaking the chain of disease transmission by identifying, locating, and assessing contact-people exposed to a COVID-19 positive case. Trained healthcare workers interview the confirmed or suspected patients to identify all their contacts during the likely period of communicability, and quarantining, testing, and isolating them in a continuous loop. Furthermore, effective contact-tracing allows the early detection of hotspots and clusters, and their sanitization and geographical containment. 2

Nevertheless, it is well-established that contact tracing for infectious diseases during pandemics involves several challenges. 3 , 4 Mistrust of contact tracing personnel due to perceived stigmatization in the community may sometimes render it difficult to identify the contact-persons, some of whom may refuse to disclose their identity and addresses. Logistic challenges in identifying the contact-persons in areas like dense-neighborhoods, busy markets, and travel through mass public transport are evident. Contact tracing personnel can also become demotivated and inefficient if they perceive themselves to be at higher risk of contracting the disease, especially if not provided with appropriate personal protective equipment. Furthermore, during the COVID-19 pandemic, instances of health staff facing violent attacks during community surveillance activities have been occasionally reported. 5 Finally, contact tracing in COVID-19 is complicated by the shedding of the virus even before the development of symptoms, and by some who are chronic asymptomatic carriers. 6

There is growing recognition that digital technology can complement contact tracing operations for infectious diseases. 7 , 8 Moreover, these applications also enable a system of participatory disease surveillance wherein the users are expected to self-report specific symptoms to assist public health personnel in analyzing and responding to the emerging health threats. 9 The feasibility of implementing such technology is also driven by the exponential worldwide growth of mobile phone and information technology.

Several automated contact tracing applications have been developed by countries globally in their efforts to combat COVID-19, which can notify the user of any potential exposure to a COVID-19 infected patient. 10 Furthermore, the big data generated on movement patterns and syndromic mapping can catalyze the efforts of public health officials in identifying and predicting the growth of hotspots or clusters of patients through epidemiological modeling and implement effective interventions for preventing or containing the spread of the disease. Digital contact tracing also has the advantage of foolproof recording of the user’s movements since it is possible that some people who test COVID-19 positive may not recall all their known and unknown contacts, especially when travelling through public transport, visiting busy markets, or when participating in large gatherings.

However, these applications differ with regard to their underlying technologies, their modes, and the extent of data collection. 11 Although the degree of efficacy of these contact tracing applications in improving the tracking of COVID-19 cases remains unclear, there is emerging evidence of their utility in identifying hotspots of the disease and sending real-time alerts to users having potential exposure to the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). 12

Nevertheless, despite these advantages, digital proximity or contact tracing applications have been viewed with suspicion by civil liberty groups due to the perceived threat of mass surveillance. 13 According to the American Civil Liberties Union, approaches toward compulsory adoption of such applications are coercive and counterproductive. 14 The voluntary installation of any such application has become almost a fundamental cornerstone for pronouncing judgment on their ethical validity. 15 , 16 Any contact tracing mobile app that requires compulsory installation and collects user-data has been deemed incompatible with civil liberties and human rights, almost axiomatically.

Consequently, in nearly all major democracies, the installation of contact-tracing applications has been left to the discretion of the individual. However, in India, the largest democracy of the world, the installation of such an application (app), the Aarogya Setu (from Sanskrit “the bridge to health”) 17 has been deemed mandatory in certain situations involving certain public interactions like attending government and private offices, visiting malls, and during movement within containment zones. 18 , 19 E-commerce companies delivering products, food delivery aggregators, and some private outpatient health facilities have also made it mandatory for their employees or customers to install the app. 20 However, some provisions like the installation of the app to avail domestic air travel were withdrawn on providing a self-declaration of good health, and the rule for compulsory installation for office employees was relaxed after criticism and legal challenges in courts of law. 21

Previous ethical commentaries on the subject have focused on the ethical implications involved in developing and deploying such applications, but mostly in the context of the developed world. 22 Furthermore, there are no case studies to assess the ethical impact in the event of mandatory deployment of such an application in a developing country threatened by the COVID-19 pandemic. In this commentary, we make the argument that the ethics of mandatory installation of a digital contact tracing app at the time of a pandemic needs to be viewed as a public health intervention at the time of a public health emergency. Furthermore, the ethical justification of such an intervention should be evaluated through an ethical framework similar to those that have warranted overriding individual autonomy in landmark public health interventions enabling health promotion and harm reduction for both the individual and their communities. 23 , 24 , 25 We also argue that the demonstration of trust through an emphasis on transparency, predefined limits to data collection, usage, and data destruction timelines related to a contact tracing app should be adequate for instilling confidence in the reasonable individual even in the absence of voluntariness. Here, we confine ourselves to a case study of the Aarogya Setu application in India and discuss the ethical considerations involved in its mandatory adoption by mobile phone users.

The Aarogya Setu Application: Assessing Privacy and Concerns

The Aarogya Setu App is a government of India backed mobile application which has already become the most downloaded healthcare app in the world. 26 It has features for contact tracing, self-assessment of the user’s present health status, and informs those at-risk through notifications of the appropriate actions to be taken. 27 Furthermore, the data transferred by the app enhance the preparedness of public health departments to mitigate the spread of the pandemic. The app, when installed on any smartphone, interacts through the Bluetooth interface of the device with that of another smartphone in its vicinity (the Bluetooth signal range), whereby encrypted tokens are exchanged.

The app also collects GPS location data of the phone at periodic intervals. The encrypted tokens and the GPS information are stored locally until the user tests positive for COVID-19. 28 Although the positive report can be communicated to the server through self-reporting, it is not dependent on the user’s action since the Aarogya Setu server receives real-time backend data about positive COVID-19 cases from the Indian Council of Medical Research database. When the server receives an alert about a COVID-19 positive case, it queries the corresponding user’s Aarogya Setu application to fetch the locally stored encrypted tokens and GPS information to identify their contacts at potential risk and to the authorized public health personnel involved in contact tracing. However, the identity of the COVID-19 positive user is never revealed to any of their contacts. 29

Questions have been raised on an apparent lack of clarity about the functioning of the app as well as the purported over-collection of user data, since the app collects both Bluetooth and GPS data, as opposed to only Bluetooth data in certain other apps like those based on the Google–Apple framework. 30 Such technical issues can underpin key ethical concerns related to privacy infringement, data misuse, and anonymity, and their assessment is necessary to determine the ethical justifiability of such applications. 31

In the case of the Aarogya Setu app, GPS data collection is necessary for hotspot identification and intimation to the user that they have passed through such an area by examining their travel history. If a user tests positive for COVID-19, the location data is used to map the places the user visited in the last 30 days to identify areas that need more elaborate testing and containment. Under regular use, the location data are stored as de-identified data and are correlated with the identifiable information only where a more detailed contact tracing of a COVID-19 positive user is required. 32

Some people may not feel comfortable with the idea that the government agencies would be able to trace the complete location information of an infected patient over 30 days. Nevertheless, such a view is mostly redundant since, in any case, the very fact of using a mobile phone causes the automatic recording of one’s travel history (albeit with less location accuracy than GPS) via mobile phone towers of the mobile phone service providers. Hypothetically, if the government wanted to go rogue, its agencies could fairly easily get access to this data and correlate that with a user’s phone number to track them.

The storage of the data on a centralized government server has caused some to raise concerns about the security of the stored data, data access, and retention. 33 Although data stored on a centralized government server lie exclusively under the government’s domain, nevertheless, it can offer greater security per se, compared to data stored on a public server, which could be open to various sorts of tampering and attacks. The counter-argument is such data should never be collected or stored without the individual’s consent, but that may not hold during a public health emergency when risk mitigation becomes paramount.

Nevertheless, as far as the data access rule and privacy are concerned, the Government of India has delineated what is stored and in what form, and who has access to it. Besides, the data retention periods are also laid out very explicitly in the Aarogya Setu privacy policy. For instance, server data for all users who have not tested positive for COVID-19 will be purged 45 days after they were uploaded, and the data for those who have tested positive will be removed 60 days after recovery. 34 Although some may have an inherent distrust for government guarantees, 35 the situation here is no different than any third-party (private) app, some of them run by powerful global corporations, where one has to trust the creators to adhere to the written privacy policy. The argument of voluntariness is also perhaps misplaced, since smartphone operating system software and some preinstalled applications by Google and Apple run by default on their supported smartphones, and disabling them would lead to a crippling loss of functionality of the device itself.

The Justification of Public Health Interventions During a Pandemic

A pandemic constitutes a public health emergency where the achievement of public health goals for securing the health of the population faces severe, if not unprecedented, challenges. It is also understood that the “public” in “public health” is considered to represent the collective goals of societal health achievable through the application of government agency, which includes the applicability of the coercive powers of the state. 36 Consequently, any delay in the implementation of a readily available and effective contact tracing app that would cause enormous avoidable health and economic costs may also be considered violating the principle of human rights.

Conflicts between moral considerations invariably arise when searching for ethical justification of public health actions. In this case, the relevant considerations include achieving maximum utility through public participation while balancing the need for respecting individual liberty, privacy, and confidentiality. In such moral conflicts, five justificatory conditions have been proposed by Childress et al. 37 to help determine if public health promotion that overrides certain ethical considerations such as individual liberty is warranted. These conditions include effectiveness, proportionality, necessity, least infringement, and public justification. Similarly, Upshur 38 also recommended four principles to assess when a public health action is justified: harm, least restrictive or coercive means, reciprocity, and transparency. Technology-assisted contact tracing can also be assessed through a similar ethical framework that incorporates these principles and considerations tempered with the immediacy of response required for controlling a pandemic.

Beneficence and Effectiveness

Contact tracing applications are designed to benefit both the user through notifications alerting them of having come in contact with an infected person and the society by enabling early identification of disease clusters and formulation of effective public health measures to prevent further disease transmission. 39 Although the effectiveness of contact tracing applications during pandemics does not yet have a robust body of supportive evidence, this paucity is expected, considering this is the first pandemic in an era of ubiquitous digital technology exemplified by the global penetration of smartphones and mobile internet. Nevertheless, according to the Government of India, based on preliminary data, it was found that among the Aarogya Setu app users who were recommended testing, 24% were found COVID-19 positive, nearly fivefold higher compared to the overall COVID-19 positivity rate in the country. 40 The app is also helping civic authorities of the country to identify the disease trends and map containment zones within their cities. 41

Consequently, the large-scale use of the application by the country’s mobile phone users is likely to be highly cost-effective if it can reasonably complement and mitigate the work involved in the labor-intensive manual tracing operations. Furthermore, for countries under lockdown, such apps could be utilized as a part of their exit or unlock strategies. 42 The potential health-related and economic cost savings on extensive use of such an app would also meet the ethical principle of justice.

The necessity of the Aarogya Setu app is also reasonable and justified considering the persistently escalating case burden in the country. 43 Moreover, its mandatory installation is a consequence of the requirement of uptake by a critical mass, possibly as high as 70% of all mobile phone users, to render it an overwhelmingly successful public health intervention for controlling the COVID-19 pandemic compared to standard interventions, further necessitating the need for a single contact tracing app. 44 , 45

The alerts sent to app users who have been in contact with a confirmed case can also help them to go into early isolation and limit the spread of the infection to their susceptible household, neighborhood and work contacts, especially when the former are asymptomatic, a morally appealing scenario. The use of such an application is also foregrounded in reciprocity due to the reduced risk of harm to a potential user’s contacts that is not possible in the app’s absence as discussed previously.

Demonstrating Trust and Alleviating Privacy Concerns, But to What Extent?

Legitimate concerns exist over surveillance through apps, especially in nondemocratic societies lacking civil rights for their citizens, where political dissidents may be tracked and suppressed using such apps. 46 However, in functional democratic societies, with sufficient legal and constitutional safeguards, these concerns may be exaggerated since governments can be held accountable by an independent judiciary. Moreover, democratic governments are obliged to take measures to convince the people to trust that the government is acting in their best interests 47 and foster their cooperation for adherence to such public health recommendations. 48 For instance, in India, after the initial criticism, the government was responsive in rendering the Aarogya Setu app open-source. 49 Together with the decision to announce a bounty program for ethical hackers to find any inadvertent security loopholes or privacy issues, it demonstrated a commitment to transparency. 50

A pandemic situation does create conflicts over maintaining the highest possible privacy and the greater public good. Moreover, even in the absence of an app, infected patients are morally expected to truthfully reveal their exact travel history during a manual contact tracing interview to enable timely intimation to those who had come in contact with them and are at risk.

Furthermore, even in the unlikely instance of a data breach, as discussed previously, the worst-case scenarios need to be defined. For instance, leakage of the names and addresses of a COVID-19 patient may, unfortunately, result in the short-term stigmatization of the individual. However, although disconcerting, the level of stigma, in this case, is not comparable to that in chronic infective conditions like HIV-AIDS that are not associated with recovery. 51

It is true that for some individuals, concerns for digital privacy may trump all other considerations, 52 including those related to health, and mandatory installation of a contact tracing application may cause them acute psychological agony. Nevertheless, we argue that the responsibility of the government during a public health emergency is limited to satisfying the reasonable individual, a principle consistent with Mill’s classic harm principle where the “physical or moral good” of the individual is deemed able to be superseded if necessary for preventing “harm to others.” 53 Moreover, just like any other justifiable public health intervention, such as making people wear helmets and seat-belts to reduce the risks to their lives, the government need not go overboard in convincing the last skeptic to change their opinion. This is particularly true for an intervention that does not upset the way of life of the people by imposing any significant restrictions.

Overriding Liberty: Arguments from Analogy, Lack of Engagement, and Equity

It is well-established that promoting public health may legitimately override the concern of individual liberty in specific cases, even in countries with a strong ingrained culture of libertarian ethos and anti-paternalistic attitudes. Some examples include the ban on smoking in public places, mandatory helmets, and car seat-belt laws that have been successfully advocated, legislated, and implemented. 54 , 55 Even mandatory vaccination of infants and children through coercive policies is likely to be ethically justifiable, notwithstanding the miniscule risk of vaccine-related injury. 56 Moreover, when traveling to foreign lands, travelers sometimes must take compulsory vaccination for diseases like yellow fever as per international law, which can cause pronounced allergies and adverse effects in rare cases. One could argue that international travel is voluntary, but under certain circumstances like when visiting an ailing relative, it can be justified. Nevertheless, these analogies are limited by the absence of long-term harm potential compared to a hypothetical malicious contact tracing app that collects confidential information it was not supposed to collect, and uses it for purposes detrimental to the user.

Another valid concern with the compulsory installation of an application is the potential lack of engagement by the privacy-concerned users and accentuation of their vulnerability. Without trust in the health system, there can be an apprehension that suspicious users may apply means to subvert the functioning of these applications, like by turning off location services. 57 However, in an age of smartphone addiction and nomophobia, 58 the possibility of people leaving their homes without their primary phones and disconnecting location services may be more theoretical than practical arguments.

A more problematic challenge is the lack of smartphone accessibility among three out of every four Indians, with those not possessing a smartphone likely to be deprived of the benefits of the Aarogya Setu app. 59 To achieve equity and justice, efforts toward the development and deployment of a nonsmartphone version of the app are therefore urgently warranted. Nevertheless, there exists a significant rural–urban disparity with accessibility to smartphones in India, so the use of the app in halting the spread of COVID-19 would be beneficial for at least the cities which have been hitherto comparatively worse affected than much of rural India.

Installing a government-backed application for contact tracing during a pandemic is a legitimate public health intervention. However, such an intervention, although not fundamentally different from compulsorily wearing a helmet, seat belt, or taking a vaccine before travel, lacks precedent, since the potentially detrimental implications for the users can manifest even after much time has elapsed. Consequently, governments, especially in democratic societies, on their part should walk the extra mile to make reasonable efforts to instill confidence among their citizens for using these apps. Civil society organizations, although having the right to forewarn against data misuse by such apps, also have an added responsibility during pandemics of avoiding being adversely judgmental based on a reflexive distrust of the government. Nevertheless, ultimately, it will be the generation of first-class evidence proving the effectiveness of these apps in stopping the chain of transmission that can justify their mandatory use by the yardstick of public health ethics.

1. World Health Organization. Modes of transmission of virus causing COVID-19: implications for IPC precaution recommendations. Scientific Brief ; 2020. March 29; available at https://www.who.int/news-room/commentaries/detail/modes-of-transmission-of-virus-causing-covid-19-implications-for-ipc-precaution-recommendations (last accessed 26 Jun 2020).

2. World Health Organization. Global surveillance for COVID-19 caused by human infection with COVID-19 virus; available at https://www.who.int/publications/i/item/global-surveillance-for-covid-19-caused-by-human-infection-with-covid-19-virus-interim-guidance (last accessed 26 Jun 2020).

3. Greiner AL, Angelo KM, McCollum AM, Mirkovic K, Arthur R, Angulo FJ. Addressing contact tracing challenges-critical to halting Ebola virus disease transmission . International Journal of Infectious Diseases 2015; 41 :53–5. [ PubMed ] [ Google Scholar ]

4. Gowda G, Holla R, Ramraj B, Gudegowda KS. Contact tracing and quarantine for COVID-19: Challenges in community surveillance . Indian Journal of Community Health 2020; 32 ( 2 ):306– 8. [ Google Scholar ]

5. Deccan Herald. Corona warriors attacked in Belagavi village; 2020 June 12; available at https://www.deccanherald.com/state/karnataka-districts/corona-warriors-attacked-in-belagavi-village-848840.html (last accessed 26 Jun 2020).

6. World Health Organization. Transmission of COVID-19 by asymptomatic cases; 2020. June 11; available at http://www.emro.who.int/health-topics/corona-virus/transmission-of-covid-19-by-asymptomatic-cases.html (last accessed 26 Jun 2020).

7. V Hart, Siddarth D, Cantrell B, Tretikov L, Eckersley P, Langford J, et al. 2020. Outpacing the Virus: Digital Response to Containing the Spread of COVID-19 while Mitigating Privacy Risks ; available at https://ethics.harvard.edu/outpacing-virus (last accessed 26 June 2020).

8. Ferretti L, Wymant C, Kendall M, Zhao L, Nurtay A, Abeler-Dörner L, et al. 2020. Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing . Science 368 ( 6491 ):eabb6936. [ PMC free article ] [ PubMed ] [ Google Scholar ]

9. Garg S, Bhatnagar N, Gangadharan N. A case for participatory disease surveillance of the COVID-19 pandemic in India . JMIR Public Health Surveillance 2020; 6 ( 2 ):e18795. [ PMC free article ] [ PubMed ] [ Google Scholar ]

10. MIT Technology Review: COVID Tracing Tracker; 2020 June 15; available at https://www.technologyreview.com/2020/05/07/1000961/launching-mittr-covid-tracing-tracker/ (last accessed 26 Jun 2020).

11. See note 10 , MIT Technology Review (2020).

12. Press Information Bureau. Aarogya Setu is Now Open Source ; 2020. May 26; available at https://pib.gov.in/PressReleseDetailm.aspx?PRID=1626979# (last accessed 26 Jun 2020).

13. Ranisch R, Nijsingh N, Ballantyne A, Buyx A, Friedrich O, Hendl T, et al. Ethics of digital contact tracing apps for the Covid-19 pandemic response. Kompetenznetz Public Health COVID-19 ; 2020; available at https://www.public-healthcovid19.de/images/2020/Ergebnisse/Ethics_of_digital_contact_tracing-v1.pdf (last accessed 26 Jun 2020).

14. Guliani NS. ACLU White Paper—Government Safeguards for Tech-Assisted Contact Tracing ; available at https://www.aclu.org/other/aclu-white-paper-government-safeguards-tech-assisted-contact-tracing (last accessed 26 Jun 2020).

15. O’Neill HP. India is Forcing People to Use its Covid App, Unlike any Other Democracy ; 2020 May 7; available at https://www.technologyreview.com/2020/05/07/1001360/india-aarogya-setu-covid-app-mandatory (last accessed 26 Jun 2020).

16. Morley J, Cowls J, Taddeo M, Floridi L. Ethical guidelines for COVID-19 tracing apps . Nature 2020; 582 ( 7810 ):29–31. [ PubMed ] [ Google Scholar ]

17. Aarogya Setu; available at https://www.mygov.in/aarogya-setu-app/ (last accessed 26 Jun 2020).

18. Indian Express. Aarogya Setu Mandatory: Who All Must Download the App Right Away 2020 ; 2020 May 3; available at https://indianexpress.com/article/technology/social/aarogya-setu-app-mandatory-contact-tracing-app-6389284 (last accessed 26 Jun 2020).

19. See note 15 , O’Neill 2020.

20. Shashidhar KJ. Aarogya Setu App and Its Many Conflicts ; 2020; available at https://www.orfonline.org/expert-speak/aarogya-setu-app-many-conflicts-67442/ (last accessed 26 Jun 2020).

21. Deccan Chronicle. Aarogya Setu App not Mandatory but Show COVID-19 Negative Certificate Itself ; 2020 May 24; available at https://www.deccanchronicle.com/nation/current-affairs/240520/hardeep-puri-aarogya-setu-app-not-mandatory-self-declaration-form-al.html (last accessed 26 Jun 2020).

22. Parker MJ, Fraser C, Abeler-Dörner L, Bonsall D. Ethics of instantaneous contact tracing using mobile phone apps in the control of the COVID-19 pandemic . Journal of Medical Ethics 2020; 46 ( 7 ):427–31. [ PMC free article ] [ PubMed ] [ Google Scholar ]

23. Oriola TA. Ethical and legal analyses of policy prohibiting tobacco smoking in enclosed public spaces . Journal of Law and Medical Ethics 2009; 37 ( 4 ):828–40. [ PubMed ] [ Google Scholar ]

24. Jones MM, Bayer R. Paternalism and its discontents: Motorcycle helmet laws, libertarian values, and public health . American Journal of Public Health 2007; 97 ( 2 ):208–17. [ PMC free article ] [ PubMed ] [ Google Scholar ]

25. Giubilini A, Savulescu J. Vaccination, risks, and freedom: The seat belt analogy . Public Health Ethics 2019; 12 ( 3 ):237–49. [ PMC free article ] [ PubMed ] [ Google Scholar ]

26. Press Trust of India. Aarogya Setu Most Downloaded Healthcare App in World: Amitabh Kant ; 2020 May 8; available at https://economictimes.indiatimes.com/tech/internet/aarogya-setu-most-downloaded-healthcare-app-in-world-amitabh-kant/articleshow/75633564.cms?from=mdr (last accessed 26 Jun 2020).

27. Government of India. Aarogya Setu Mobile App. Aarogya Setu FAQs ; 2020; available at https://static.mygov.in/rest/s3fs-public/mygov_159056978751307401.pdf (last accessed 26 Jun 2020).

28. Government of India. Aarogya Setu Mobile App. Aarogya Setu Technical FAQs ; 2020; available at https://static.mygov.in/rest/s3fs-public/mygov_159056968451307401.pdf (last accessed 26 Jun 2020).

29. Times of India. Aarogya Setu App Does not Access Your Data Unless You have COVID-19, Says NITI Aayog's Arnab Kumar ; 2020. May 10; available at https://timesofindia.indiatimes.com/home/sunday-times/all-that-matters/aarogya-setu-app-does-not-access-your-data-unless-you-have-covid-19-says-niti-aayogs-arnab-kumar/articleshow/75650510.cms (last accessed 26 June 2020).

30. George PJ. Coronavirus | What are the concerns around the Aarogya Setu app? The Hindu ; 2020. April 26; available at https://www.thehindu.com/sci-tech/technology/coronavirus-what-are-the-concerns-around-the-aarogyasetu-app/article31434768.ece (last accessed 26 June 2020).

31. See note 16 , Morley et al. 2020, at 29–31.

32. Government of India. Aarogya Setu Privacy Policy ; 2020; available at https://static.mygov.in/rest/s3fs-public/mygov_159051645651307401.pdf (last accessed 26 June 2020).

33. See note 20 , Shashidhar 2020.

34. See note 32 , Government of India 2020.

35. Xafis V, Schaefer GO, Labude MK, Zhu Y, Hsu LY. The perfect moral storm: Diverse ethical considerations in the COVID-19 pandemic . Asian Bioethics Review 2020; 12 :65–83. [ PMC free article ] [ PubMed ] [ Google Scholar ]

36. Childress JF, Faden RR, Gaare RD, Gostin LO, Kahn J, Bonnie RJ, et al. Public health ethics: mapping the terrain . The Journal of Law, Medicine & Ethics 2002; 30 ( 2 ):170–8. [ PubMed ] [ Google Scholar ]

37. See note 36 , Childress et al. 2002, at 170–8.

38. Upshur RE. Principles for the justification of public health intervention . Canadian Journal of Public Health 2002; 93 ( 2 ):101–3. [ PMC free article ] [ PubMed ] [ Google Scholar ]

39. See note 13 , Ranisch et al. 2020.

40. See note 12 , Press Information Bureau 2020.

41. Patel L. Aarogya Setu app data is helping AMC identify potential hotspots. Ahmedabad Mirror ; 2020 June 15; available at https://ahmedabadmirror.indiatimes.com/ahmedabad/others/aarogya-setu-app-data-is-helping-amc-identify-potential-hotspots/articleshow/76376752.cms (last accessed 26 Jun 2020).

42. Resnick B. Social distancing can’t last forever. Here’s what should come next. Vox ; 2020 March 30; available at https://www.vox.com/science-and-health/2020/3/26/21192211/coronavirus-covid-19-social-distancingend (last accessed 26 Jun 2020).

43. Government of India. Ministry of Health and Family Welfare ; 2020; available at https://www.mohfw.gov.in/ (last accessed 26 Jun 2020).

44. Bassi A, Arfin S, John O, Jha V. An overview of mobile applications (apps) to support the coronavirus disease 2019 response in India . Indian Journal of Medical Research 2020; 151 :468–73. [ PMC free article ] [ PubMed ] [ Google Scholar ]

45. See note 7 , Hart et al. 2020.

46. See note 35 , Xafis et al. 2020, at 65–83.

47. Hall MA, Dugan E, Zheng B, Mishra AK. 2001. Trust in physicians and medical institutions: What is it, can it be measured, and does it matter? Milbank Quarterly 79 ( 4 ):613–39. [ PMC free article ] [ PubMed ] [ Google Scholar ]

48. Weerd W, Timmermans DR, Beaujean DJ, Oudhoff J, Steenbergen JE. Monitoring the level of government trust, risk perception and intention of the general public to adopt protective measures during the influenza A (H1N1) pandemic in The Netherlands . BMC Public Health 2011; 11 :575. [ PMC free article ] [ PubMed ] [ Google Scholar ]

49. See note 12 , Press Information Bureau 2020.

50. Government of India. Aarogya Setu Bug Bounty Program ; 2020; available at https://static.mygov.in/rest/s3fs-public/mygov_159057669351307401.pdf (last accessed 26 Jun 2020).

51. Mahajan AP, Sayles JN, Patel VA, Remien RH, Sawires SR, Ortiz DJ, et al. Stigma in the HIV/AIDS epidemic: A review of the literature and recommendations for the way forward . AIDS 2008; 2 ( Suppl 2 ):S67–79. [ PMC free article ] [ PubMed ] [ Google Scholar ]

52. See note 22 , Parker et al. 2020, at 427–31.

53. Holtug N. The harm principle . Ethical Theory and Moral Practice 2002: 5 ;357–89. [ Google Scholar ]

54. Eltorai AE, Simon C, Choi A, Hsia K, Born CT, Daniels AH. Federally mandating motorcycle helmets in the United States . BMC Public Health 2016; 16 :242. [ PMC free article ] [ PubMed ] [ Google Scholar ]

55. See note 23 , Oriola, at 828–40.

56. See note 25 , Giubilini, Savulescu 2019, at 237–49.

57. Granick JS. Apple and Google Announced a Coronavirus Tracking System. How Worried Should We Be? 2020. April 16; available at https://www.aclu.org/news/privacy-technology/apple-and-google-announced-a-coronavirus-tracking-system-how-worried-should-we-be/ (last accessed 26 Jun 2020).

58. Sohn S, Rees P, Wildridge B, Kalk NJ, Carter B. Prevalence of problematic smartphone usage and associated mental health outcomes amongst children and young people: A systematic review, meta-analysis and GRADE of the evidence . BMC Psychiatry 2019; 19 ( 1 ):356. [ PMC free article ] [ PubMed ] [ Google Scholar ]

59. Nalapat S. Aarogya Setu: Are India’s non-smartphone users at risk of being left in the cold? Timesnownews ; 2020 May 13; available at https://www.timesnownews.com/technology-science/article/aarogya-setu-are-india-s-non-smartphone-users-at-risk-of-being-left-in-the-cold/591350 (last accessed 26 Jun 2020).

• Advanced Search

Analysis of COVID-19 Tracking Tool in India: Case Study of Aarogya Setu Mobile Application

Deen Dayal Upadhyaya College, University of Delhi, Delhi, India

Shaheed Sukhdev College of Business Studies, University of Delhi, Delhi, India

• 40 citation

New Citation Alert added!

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

• Publisher Site
• View all Formats

Digital Government: Research and Practice

COVID-19 tracking tools or contact-tracing apps are getting developed at a rapid pace by different governments in their respective countries. This study explores one such tool called Aarogya Setu , developed by the Government of India. It is a mobile application developed under the Health Ministry, as a part of the E-Governance initiative, to track and sensitize the citizens of India in a joint battle against COVID-19 spread. The study aims to understand various useful features of this tool and to present different concepts of data science applied within the application along with its importance in managing the ongoing pandemic. The App uses Bluetooth and GPS technologies to alert a user when they are nearby a COVID-19 infected person. The application uses various Data Science concepts such as Classification, Association Rule Mining, and Clustering to analyze COVID-19 spread in India. The study also shows potential upgradations in the application, which includes usage of Artificial Intelligence and Computer Vision to detect COVID-19 patients. The study would be useful for mobile technology professionals, data science professionals, medical practitioners, health-related frontline workers, public administrators, and government officials.

Index Terms

Applied computing

Computers in other domains

Computing in government

E-government

Social and professional topics

Computing / technology policy

Surveillance

Governmental surveillance

Recommendations

Ict-enabled grievance redressal in central india: a comparative analysis.

Helping citizens to resolve grievances is an important part of many e-governance initiatives. In this paper, we examine two contemporary initiatives that use ICTs to help citizens resolve grievances in central India. One system is a state-run call ...

Sixty years of development of e-governance in India (1947-2007): are there lessons for developing countries?

This paper attempts to trace the development of e-governance in India during last sixty years from 1947 to 2007. It conceives the development of e-governance, defined here as use of information and communication technology (ICT) in governance, in three ...

e-governance initiatives in India

Information and Communication Technology (ICT) in government agencies as well as educational and research institutions facilitates an efficient, speedy and transparent dissemination of information to the public and other agencies for performance of ...

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

• Information
• Contributors

Published in

City University of New York, USA

The Governance Lab and New York University, USA

Copyright © 2020 ACM

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Association for Computing Machinery

New York, NY, United States

Publication History

• Published: 21 August 2020
• Revised: 1 July 2020
• Accepted: 1 July 2020
• Received: 1 June 2020

Permissions

Request permissions about this article.

Check for updates

Author tags.

• Aarogya Setu
• COVID-19 reporting tool
• E-Governance
• contact-tracing
• coronavirus
• tracking tool
• research-article

Funding Sources

Other metrics.

• Bibliometrics
• Citations 40

Article Metrics

• 40 Total Citations View Citations
• 11,662 Total Downloads
• Downloads (Last 12 months) 1,130
• Downloads (Last 6 weeks) 80

View or Download as a PDF file.

View online with eReader.

Digital Edition

View this article in digital edition.

HTML Format

View this article in HTML Format .

Share this Publication link

https://dl.acm.org/doi/10.1145/3416088

Share on Social Media

• 0 References

Export Citations

• Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
• Download citation
• Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

• DOI: 10.1177/2043886920985863
• Corpus ID: 234829857

“Aarogya Setu”: The mobile application that monitors and mitigates the risks of COVID-19 pandemic spread in India

• Viral Nagori
• Published in Journal of Information… 8 April 2021
• Computer Science, Medicine, Environmental Science
• Journal of Information Technology Teaching Cases

Figures and Tables from this paper

3 Citations

Six sigma dmaic approach based mobile application for statistical analysis of covid-19 data, application of technology in healthcare, practices on aarogya setu: mapping citizen interaction with the contact-tracing app in the time of covid-19, 32 references, contact tracing mobile apps for covid-19: privacy considerations and related trade-offs, one app to trace them all examining app specifications for mass acceptance of contact-tracing apps, privacy policy, related papers.

Showing 1 through 3 of 0 Related Papers

Demarcating the Privacy Issues of Aarogya Setu App in Covid-19 Pandemic in India: An Exploration into Contact Tracing Mobile Applications from Elaboration Likelihood Model

• Conference paper
• First Online: 16 June 2022
• Cite this conference paper

• Nirmal Acharya   ORCID: orcid.org/0000-0002-2132-5184 8 &
• Abhishek Sharma   ORCID: orcid.org/0000-0001-8203-7568 9  

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13333))

Included in the following conference series:

• International Conference on Human-Computer Interaction

1252 Accesses

1 Citations

Demand for contract tracing applications is significantly increasing as governments across the globe are relying on these mobile apps to help combat the spread of the COVID-19 virus. However, while this technology has a potential benefit, there is widespread concern that consumers’ fears around privacy and data protection prevent them from downloading such apps. By focusing on this emerging crisis, in this study, we investigate the potential obstacles imposed by privacy concerns (i.e., the perceived risk of accepting the app permission, the perceived risk of providing the information). This study also investigates the popularity of Aarogya Setu, the Indian government’s COVID-19 app. In doing so, we examine privacy concerns through the theoretical lens of the Elaboration Likelihood Model and explore the download intentions of new users. Using the above dimensions of privacy, we then propose a conceptual framework that depicts the influence of privacy concerns over the download intention of new users. Lastly, this paper provides suggestions to allow the Aarogya Setu to improve its perceived reliability among its users and increase downloads.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Alanzi, T.: A review of mobile applications available in the app and google play stores used during the COVID-19 outbreak. J. Multidiscip. Healthc. 14 , 45 (2021)

Article   Google Scholar  

Angst, C.M., Agarwal, R.: Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion. MIS Q. 33 , 339–370 (2009)

Arevalo, F.N.: Decoding the public interest of Aarogya Setu, contact tracing app for managing the COVID19 pandemic in India. In: 2020 IEEE International Symposium on Technology and Society (ISTAS), pp. 508–512 (2020). https://doi.org/10.1109/ISTAS50296.2020.9462225

Bansal, G., Gefen, D.: The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis. Support Syst. 49 , 138–150 (2010)

Basu, S.: Effective contact tracing for COVID-19 using mobile phones: an ethical analysis of the mandatory use of the aarogya setu application in India. Camb. Q. Healthc. Ethics 30 , 262–271 (2021)

Bhattacherjee, A., Sanford, C.: Influence processes for information technology acceptance: an elaboration likelihood model. MIS Q. 30 (4), 805–825 (2006)

Google Scholar  

Cho, H., Ippolito, D., Yu, Y.W.: Contact tracing mobile apps for COVID-19: privacy considerations and related trade-offs. aXiv preprint arXiv:2003.11511 (2020)

Cucinotta, D., Vanelli, M.: WHO declares COVID-19 a pandemic. Acta Bio-Med.: Atenei Parmensis 91 , 157–160 (2020)

Degirmenci, K.: Mobile users’ information privacy concerns and the role of app permission requests. Int. J. Inf. Manage. 50 , 261–272 (2020)

Dhar, T.: Aarogya Setu-carrying your privacy in your hands? Available at SSRN 3614506 (2020)

Dinev, T., Xu, H., Smith, J.H., Hart, P.: Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts. Eur. J. Inf. Syst. 22 , 295–316 (2013)

Duan, W., Gu, B., Whinston, A.B.: Informational cascades and software adoption on the internet: an empirical investigation. MIS Q. 33 (1), 23–48 (2009)

Garg, S., Bhatnagar, N., Gangadharan, N.: A case for participatory disease surveillance of the COVID-19 pandemic in India. JMIR Public Health Surveill. 6 , e18795 (2020)

Gu, J., Xu, Y.C., Xu, H., Zhang, C., Ling, H.: Privacy concerns for mobile app download: an elaboration likelihood model perspective. Decis. Support Syst. 94 , 19–28 (2017)

Gupta, M., Abdelsalam, M., Mittal, S.: Enabling and enforcing social distancing measures using smart city and its infrastructures: a COVID-19 use case. arXiv preprint arXiv:2004.09246 (2020)

Gupta, R., Jithendranathan, T.: Fund flows and past performance in Australian managed funds. Account. Res. J. 25 , 131–157 (2012)

Haugtvedt, C.P., Petty, R.E.: Need for cognition and attitude persistence. ACR North American Advances (1989)

Hindu. Data | How safe is Aarogya Setu compared to COVID-19 contact tracing apps of other countries? (2020)

Jennings, R.: TikTok, Explained. Vox (2019)

Jung, Y., Park, J.: An investigation of relationships among privacy concerns, affective responses, and coping behaviors in location-based services. Int. J. Inf. Manage. 43 , 15–24 (2018)

Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A “nutrition label” for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 1–12 (2009)

Kelly, L., Kerr, G., Drennan, J., Fazal-E-Hasan, S.M.: Feel, think, avoid: testing a new model of advertising avoidance. J. Mark. Commun. 27 (4), 343–364 (2019). https://doi.org/10.1080/13527266.2019.1666902

Krehling, L., Essex, A.: A security and privacy scoring system for contact tracing apps. J. Cybersecur. Priv. 1 , 597–614 (2021)

Krosnick, J.: Attitude strength: an overview. In: Petty, R.E., Krosnick, J.A. (eds.) Attitude Strength: Antecedents and consequences. Erlbaum, Hillsdale (1995)

Liu, J.K., et al.: Privacy-preserving COVID-19 contact tracing app: a zero-knowledge proof approach. IACR Cryptol. ePrint Arch., 2020, 528 (2020)

Lowry, P.B., Moody, G., Vance, A., Jensen, M., Jenkins, J., Wells, T.: Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers. J. Am. Soc. Inform. Sci. Technol. 63 , 755–776 (2012)

Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inf. Syst. Res. 15 , 336–355 (2004)

Nagori, V.: “Aarogya Setu”: the mobile application that monitors and mitigates the risks of COVID-19 pandemic spread in India. J. Inf. Technol. Teach. Cases 11 , 66–80 (2021)

Park, D.-H., Lee, J., Han, I.: The effect of on-line consumer reviews on consumer purchasing intention: the moderating role of involvement. Int. J. Electron. Commer. 11 , 125–148 (2007)

Petty, R.E., Cacioppo, J.T.: Attitudes and Persuasion: Classic and Contemporary Approaches. Westview Press, Boulder (1996)

Petty, R.E., Cacioppo, J.T.: Communication and Persuasion: Central and Peripheral Routes to Attitude Change. Springer, Heidelberg (2012)

Priester, J.R., Petty, R.E.: The influence of spokesperson trustworthiness on message elaboration, attitude strength, and advertising effectiveness. J. Consum. Psychol. 13 , 408–421 (2003)

Sengupta, J., Johar, G.V.: Effects of inconsistent attribute information on the predictive value of product attitudes: toward a resolution of opposing perspectives. J. Consum. Res. 29 , 39–56 (2002)

Sharma, A.: The role of IoT in the fight against Covid-19 to restructure the economy. In: Stephanidis, C., et al. (eds.) HCII 2021. LNCS, vol. 13097, pp. 140–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90966-6_11

Chapter   Google Scholar  

Singhal, T.: A review of coronavirus disease-2019 (COVID-19). Indian J. Pediatr. 87 , 1–6 (2020)

Spears, J.L.: The effects of notice versus awareness: an empirical examination of an online consumer’s privacy risk treatment. In: 46th Hawaii International Conference on System Sciences, pp. 3229–3238. IEEE, Hawaii (2013)

Susilo, D.: Unlocking the secret of E-loyalty: a study from Tiktok users in China. Int. J. Econ. Bus. Entrep. (IJEBE) 3 , 37–49 (2020)

Tam, K.Y., Ho, S.Y.: Web personalization as a persuasion strategy: an elaboration likelihood model perspective. Inf. Syst. Res. 16 , 271–291 (2005)

Tang, J., Akram, U., Shi, W.: Why people need privacy? The role of privacy fatigue in app users’ intention to disclose privacy: based on personality traits. J. Enterp. Inf. Manage. (2020)

Times, T.E.: Aarogya Setu’s not all that healthy for a person’s privacy (2020)

Wang, D., et al.: Epidemiological characteristics and transmission model of Corona Virus Disease 2019 in China. J. Infect. 80 , e25 (2020)

Wang, L., Hu, H.-H., Yan, J., Mei, M.Q.: Privacy calculus or heuristic cues? The dual process of privacy decision making on Chinese social media. J. Enterp. Inf. Manag. 33 (2019)

WHO. World Health Organization - India Situation Report (2020)

Worldometers. Worldometer: Coronavirus Cases (2022). https://www.worldometers.info/coronavirus/ : Worldometers. Accessed 21 Oct 2021 2020

Wottrich, V.M., van Reijmersdal, E.A., Smit, E.G.: The privacy trade-off for mobile app downloads: the roles of app value, intrusiveness, and privacy concerns. Decis. Support Syst. 106 , 44–52 (2018)

Xu, H., Teo, H.-H., Tan, B.C.Y., Agarwal, R.: Research note—effects of individual self-protection, industry self-regulation, and government regulation on privacy concerns: a study of location-based services. Inf. Syst. Res. 23 , 1342–1363 (2012)

Zwitter, A., Gstrein, O.J.: Big data, privacy and COVID-19–learning from humanitarian expertise in data protection. 5 , 4 (2020)

Download references

Author information

Authors and affiliations.

University of Southern Queensland, Toowoomba, Australia

Nirmal Acharya

Swinburne University of Technology, Melbourne, Australia

Abhishek Sharma

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Nirmal Acharya .

Editor information

Editors and affiliations.

San Jose State University, San Jose, CA, USA

Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Cite this paper.

Acharya, N., Sharma, A. (2022). Demarcating the Privacy Issues of Aarogya Setu App in Covid-19 Pandemic in India: An Exploration into Contact Tracing Mobile Applications from Elaboration Likelihood Model. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2022. Lecture Notes in Computer Science, vol 13333. Springer, Cham. https://doi.org/10.1007/978-3-031-05563-8_28

Download citation

DOI : https://doi.org/10.1007/978-3-031-05563-8_28

Published : 16 June 2022

Publisher Name : Springer, Cham

Print ISBN : 978-3-031-05562-1

Online ISBN : 978-3-031-05563-8

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

• Get new issue alerts Get alerts
• Submit a Manuscript

Secondary Logo

Journal logo.

Colleague's E-mail is Invalid

Your message has been successfully sent to your colleague.

Save my selection

How Indians Responded to the Arogya Setu App?

Kodali, Prakash Babu 1 ; Hense, Sibasis 1, ; Kopparty, Swarajya 2 ; Kalapala, Gangadhar Rao 3 ; Haloi, Banashri 4

1 Assistant Professor, Central University of Kerala, Kasaragod, Kerala, India

2 Scientist-B, DRDO, Naval Selection Board, Visakhapatnam, Andhra Pradesh, India

3 PhD Candidate, School of Health Systems Studies, Tata Institute of Social Sciences, Mumbai, Maharashtra, India

4 MPH Student, Department of Public Health and Community Medicine, Central University of Kerala, Kasaragod, Kerala, India

Address for correspondence: Dr. Sibasis Hense, Room No 112, Brahmaputra Block, Department of Public Health and Community Medicine, Central University of Kerala, Tejaswini Hills, Periya, Kasaragod - 671 316, Kerala, India. E-mail: [email protected]

Received April 30, 2020

Received in revised form May 09, 2020

Accepted May 11, 2020

The mHealth app Arogya Setu can substantially contribute to the containment and management of COVID-19. This study explores the experiences and expectations of Arogya Setu app users by conducting a combined content analysis of their reviews. Five hundred and three most relevant reviews were analyzed using the descriptive statistics and thematic analysis. The reviews are primarily posted in the areas of user acceptance (80%), app usefulness (72.8%), and app features (62.2%). The thematic analysis resulted in four themes: user acceptance, app usefulness, promptness of the Indian Government in bringing the app on time, and concerns and cautions raised by the users. These help in strengthening the app features enabling the real-time data capture and analytics and providing timely information to authorities for better decision-making.

INTRODUCTION

mHealth apps are crucial in the disease containment and management during pandemics and can support health systems in disease surveillance, risk assessment, case identification, contact tracing, and situation monitoring.[ 1 2 ] In India, the Arogya Setu is a COVID-19-tracking app.[ 3 ] It informs the users regarding the risks assessment and provide relevant advisories. As of April 21, 2020, this app has over 50 million downloads, with an average rating of 4.6/5, from 273,646 users.[ 4 ] Many users post reviews encompassing their experiences and expectations for this app which could provide valuable first-hand information and facilitate in strengthening the app's features.

The current research was aimed at analyzing Arogya Setu app user's experiences and expectations. Specifically, it answered two important questions: (i) what are the areas in which Arogya Setu users posted their reviews? and (ii) what is the perceived usefulness, criticism, and expectation of the users toward the app? The combined content analysis (CCA) methodology was employed to undertake this research.[ 5 ]

MATERIALS AND METHODS

A sample of 503 most relevant reviews (as per the Google algorithm) available publicly and posted in English by the users until April 21, 2020, were purposefully selected from the Google play store ( https://play.google.com/store/apps/details?id=nic.goi.aarogyasetuandhl=en_INandshowAllReviews=true ). This sample was 0.18% of the total reviews and consistent with other studies employing the content analysis of reviews.[ 6 ] The reviews were transported into MS-Excel 2016[ 7 ] using copy paste option, cleaned, formatted, and analyzed. In order to ensure the anonymity, no identifiable data of the users (such as name, age, etc.,) were transferred into the excel sheet.

An established coding technique was used to analyze the reviews.[ 8 ] It involved: (i) data immersion, (ii) data reduction through the systematic coding and themes generation, and (iii) interpretation of the findings. Given that limited research is conducted using the content analyses of user's reviews, the current study used an inductive approach to develop a coding scheme resulting in 15 dimensions on which the analyses were conducted.[ 9 10 ] Based on this scheme, the reviews were analyzed quantitatively using the descriptive statistics (frequency and percentage), and additional qualitative analyses were presented in the separate themes. Rigor was established through prolonged engagement during the process of data entry, reading and re-reading the reviews, data cleaning, and coding that also ensured familiarity with the data. Data was independently coded by the two groups of researchers, and 50% of the reviews were randomly selected for inter-coder reliability, calculating Cohen's kappa, which was found statistically significant (at P < 0.05) for the majority of dimensions. Ethics approval from institutional committee was not obtained as the study was conducted on publicly available secondary data without involving any human subjects. The researchers ensured that the research met the ethical principles of respect, beneficence, nonmaleficence, and justice.

Quantitative analyses found that more than half (56%) of the users assigned 4- and 5-star ratings, signifying higher satisfaction. In contrast, only 27% of the users assigned 1- and 2-star ratings, signifying lower or poor satisfaction of the app. Most of the reviews were posted in the areas of user acceptance (80%), app usefulness (72.8%), and app features (62.2%). The descriptions of reviews posted by the users across dimensions are given in Table 1 .

Qualitative analyses of the reviews resulted in four themes with prime focus on: User acceptance, app usefulness, promptness of the Indian Government in bringing the app on time, and concerns and cautions raised by the users.

Predominantly positive user acceptance

Most of the reviews reflected the optimistic views about the app, such as ” excellent app ,” ” helpful ,” and ” timely. ” Reviews reporting “positive user acceptance” generally reflected the individual's intention to use the application.

”the app is a very good initiative and I'm positive that it'll serve the purpose (User 018).”

In contrast, reviews reporting “negative user acceptance,” described the app as “ poor, passive, and nonresponding. ” Negative user acceptance was often accompanied with decision to uninstall the app.

The users reiterated that the app was useful in alerting them from COVID-19. These ideas were predominantly accompanied by the functions performed by the app such as disease monitoring, assessment of individuals, and updates.

It is useful and trustworthy app for keeping ourselves away from such hidden enemy like COVID-19 (User 220).

Reviews quoting usefulness were often accompanied by the suggestions to improve the app's features; these included: Integration with GPS systems and maps, user alerts in red zones/hot-spots, provision of regular COVID-19 updates, enabling contact tracing, and making the app workable on feature phone platforms.

Timely initiative

One of the important themes that emerged was timely development and deployment. The analyses also noted that Arogya Setu being a Government owned app would gain higher user's trustworthiness and generate a sense of confidence among the users.

This app is a timely initiative. It'll serve as a major boost to the Government in real time data collection and help authorities to make greater data driven decision (User 407).

Reviews highlighted “government focus” as an important facilitator. The proactive campaigns for installing this application, particularly from the top leadership of the country were perceived to be motivating users to install and use the app.

Concerns and cautions

Users also reported unfavorable feedback reflecting their concerns in using the app. They categorized their reservation in terms of data-specific, system-specific, and users'-specific concerns. It was found that the application relies on self-reported data for tracking positive cases and proximity assessment. This feature is critically reliant on authentic information provided by the users. Concerns about the inaccuracy of data provided were found to be inhibiting potential users to use this app.

Please ensure the data collected is authentic. Some may even uninstall the app on noticing that they are at risk which may inhibit the efficiency of this app (User 008).

Several system specific shortcomings were noted as well. Specifically, bugs within software, issues with one time password registration, and poor user interface and unnecessary use of Bluetooth feature causing frequent power drain were the common system-specific challenges faced by the users. In some reviews, it was also observed that users uninstalled the app due to these issues.

Users also feared certain features of the app could compromise security. Bluetooth which mandatorily requires to be switched on was perceived to be making the device vulnerable to cyber threats. Other issues concerning the trustworthiness of app included privacy of the user, data security, and reliability of self-assessment questions.

Most of the users were optimistic about Arogya Setu app due to its usefulness and acceptance. Expectations were also noted among the users to include the additional features into the app such as geo-location tracking, timely COVID-19 updates, information on red-orange-green zones, and deployment in nonsmartphone platforms. Existing literature suggests that the app primarily supports the syndromic surveillance and has limited features compared to similar apps such as Alipay Health of China and Corona 100 m of South Korea[ 3 ] The inclusion of additional features will improve the usefulness of the app and its adoption in India.

Unfavorable feedback was also observed. These were comparatively less than the positive reviews. Users who posted negative reviews often tend to uninstall the application potentially downplaying the success of the app. The government must focus on fixing the bugs, improving the quality of data collection, and user privacy. Measures need to be in place to ensure the reliability of information provided by the users; therefore, provision for cross-verification of data entered by the users could be crucial.

Limitations

The data used in this study were highly dependent on individual user's experiences rather than structured data collection methods. However, the use of CCA and inductive approach has reduced the bias by developing the coding scheme. The scope of this research was confined to analyzing the reviews of users who used this app and posted their reviews.

Financial support and sponsorship

Conflicts of interest.

There are no conflicts of interest.

Arogya Setu app; combined content analysis; COVID-19; mHealth; technology acceptance

• + Favorites
• View in Gallery

Aarogya Setu - Carrying Your Privacy in Your Hands?

9 Pages Posted: 25 Jun 2020

Tripti Dhar

National academy of legal studies and research (nalsar) university.

Date Written: May 29, 2020

There are numerous benefits of having a data protection legislation in place to guide a nation in how to protect the personal data of individuals. These guiding factors maybe transparency, accountability, ensuring rights of the individuals, listing out organizational measures and the compliance to be undertaken, to name a few. In the current context of having contact tracing apps, it becomes all the more important to have a data protection legal framework. The article seeks to understand the privacy concerns spelled out by the Aarogya Setu App, briefly compare the same with practices across different countries and understanding the need for legislative action concerning the privacy issues. In absence of a legislation, compliance with the privacy principles is not enough. The absence of a national or applicable law that posits data protection principles, provisions and organizational measures, should not permit denial of the basic tenets and continued provision of basic minimum rights of personal data protection and privacy, which must be ensured to all individuals at all times. Finally, it must be borne in mind that the adoption of contact tracing apps will put to test the balance between state surveillance and user privacy. The need of a data protection legislation is very telling in the current times and speaks for itself.

Keywords: Privacy, Contact Tracing Apps, Data Protection Legislation, Data Protection, India

Suggested Citation: Suggested Citation

Tripti Dhar (Contact Author)

3-4-761, Barkatpura Shameerpet Hyderabad, Andhra Pradesh 500027 India

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, information privacy law ejournal.

Subscribe to this fee journal for more curated articles on this topic

Cybersecurity, Privacy, & Networks eJournal

Innovation law & policy ejournal, cybersecurity & data privacy law & policy ejournal, electrical engineering ejournal, industrial & manufacturing engineering ejournal, mechanical engineering ejournal, materials engineering ejournal, materials performance ejournal, electronic, optical & magnetic materials ejournal, computational materials science ejournal.

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

Exploring Factors Influencing the Users' Intention to Use Aarogya Setu Contact Tracing Mobile Health Application during COVID-19 Pandemic

2020, JHSSR Vol. 2 (S) Oct. 2020

The purpose of the study is to explore the cognitive and social factors influencing the usage intention of Aarogya Setu m-health app. This paper draws on extended technology acceptance model (TAM 2) to develop a conceptual framework to explain the factors influencing the usage intention of the Aarogya Setu m-health app. The study suggests a framework which explains the factors such as “Perceived ease of use”, “Perceived usefulness” and “Perceived privacy risk” determines the usage intention of the Aarogya Setu m-health app, where as “Subjective norm” has no impact on usage intention. Four research propositions are postulated to promote the future research.

Related Papers

South East European Journal of Economics and Business

Ammar Almasri

The emergence of mobile health applications (MH-Apps) has enhanced the healthcare field’s services, particularly in the treatment, diagnosis, and follow-up. AMAN Mobile Health Application (AMAN MH-App) is one of the health-tech solutions used to fight the Coronavirus pandemic. It has a built-in feature to track users’ activities to protect users from contacting an infected person. However, the acceptance of AMAN MH-App in Jordan is still in an early stage, and the number of users has reached 15% of the country’s population. Therefore, this study aims to assess the use of AMAN MH-App among young people using the quantitative method. A total of (450) valid samples participated in the study after removing 33 invalid samples. Smart-PLS 3.2.7 was used for data analysis. The findings showed that all independent variables (Perceived usefulness, Perceived ease of use value, Subjective norms, Perceived behavioral control, Information Credibility, and Optimism) positively impact on the depend...

Cyberpsychology, Behavior, and Social Networking

Cato Waeterloos

Edi Purwanto

Journal of Science and Technology Issue on Information and Communications Technology

doan thi lien huong

With the proliferation of the Internet and wireless technology in many areas of people&#39;s life; the use of mobile phones; especially smartphones for health practices and information (mHealth) has increasingly been prevalent. Based on Technology Acceptance Model (TAM) and the Innovation Diffusion Theory (IDT); this study examined the role of mHealth literacy and other factors toward the adoption of wellness apps among the users in Danang city. The results confirmed the impact of mHealth Literacy on (1) intention to use health apps (2) the perceived usefulness and (3) the perceived ease of use. While the perceived usefulness and the perceived ease of use are found to exert influence on the intention of use; the role of privacy and security concerns on intention to use was rejected.

Süleyman BARUTÇU

The acceptance of mHealth (mobile health) apps has been on the increase throughout the world as well as in Turkey. There are two main indicators of mHealth success and acceptance, such as mHealth apps users’ satisfaction level and intention to use mHealth apps. In this context, the factors, including ease of use, trust, privacy, usefulness, and information quality are critical to analyze how they affect the acceptance of the mHealth apps by the Turkish users, and their satisfaction level with mHealth apps. Thus, the main objectives of this study are to (1) to explain how users perceive and use mHealth apps with technology acceptance analysis, (2) investigate whether the usefulness or uselessness of mHealth apps depends on user feelings about mHealth apps, (3) analyze the impacts of ease of use, trust, privacy, usefulness and information quality on mHealth users’ satisfaction and intention, and (4) identify users’ attitudes towards mHealth apps and their satisfaction level with mHeal...

IJASOS- International E-journal of Advances in Social Sciences

Waringin Oon

International Journal For Multidisciplinary Research

Prof Mushtaq Ahmad Darzi

Mobile technologies are changing the way people across the globe are achieving their day-to-day tasks. Mobile health applications or mHealth apps are an example of these technologies that are used by healthcare professionals (HCPs) as well as users/patients alike. This study aims to analyze the adoption of mHealth apps which provide the facility of consulting online with an HCP among the population of the north-Indian states using the prior validated measurement scale of Unified Theory of Acceptance and Usage of Technology 2 (UTAUT2). Following convenience and snowball sampling, data was collected through an online survey using Google Forms. Using Smart-PLS 4, descriptive analysis and structural equation modeling were conducted. Among the five constructs and three moderators undertaken for the study, only three constructs, i.e., performance expectancy, social influence and price value were found to have a significant effect on the behavioral intention to adopt mHealth apps in users/...

Technology in Society

Manindra Rajak

Providing health care services has become a challenge for the government, especially for emerging economies, which face huge resource problems. mHealth (mobile health) has the potential to reduce health-related problems significantly in the long run. It can be used as a preventive healthcare tool also. Despite the potential, minimal studies exist on the technology adoption of mHealth. There have been inadequate studies in the context of India. To find out the domains where studies can be conducted and after a thorough literature review, the study employed the Technology Acceptance Model (TAM) for the smooth running of mobile health services. As a theoretical contribution, this research is an extended version of the TAM, suggested by Davis, through considering six additional variables such as social influence, technology anxiety, trust, perceived risk, perceived physical condition, Resistance to change. To validate the linkages, a close-ended questionnaire was developed after a thorough literature survey. The current study collected 289 valid responses from different mHealth services users. The constructs of the model have been tested in Indian settings by conducting exploratory and confirmatory factor analysis. Further, Structural equation modelling is ably employed to validate the model to suit the Indian requirements. The adoption of mHealth was found to have had an enormous impact on social influence, behavioural intention and trust. The empirical examination showed high predictive power for adop- tion intention of mHealth services and the influential role of these important constructs. The implications for academics and policymakers have been discussed in this study. Finally, the future scope and limitations of the study have been discussed.

Ramanujan International Journal of Business and Research

HEENA KASHYAP

Jarot S Suroso

During the Covid-19 pandemic, many people were worried about coming directly to the hospital to fear being exposed to Covid-19. Therefore, some people prefer to use digital platforms such as mobile healthcare applications to conduct consultations regarding illnesses and purchase drugs or redeeming drugs from prescriptions given by doctors online. The purpose of this study is to determine the factors that influence the use behavior mobile healthcare applications in Indonesia using the UTAUT2 method using the variable performance expectancy, effort expectancy, social influence, facilitating conditions, habit, behavioral intention, use behavior using moderating variables, namely age, gender, and location. The results of the test show that performance expectancy, social influence, facilitating conditions, and habit have a positive effect on behavioral intention. Likewise, the behavioral intention has a positive effect on use behavior.

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

Business And Management Studies: An International Journal

buket bora semiz

JMIR human factors

Valentina Nisi

Saif Rawashdeh

Ameer Fathima Musfira

International Journal of Academic Research in Business and Social Sciences

Nalini Arumugam, (Associate Professor, Dr)

Research Journal of Pharmacy and Technology

Journal of International Technology and Information Management

Mahija Yahaya

International Journal of Online and Biomedical Engineering (iJOE)

Bharuno Mahesworo

Emerging Issues and Trends

Norlia Mustaffa , Pantea Keikhosrokiani

Zenodo (CERN European Organization for Nuclear Research)

Indah Naryanti

International Journal of Technology and Human Interaction

Agnis Stibe

Acceptance of Consumer-Oriented Health Information Technologies (CHITs): Integrating Technology Acceptance Model with Perceived Risk

Dr.Mudita Sinha Department of Management Studies

International Journal of Medical Informatics

Ching Chiuan Yen

Journal of Telecommunication, Electronic and Computer Engineering

Aan Kardiana

Online Information Review

Christian Osakwe

Indian Journal of Community Health

Sabhya Juneja

Marcello Sarini

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

Outline of working of Aarogya Setu app

Similar publications

• Ihsan Amjad Abdulateef

• Recruit researchers
• Join for free
• Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

• Constitutional Law
• Research Column

The Aarogya Setu Application issues – Critical analysis

• July 13, 2020

Aditya Ladha & Samridhi Duggal

Table of Contents

A.    INTRODUCTION

The Aarogya Setu application has had a lot of controversies enveloping it since its very inception. Amidst many allegations and legal instructions, the claims of the app being hacked or a major possibility of the data of its users being leaked caused major disruption in the idea of it being a safe app and having all necessary precautions, as claimed by the Indian Government. Furthermore, it is essential to clarify the tenets of an app being suggested v. a mandatory app, which recently caused a major stir in a district in Noida.

The app, launched on 10 May, 2020 covering a wide ambit of 11 languages, had already crossed the threshold of 10 million downloads within 5 days of its launch, making its accessibility to a very wide audience. With the usage of the Bluetooth technology and a location-generated social graph, the known usage of the app is to inform a user if he/she happens to cross paths with an individual who has been tested positive. Being available on both servers, i.e. IOS and Android, the app aims to promote social distancing, especially with corona positive individuals.

Before dwelling into the legal aspects of the Aarogya Setu app and the debates that revolve around its provisions and violations as per the Indian laws, it is essential to note how the app works and traces the information.

The Aarogya Setu app detects the presence of the corona virus infection using the GPS system and the Bluetooth technology in smartphones. Via the location, it gives the user information of the history of corona virus cases on the basis of distance. The app also provides for a small corona screening test, including the symptoms, their location and contact history which the users can take on their own and could self-test their possibility of being afflicted by the virus. Additionally, while registering the users are also supposed to also enter any past international travel history, so that it could be traced to the already registered corona cases in the country.

Aarogya Setu was introduced in a pandemic, with a very good intention of the Government to control the spread of coronavirus and that beyond the lockdown, general awareness with respect to an Individual’s health is given utmost importance. However, this app attracted various concerns that were addressed under the Information Technology Act, 2000, Constitution of India and general principles of fundamental Human Rights. More so, after the Puttaswamy judgment [1] , and the recognition of privacy as a fundamental right, the app infringes varied legal provisions involving the privacy of the citizens of our country.

The paper aims to establish the legal concerns of the app and address the anticipated question of privacy that has consistently been questioned with respect to the Aarogya Setu app with the help of relevant provisions and judicial precedents.

B.    LEGISLATION PERSPECTIVE

1.     breach of constitutional rights.

Right to Privacy is the Fundamental Right and is protected by the Constitution. [2] Privacy, as has been described in the famous Kharak Singh case [3] , is the part or more likely, a subset of the human dignity and personal liberty. When we talk about the human dignity and liberty, the Constitution of India grants these rights to all the citizens of the country under Part III. Every citizen living in this country has the fundamental right to live with personal liberty and dignity and privacy, on the very onset, forms a part of both of these rights. Human Dignity, is not just an aspect of Article 21 (Right to Life and Personal Liberty), but is also well connected with Equality, which is guaranteed under Article 14 (Right to Equality) and freedoms provided under Article 19 of the Constitution of India [4] . Thus, it can be said that when privacy is the subset of the human dignity, it is also linked with all the three fundamental rights, i.e. freedom, liberty and dignity, falling under the combination of Article 14, 19 & 21. [5] There are two approaches that the State can take with respect to the privacy of an individual. The positive approach means that the State takes all the requisite steps to ensure that the privacy of the individual is intact and is not unnecessarily breached upon whereas, the negative approach means that the restriction on intrusion of State over Privacy of an individual.

When we talk about the intrusion of privacy by the State, it needs to be understood that any law or action of the executive breaching such Right needs to fair, just and reasonable. It needs to pass the Test of Proportionality [6] . As per the test, 3 criteria need to be fulfilled:

• The law or action of the legislative or executive needs to be fair, reasonable and just.
• The aim of the State in passing such law or action must be legitimate.
• The interference should be proportionate to the need.

It must be noted that, when we talk about the law or action passing the abovementioned test, such action or law must also provide a guarantee that there will be no abuse of such interference. The judiciary cannot stop the State on imposing reasonable restriction to the freedom guaranteed under Article 19 as such power is given to them by the Constitution itself. However, it should be kept in mind that such restriction needs to be reasonable.

When we compare the Aarogya Setu Application with the above Constitutional aspects of data privacy, there are many things that need to be noted down. When we see the liability clause of the application, the Terms and Conditions clearly states that the Government will not be liable for the “ inaccurate identification of the infected person ” and the “ inaccuracy of the information ” provided by the in-built server of the Application. [7] This poses a very simple question as to what measures are taken by the Government to stop spreading of fake news.

The Terms and Condition of the app goes on to say that the Government of India will not be liable for any “ unauthorized access ” to the information of the users. [8] When an individual trusts the State with its data, the trust develops on the very foundation that the data provided by him/her will be safe and will not be used for any illegitimate purpose. Data privacy and protection needs to be ensured at every step of such a big project. [9] By adding on to this clause, it creates a suspicion in the mind of the users with respect to the data protection. Though there is a clause of Privacy Policy in the Application, which talks about the data encryption [10] , it needs to be noted that it is nothing except the weak assurance to the public that the data is safe. In reality, the encryption does nothing to do away with the privacy issue.

Though the app suggests that the information of the application will be used by the Government in anonymized, aggregated manner for the purpose of generating reports and heat maps [11] , it also says that the data will be shared with “ other necessary and relevant persons ” for “ necessary medical and administrative intervention ” [12] , which depicts that the data can be subject to the inter-departmental exchanges. The policy is not at all clear as to who these other necessary and relevant personnel are and what all is included in the term administrative intervention. Also, though the applications privacy policy suggest that the data will not be disclosed to any 3 rd party [13] , a co-joint reading of the clause 1(b) tells that the information of one user is securely placed in the mobile device of the other user when they come in contact with each other, while the Bluetooth is on. This, however, puts the data of the users at risk as there are chances that the other person, with enough technical knowledge and know-how, might implant bugs and viruses in the mobile device of the user. Thus, this clearly violates the Right to Privacy under Article 19 and 21 of the Constitution of India.

As per the recent news reports, the Central Government mandated the use of Aarogya Setu Application for both the public as well as private sector workers, during the third phase of lockdown, which was implemented from May 1 st , 2020 to May 17 th , 2020 [14] . Though, during the 4 th phase of the lockdown, the mandatory clause regarding the usage of the application was changed to the Advisory clause of usage [15] , still there are millions who registered themselves on this application. Thus, it becomes important to discuss the breach of Constitutional Rights of those individuals, who registered themselves on the application solely due to its “ mandatory clause ”. As per the Terms of Use of the app, the terms of the application are subject to continuous amendment and failure to comply with any of these amendments will lead to restriction to use the app. [16] A co-joint reading of the above lines show that once the use of the app is mandated, the user will be forced to give consent to the terms and conditions, which in turn can hamper the privacy of the user and is therefore, unconstitutional as it takes away the Right to Consent from the individual, which have been granted to him under Article 21 of the Constitution of India. [17]

The privacy policy states that, “ all the personal information collected under clauses 1(b), 1(c) and 1(d) will be retained on the mobile device for a period of 30 days from the date of collection, if it has not been uploaded on the server. ” [18] Now, when any user of any application uninstalls that particular application, it is deemed that such user withdraws the consent already given to the Terms and Conditions of such application. In the present case, even after the uninstallation, which means withdrawal of the already given consent, the data will be present [19] in the mobile device of the third party, without the consent of the user, violating the Right to Consent, provided under Article 21 of the Constitution. [20]

The above issues in the app do not pass the test of proportionality as it does not guarantee that there will be no data leakage. Along with that, the presence of data of the user on the mobile device, even after uninstalling the application, violates the 3 rd point of test, where the extent of interference is more than required. There are no proper safeguards along with the application that ensures that in no case there is a threat to the data of the individual. Thus, it can be said that mandating the use of Aarogya Setu application in the public and private sector violates the Fundamental Right of Privacy, which is enshrined by the combination of Article 14, 19 and 21 of the Constitution of India, and is thus, unconstitutional.

The Supreme Court held that the apprehension is mere fear or anxiety of something happening. A policy or law or action of the executive cannot be shelved merely on the grounds of apprehension, if it caters to the larger social interest and outweighs the personal claim of privacy. [21] Thus, it can be said that if the State ensures that there will be no data leakage, a law by the legislation or action of the executive, along with the reasonable restrictions, can be passed and stands valid.

2.     Information Technology (IT) Law violations

During a webinar organized by an advocacy group, Former SC Judge, Justice Srikrishna revealed his concerns with the use of Aarogya Setu application, which was made mandatory by the Central Government, for the employees of public sector as well as private sector, during the third phase of lockdown (i.e., 03 rd May, 2020 to 17 th May, 2020). He said that the mandatory use of this app causes more concern in the minds of people, as opposed to the benefits. [22] Justice Srikrishna, the head of the Srikrishna Committee, which proposed the Draft Personal Data Protection Bill, 2018, is considered to be a pioneer in the data protection and privacy laws. Though the Bill is still pending in the Parliament, awaiting the assent of both the houses, to be enacted and enforced as an Act, it aims at improving the Data Protection laws and monitoring the surveillance in India.

When we talk about the data privacy and protection, there are several aspects in the IT Law as well which gets violated on mandating the use of Aarogya Setu application. These violations not only concerns with the processing of the data collected, but also raises serious questions with respect to the retention of data so collected, even after the application has been uninstalled from the smartphone of the registered user. For the purpose of the same, the researchers, in this paper will be analyzing the IT Act [23] and the Personal Data Protection Bill, 2018 [24] and look upon the provisions, which gets violated with the use of the application being mandated.

a.     Information Technology Act, 2000

As per the definitions given under Section 2 of the Information Technology Act (hereinafter, IT Act, 2000), the intermediaries , in reference to the electronic records, have been defined as anyone, who himself or on behalf of someone else, stores or transmits the electronic records mentioned above or provides any service with respect to the mentioned records. [25] The intermediaries include several key players such as telecom service providers, web hosting service providers, cyber cafes, etc. [26] When one analyzes the definition given above, the mobile application service providers also tend to fall in the definition of intermediaries. The mobile applications, as per Mr. Salman Waris, Partner at Tech Legis Advocates and Solicitors, thus fall under the ambit of intermediaries as per IT Act, 2000. [27]

The IT Act also contains the provision with respect to the compensation in case there is a failure to protect the data so provided by any individual. [28] As per Section 43A, in case the body corporate fails to protect the sensitive personal data or the information so possessed by it, and is negligent in implementing the reasonable security measures, which consequently results in a wrongful gain or loss, the body corporate is held liable to pay the damages to the affected person, by way of damages.

Now, when we look at the Liability Clause of the Aarogya Setu application, it clearly states that the Government of India will not be held liable for any unauthorized access to the data of the registered users. [29] When Section 2(w) and Section 43A of the IT Act are co-jointly read, it becomes very clear that the intermediary, in this case, the Aarogya Setu App (services provided by NIC, which comes under the Government of India [30] ), will be held liable in case of data breach or mishandling of the data of the individual. Thus, Clause 6(d) of the Terms of Service of the application is the clear violation of Section 43A of the IT Act, 2000.

IT Act, 2000 also provides that the intermediaries can be exempted from the liability in certain cases. [31] However, looking at the pre-conditions, it becomes certain that the Aarogya Setu App does not fall under this category as it says that the intermediary is not liable when a third party data or communication is made available or hosted by it. It also says that in order to be exempted from the liability, the intermediary needs to observe due diligence while discharging its duties. [32] The duties of the intermediary also involve its duty to not disclose any personal information, which have been provided in terms of contract, as under Section 72A of the IT Act, 2000. [33] It has been held by the Delhi High Court that the presence of any active participation by the intermediary can take away their protection present under the exemption of liabilities. [34] Thus, in the present scenario, even if the Government of India tries to evade their liability in case of unauthorized access to the personal data of the users [35] , it cannot do so as it does not fall under the protection provided by the IT Act, 2000 [36] , where certain intermediaries are exempted from the liability.

b.     Personal Data Protection Bill, 2019

In order to lay down a global digital landscape in this highly digitalized era, it is much needed that a proper legal framework should be laid down by India [37] and to serve this purpose, the Personal Data Protection Bill was formulated. Further, the need was also felt after the famous K.S. Puttaswamy judgment [38] , in which the Right to Privacy was considered as a Fundamental Right. The Directive Principle of State Policy, as mentioned in the Constitution of India, also holds that it is the duty of the State to lay down laws, which serves for the common good of the people. [39] Thus, it becomes very important to analyze the Aarogya Setu application with respect to the Personal Data Protection Bill, 2019 (Hereinafter, the Bill) as it is the first dedicated legislative framework, with respect to the Data Protection, in India.

As per the Bill, the person or the individual, to whom the data relates, is said to be the Data Principal . [40] When any person, which also includes the State, who in conjunction with others or alone, process the data of the Data Principal or determines the means to process such data, is known to be the Data Fiduciary . [41] Thus, in the present scenario, the individuals downloading the Aarogya Setu application are the Data Principal and the State (Government of India), the Data Fiduciary.

When it comes to defining the Personal Data of the individual, it can be defined as any data, which is related to the individual and such individual can be directly or indirectly identified with the help of such available data. [42] Any accidental or unauthorized disclosure, use or alteration to such personal data, which subsequently compromises the confidentiality of the Data Principal, is defined as a Breach of Personal Data under the Bill. [43] Now as far as the Personal Data is concerned, certain aspects of the Personal Data has been further classified as the Sensitive Personal Data in the Bill. The Sensitive Personal data also includes the health data of Data Principal. Therefore, applying the abovementioned definitions in the present scenario, any breach of data, of the registered users, in the Aarogya Setu application, shall be considered as the Breach of Sensitive Personal Data and the handler of such data, in the present case the Government of India, will be held liable under Section 43A of the IT Act, 2000. Further, the Bill also holds the Data Fiduciary responsible for any processing of data, either undertaken by the Data fiduciary itself or on its behalf. [44] Thus, by mere insertion of the Liability Clause stating that the Government of India will not be liable for any unauthorized access [45] , cannot help the Government in evading the liability and thus the compensation has to be paid to the Data Principal in case of such breach.

Moving towards the provision regarding the retention of data in the Bill, it clearly states that the Data Fiduciary shall not retain the data of the Data Principal for a longer period, unless explicitly consented to by the Data Principal or is deemed necessary as an obligation under any law during that time. [46] Further, the Data Principal has the right to the erasure of Personal Data, when such data is no longer needed for the purpose of which it was processed in the first place. [47] When the data is approved for erasure, the Data Fiduciary shall notify all the relevant authorities, with whom such data was shared initially. [48] When we look at the Privacy Policy of the Aarogya Setu Application, it clearly states that all the information collected from the user at the time of registration, will be retained as long as the account on the application remains in existence [49] , which is a clear violation of the above mentioned provisions of the Bill. [50] Similarly, there is no where mentioned in the application as to what will be done with the data, once the user uninstalls the application and why the data will be retained by the Data Fiduciary for a period of 30 days. [51] Further, it is pertinent to note that nothing has been mentioned with respect to the data shared with the “ relevant authorities” [52] , in case, the user exercises his Right to erasure of the registered data under the Bill. [53]

Though the application violates many provisions of the IT Law, it must be noted that the anonymization of data of the individuals is the clause in the Terms of Use of the Application, which clearly goes hand in hand with the Personal Data Protection Bill, 2019. Thus, there are so many loopholes which ought to be considered, in order to do away with the concerns regarding the Data Protection and Data Privacy of the registered users.

3.     Human Rights Violations

Right to privacy has been enshrined in the International Treaties and Covenants from the very beginning. This right is identified as the basic human right, which should be available to the individuals, by the virtue of being a human being at the very instance. When we talk about the Universal Declaration of Human Rights (hereinafter UDHR) and the International Covenant on Civil and Political Rights (hereinafter ICCPR), both the Covenants recognize the Right to Privacy not only as a basic, but special Human Right, violation of which can cause legal repercussions.

UDHR states that the no individual shall be subject to any arbitrary interference, when it comes to his privacy. [54] Similarly, the ICCPR holds that in case the Right to Privacy of an individual has been interfered with arbitrarily, the individual can seek remedy under law against such interference. [55] It also holds that in case the data so been collected have been collected or processed wrongly or against the provisions of law, the concerned individual has the Right to request immediate elimination or rectification of such data. [56] In 2013, the United Nations General Assembly, in a resolution, mentioned the requirement that the Government, while collecting or processing the data of the individual, must comply with their obligation with respect to the security of the public data and such compliance shall be in accordance to the International Human Rights regime. [57] It should be noted that India is signatory to the above mentioned Treaties and the Covenants and thus, under the DPSPs provided in the Constitution, it is required to respect and uphold the obligations under the international law. [58]

The controversy, which stirred with the argument of Senior Advocate Mukul Rohatagi, that the Indians do not have the Right to Privacy as a Fundamental Right, forced the Supreme Court to answer the issue, which was need of the hour. The Supreme Court, with respect to the inalienability of the Right to Privacy, held that the Right to Privacy is available to an individual from the very instance of him being a human being and thus, when such Right is read in consonance with Article 21 [59] , it becomes very clear that such a right is inalienable and thus, cannot be taken away from the individual.

When the use of the application was mandatory by the Central Government during the 3 rd phase of the lockdown, it can be said as the forceful interference within the ambit of a person’s privacy, and the constant surveillance by the way of application being mandated was a serious threat to an individual’s freedom of movement [60] and right to life & liberty [61] . Though the app has been developed with the intention to help the people of India in these tough times of pandemic, the lack of transparency on the part of Government on previous instances causes suspicion in minds of people. [62] Thus, the application causes serious human rights violation.

C.    GOVERNMENT’S LIABILITY

Data breaches and leakages have been common news since the internet technologies have escalated their prospects. With the changing dynamics of the Aarogya Setu application from being mandatory to an optional precaution, understanding the liability of the Government with respect to the usage and in a prospective leak of data is essential public knowledge.

The Questions of the liability of the Government were brought forward by legal experts when it was made compulsory during the third phase of the lockdown. [63] Claimed to have been developed with the best internet practices, the tweet regarding security concerns by a French Hacker, hustled the questions on the privacy policies of the Application even more.

According to the Terms and Conditions of the App [64] , it is stated that the “ users acknowledge and agree that the Government of India will not be liable for any unauthorized access to your information or modification thereof ” [65] This clause is generally used to indemnify companies and institutions, and in this case aims to indemnify the Government in case of an unauthorized access to the personal information of its users. Conveniently enough, this clause also aims to protect the Government of any future liability that may arise in a case of data breach of any sort, irrespective of the Government being responsible for the introduction of the application and witnessing millions of downloads on a daily basis.

The National Informatics Centre (NIC), being the application service provider owes to its credit, the development and encryption of the Aarogya Setu Application. The application requires the users to insert their personal and private information [66] on to the NIC server, which then enables this contact tracking device to function properly. NIC, under the Government Ministry of Electronics and Information Technology falls under the definition of an “intermediary” [67] as per the IT Act, 2000. Even under clause 2(13) of the proposed Personal Data Protection Bill, 2019 [68] the Government of India is a data fiduciary and has to necessarily comply with the obligations of data privacy set out for them. [69] The summary of the aforementioned references is that the NIC, being the intermediary in this case is obligated to ensure the security of the data collected and shall be held liable for the loss of it under the intermediary guidelines. [70] The same was also upheld by the Delhi High Court, where it clearly establishes the principle that if an intermediary plays a direct role in the disputed disposition, it shall be held accountable for any breach. [71] Holding NIC accountable would automatically make the Government also liable for such data leakage, as it falls under the ambit of the Government and its activities. [72] The same logic is also legally supported by Section 43A of the IT Act [73] , wherein it is stated that anybody dealing with the sensitive personal data fails to comply with the privacy norms shall be liable and bound to pay adequate damages, which in this case, is the NIC backed by the Government of India.

We cannot aim to properly dwell into the liability of the Government without a proper analysis of the privacy policy encapsulated in the Aarogya Setu application. The application is based out of the purpose limitation principle. [74] This principle recorded under Article 5(1)(b) of the GDPR aims on a general underlying base that the data collected by any source for a specific purpose should not be used for any other purpose. [75]

In this case, the data being collected by the application is ideally limited to the identification and reduction of the Covid-19 disease. Key highlights of the privacy policy of the application are as follows:

• The personal data should be used only for generating reports, heat maps, and other statistical analogies for the purpose of management of Covid-19 in the country. [76]
• It is claimed that the app is equipped with standard security features. [77]
• It is specifically mentioned that the data would not be disclosed or transferred to any third party under any circumstances [78] and a data retention limit between 30-60 days is also stipulated in the application. [79]

In simpler terms, the data that is recorded via the medium of this app, should not be used for any other purpose beyond the extent of Covid-19. Interestingly, branched out in the lieu of a pandemic and with specific limitations and restrictions, the terms and conditions and the privacy policy of the application contradict each other at a fundamental level, which even, to some extent defies the purpose of limitation principle. Clause 4 states [80] that while the users tap the “I agree” option while downloading the app, they consent to the collection and use of their personal data and can revoke the usage of the same via switching off the Bluetooth option or uninstalling the application from their smartphones. However, clause 3 [81] states that even post the cancellation of one’s registration, the data shall remain on the server for a period of 30 days, in case of a non-positive user, 45 days for a tested positive, but cured user and a reasonable time, on a “case-to-case” basis. Consent has always been a very subjective term in our legal dictionary, but to simplify it, does uninstalling the application from my personal device not amount to a withdrawal of consent? When the permission to use the inserted data is withdrawn by the user, how is its usage and rotate is not an invasion of the user’s privacy, which, as already adjudged is a fundamental right of all citizens of our country.

A common thing in most of the telecasted debates is how the people are comparing this Aarogya Setu application to the Aadhar Case. One of the arguments brought up during the pleadings was how Indians did not have the fundamental right to privacy. The Puttaswamy Judgment, in pure culmination addressed the question and stated that “ it is only the ability of an individual to protect a zone of privacy, which enables a complete realization of the full value of life and liberty. ” [82] Additionally, Clause 6 [83] addresses the “liability” tangent of the application and states that the Government shall not be liable for a failure of the app or the accuracy of the information so provided. Moreover, determining an individual’s geographical location, name, phone number are all mostly the personal data of the individuals, asking for which, cannot be made mandatory, nor can it be dealt with carelessly with a no-liability clause making a clear cut escape for any breach or mishandling of stored data.

The General Public might be confused with the perception, that the Aarogya Setu Application is a product of the Information Technology Act, however, since this application was drafted for and introduced during a pandemic, it is developed under the wide umbrella of the Indian Disaster Management Act. It must also be noted that the Indian Disaster Management Act [84] allows adequate measures and data collections via the Government in order to prevent disasters. COVID- 19, as a pandemic easily passes as a disaster and the introduction of Aarogya Setu, with the intention to control this pandemic, affirms with the long term goals of the Government.

In correspondence with the abovementioned data collection, it must also be kept in mind that the violation of fundamental rights cannot be accepted via any medium is a judicial perception, which lays one of the tombstones of our faith and belief in the Indian Judicial System. Via the virtue of the 44 th Constitutional Amendment [85] and the reversal of the erroneous judgment delivered in the ADM Jabalpur Case [86] , it is very clear that fundamental rights of the citizens cannot be done away with and the Disaster Management Act is no exception to this. Part III of the Constitution explicitly states that the justification of a violation of our fundamental rights necessarily requires an existing law authorizing the same. [87] The NDMA cannot be this existing law in the current pandemic, because it fails to lay down a basic structure of varied circumstances, limitations and execution models. If the NDMA is accepted as the law that can indeed, be accountable for violating the privacy of the citizens, the Government, in a hypothetical situation, can do absolutely anything in the situation of a disaster and India would be facing another Emergency situation. [88]

The legal requirement of introduction and implementation of the application, even though falls clearly under the wide ambit of the powers granted to the National Disaster Management Authority [89] , however, it still fails to stand clear on the tests of need and proportionality. [90] Is there a need to invade the privacy of the users? Or is controlling the corona pandemic equally proportionate to risking the personal data of millions of users while making it mandatory are questions that need to be addressed via a legislative mindset. The Aadhaar Judgment highlights also the fact that beyond the test of proportionality, if a breach of privacy, or any fundamental right is witnessed, the onus to disprove the same lies on the State. Similarly, if the Government claims that there is no invasion of privacy and that there would not ideally be a data breach, they should prove it with legislature, how the violation is non-existent and the liability in case of a future data misuse.

While addressing the question of liability of the application, the two things that must be kept in mind are that the application involves the usage and processing of private and even sensitive personal data [91] and since the application has been made in lieu of a pandemic and not directly under the IT Act, invoking Sections 43A and 72 in order to prove the liability and probable damages for the same may not be considered as reasonable best options. [92] It can also be argued that the challenged disclosure was made under the regulation or subjected to prior approval [93] , however, the same does not exempt the liability of the Government in case of withdrawn consent or breach of personal sensitive data. Hence concluding, that even though the application was not made under the IT Act, the DMA is not a competent legislation to adjudicate the matters coming on this pretext, such as data leakage or breach of the stored and deposited data, hence the IT Act is capable of administering the same and addressing all claims of liability and damages.

When the application was made mandatory during the 3 rd phase of the lockdown or even when it was presented as an advisory during the 4 th phase of Lockdown, the question of the Government’s liability in a prospective case of data breach cannot be addressed in terms of black and white. The clash of human life versus the fundamental rights that make a human life worth it essentially lies on the concept of interdependence. The Government’s steps to control the pandemic and save India from a situation that is beyond our predicament, is laudable however, the application that aims to serve as a tool to control this pandemic is legally flawed and despite best intentions, in case of an infringement or breach, the Government of India should ideally be held accountable for the same. In accordance with the research analyzed above, it can be concluded that the Government does owe a liability and the no-liability clause in the privacy policy of the application does not indemnify it against its responsibilities. However, the extent of the Government’s liability cannot be predicted and is awaited via a proper legislative analysis.

D.    INTERNATIONAL PERSPECTIVE

While the Aarogya Setu application is prevalent in India, there are other countries as well, who are using the similar applications in an effort to minimize the effect of Covid-19, in their respective countries. However, there has been a split between the types of apps that the countries are using. There are two models of apps, the centralized version and the decentralized version. The centralized version holds the gathered data in the centralized server, whereas in the decentralized version, keeps the data on the user’s phones and it is on their phone, that the matches are made if one comes in contact with the Covid-19 patients. However, it is pertinent to mention that both of these applications use the Bluetooth signals of the smartphone. [94]

Countries like UK, India, Norway, etc. use the centralized model of the application. This gives the authorities an insight into the data of the registered users, which in turn risks the privacy of the individuals. However, there are countries like South Korea as well, which has not used the concept of contact tracing and has still managed to flatten the Covid-19 curve. However, the surveillance system in South Korea worked a bit differently, and during the initial times, the Government release too much of data, and thus, it resulted into revealing the identity of the patients, who subsequently got harassed. [95]

The decentralized model of the application has been developed by Apple and Google together. [96] However there has been a problem in the contact tracing due to the restriction on the use of Bluetooth by Apple in the iPhone.

A table has been displayed on the website of The Hindu , which has used several grounds to evaluate the contact tracing applications, used worldwide, by different governments, [97] such as transparency, mandatory installation, etc. The table shows that the countries like China, Turkey and India raises concerns with respect to the data privacy because the answer to at least three above mentioned grounds is NO. Thus, the data privacy of several individuals being at risk is a serious concern worldwide and it the issue is of utmost important, and therefore, needs to be answered urgently, along with relevant rectifications.

E.    AUTHORS’ NOTE

The authors, via this Research Paper nowhere discredit the efforts of the Government to minimize and control the pandemic. It deeply addresses the anchors of legislative flaws in the Application and seeks to look forward to a legalized redressal system and a prepared mechanism in case of a data breach. Upholding the principles of transparency, the validation of Constitutional Fundamental Rights and democracy in general lay the foundation of our judicial system.

The Aarogya Setu Application, which is drafted on the broken limb of NDMA fails to bear the review of the honest test of proportionality and the onus to prove the authenticity and legality of the same, falls on the shoulders of the Government. An invasion or threat to privacy is a serious question that must be calculated and judicially supported, even during a pandemic.

The application, when read with the Puttaswamy judgment, should have been legally backed by a specific law. With least infringement, it should have been proportionate to the sought objective. The questions of is the invasion of the user’s privacy absolutely necessary to control the Covid Disease and which redressal form do the users approach in case of a breach are stranded on the shreds of the Government’s shoulder, which need to be answered via a capable legislation or amended clauses.

Despite commendable efforts of the Central Government, the questions of liability and accountability must be addressed effectively. While addressing the concerns under the Constitution, IT Act, and general principles of human law, having a more transparent approach, exemption/amendment of the no-liability clause and full disclosure of the security, encryption features as may be deemed fit can be some of the steps to address this invasion and maintain a stable control of fundamental rights and the pandemic. With high hopes with the Petition pending in the Kerala high court, it is concluded, that despite being a great leap for safety and prevention, the application needs to address the elephant in the room and establish a system where there is least intrusion and no violations, while also addressing that the creators and promoters of the application shall be accountable for a breach of their sensitive personal data.

F.     BIBLIOGRAPHY

1.     statutes.

• Constitution of India, 1949
• IT Act, 2000
• Personal Data Protection Bill, 2019
• Universal Declaration of Human Rights
• International Covenant on Civil and Political Rights
• Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
• National Disaster Management Act, 2005

2.     Judicial Precedents

• K.S. Puttaswamy & Anr. (Privacy) v. Union of India, (2017) 10 SCC 1
• K.S. Puttaswamy & Anr. (Aadhar) v. Union of India, (2019) 1 SCC 1
• Shreya Singhal v. Union of India, (2015) 5 SCC 1
• Christian Louboutin Sas v. Nakul Bajaj, (2018) 253 DLT 728
• ADM Jabalpur v. Shivakant Shukla, (1976) 2 SCC 521
• Awadesh kumar Paras Nath Pathak v. State of Maharashtra, Cr. Appl. No. 2562 of 2019

3.     Online News Websites and Blogs

• timesofindia.com
• moneycontrol.com
• deccanherald.com
• economictimes.com
• whitecase.com

4.     Resolutions and Committee Report

• Justice B.N. Srikrishna Committee Report on Draft Personal Data Protection Bill, 2019
• General Assembly Resolution No. 68/167

[1] K.S. Puttaswamy & Anr. (Privacy) v. Union of India, (2017) 10 SCC 1

[2] Supra Note 1

[3] Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295

[4] K.S. Puttaswamy & Anr. (Aadhar) v. Union of India, (2019) 1 SCC 1

[5] Constitution of India, 1949

[6] Supra Note 1

[7] Clause 6(c), Limitation of Liability, Terms of Service, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[8] Clause 6(d), Limitation of Liability, Terms of Service, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[9] Supra Note 4

[10] Clause 5, Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[11] Clause 1(a), Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[12] Clause 6, Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[14] Coronavirus Pandemic | Aarogya Setu app mandatory for govt, private sector employees , available at https://www.moneycontrol.com/news/india/coronavirus-pandemic-arogya-setu-app-mandatory-for-govt-private-sector-employees-5213901.html , last accessed on 17/05/2020 at 10:25 a.m.

[15] Aarogya Setu: MHA dilutes Mandatory imposition; says employer on ‘Best Effort Basis’ should ensure Use of App by employees with ‘Compatble Mobile Phones’ available at https://www.livelaw.in/top-stories/aarogya-setu-mha-dilutes-mandatory-imposition-156921 , last accessed on 20/05/2020 at 03:36 p.m.

[16] Terms of Use, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[17] Supra Note 1

[18] Clause 3(b), Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[19] Clause 4(b), Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[20] Supra Note 1

[21] Supra Note 4

[22] “It causes more concern to citizens than benefits”: Justice B.N. Srikrishna says, “Mandating the use of Aarogya Setu app is utterly illegal” by Akshita Saxena, on 12/05/2020 at 01:48 p.m., available at https://www.livelaw.in/top-stories/justice-bn-srikrishna-says-mandating-the-use-of-arogya-setu-app-is-utterly-illegalwatch-video-156629 , last accessed on 20/05/2020 at 04:24 p.m.

[23] Information Technology Act, 2000

[24] Bill No. 373 of 2019

[25] Section 2(w) of the IT Act, 2000

[27] Legal Experts point out the liability concerns with the Aarogya Setu App , by Anandi Chandrashekhar and Surabhi Agarwal, The Economic Times, available at https://economictimes.indiatimes.com/tech/software/legal-experts-point-out-liability-concerns-with-the-aarogya-setu-app/articleshow/75561944.cms , last accessed on 20/05/2020 at 04:53 p.m.

[28] Section 43A of the IT Act, 2000

[29] Clause 6(d), Limitation of Liability, Terms of Service, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[30] As per the details of the application given in the Google Play Store

[31] Section 79 of the IT Act, 2000

[32] Section 79(2)(c) of the IT Act, 2000

[33] Shreya Singhal v. Union of India, (2015) 5 SCC 1

[34] Christian Louboutin Sas v. Nakul Bajaj, (2018) 253 DLT 728

[35] Supra Note 7

[36] Supra Note 31

[37] A Free and Fair Digital Economy, Protecting Privacy and Empowering Indians: Justice B.N. Srikrishna Committee Report

[38] Supra Note 1

[39] Part IV, Constitution of India, 1949

[40] Section 2(14) of the Personal Data Protection Bill, 2019

[41] Section 2(13) of the Personal Data Protection Bill, 2019

[42] Section 2(28) of the Personal Data Protection Bill, 2019

[43] Section 2(29) of the Personal Data Protection Bill, 2019

[44] Section 10 of the Personal Data Protection Bill, 2019

[45] Supra Note 8

[46] Section 9(2) of the Personal Data Protection Bill, 2019

[47] Section 18(1)(d) of the Personal Data Protection Bill, 2019

[48] Section 18(4) of the Personal Data Protection Bill, 2019

[49] Clause 3(a), Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[50] Supra Note 47

[51] Supra Note 19

[52] Supra Note 12

[53] Supra Note 48

[54] Article 12 of the Universal Declaration of Human Rights

[55] Article 17 of the International Covenant on Civil and Political Rights

[56] General Comment No. 16 to Article 17 of the International Covenant on Civil and Political Rights

[57] The Right to Privacy in Digital Age , General Assembly Resolution No. 68/167, adopted on 18/12/2013, available at https://undocs.org/pdf?symbol=en/a/res/68/167 , last accessed on 24/05/2020 at 05:43 p.m.

[58] Supra Note 5, Article 51

[59] Supra Note 5

[60] Article 13(1) of the Universal Declaration of Human Rights

[61] Supra Note 5, Article 21

[62] Would Narendra Modi please care to answer some questions about PM-Cares?, Manoj Harit, available at https://thewire.in/government/pm-cares-covid-19-fund-narendra-modi , last accessed on 24/05/2020 at 06:00 p.m.

[63] Aarogya Setu app mandatory: Who all must download the app right away , Techdesk, The Indian Express, available at https://indianexpress.com/article/technology/social/aarogya-setu-app-mandatory-contact-tracing-app-6389284/ , last accessed on 17/05/2020 at 12:30 p.m.

[64] Clause 7, Terms of Service, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[65] Legal experts point out liability concerns with the Aarogya Setu app , Anandi Chandrashekhar and Surabhi Agarwal, available at https://economictimes.indiatimes.com/tech/software/legal-experts-point-out-liability-concerns-with-the-aarogya-setu-app/articleshow/75561944.cms?from=mdr , last accessed on 23/05/2020 at 01:00 p.m.

[66] The nature of the personal information provided in the application, complies adequately with the definition provided under Section 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive personal data or information) Rules, 2011

[67] Supra Note 25

[68] Supra Note 41

[69] Data Privacy & Aarogya Setu Covid-19 app, Rupali Bandhopadhya and Arun Gupta, available at https://timesofindia.indiatimes.com/blogs/voices/data-privacy-aarogya-setu-covid-19-app/ , last accessed on 23/05/2020 at 2:30 p.m.

[70] Supra Note 34

[72] Section 67C, Information Technology Act, 2000

[73] Supra Note 28

[74] Clause 2(a), Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[75] Chapter 6: Data Protection Principles – Unlocking the EU General Data Protection Regulations , available at https://www.whitecase.com/publications/article/chapter-6-data-protection-principles-unlocking-eu-general-data-protection , last accessed on 24/05/2020 at 2:30 p.m.

[76] Supra Note 74

[77] The word, claimed, is written herein because nowhere in the privacy policy have these standard features of protection and security been mentioned or specified. Moreover, the adapted encrypted security mechanisms have also not been mentioned in the privacy policy of the app.

[78] Supra Note 12

[79] Clause 3, Privacy Policy, Aarogya Setu Application, available at https://static.swaraksha.gov.in/privacy/ , last accessed on 17/05/2020 at 01:00 p.m.

[80] Clause 4, Terms of Service, Aarogya Setu Application, available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[81] Supra Note 79

[82] Supra Note 1

[83] Clause 6, Terms of Service, Aarogya Setu Application , available at https://static.swaraksha.gov.in/tnc/ , last accessed on 17/05/2020 at 12:45 p.m.

[84] Section 36 of the Disaster Management Act, 2005

[85] The 44 th Constitutional Amendment, 1978

[86] ADM Jabalpur v. Shivkant Shukla (1976) 2 SCC 521

[87] Part III of the Constitution of India, 1949

[88] Reference to the Emergency that was declared by our late prime minister, Mrs. Indira Gandhi, from 25 June, 1975 till 21 March, 1977

[89] Section 6(2)(i), The Disaster Management Act, 2005

[90] In the Puttaswamy Judgment, a clear threefold standard testing procedure was established, which laid down the tenets of invasion of privacy by the Government. The test was that of, Legality, Need and Proportionality.

[91] Section 3, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

[92] Misuse of Aarogya Setu Data: Addressing the question of liability, Kunal Kishore Bilaney, available at https://thelawblog.in/2020/05/09/misuse-of-aarogya-setu-data-addressing-the-question-of-liability/ , last accessed on 24/05/2020 at 07:20 p.m.

[94] Coronavirus contact-tracing: World split between two types of apps , Cristina Criddle and Leo Kelion, available at https://www.bbc.com/news/technology-52355028 , last accessed on 24/05/2020 at 10:30 p.m.

[95] Coronavirus contact tracing app means spying, end to data privacy , Bloomberg opinion, available at https://www.deccanherald.com/opinion/coronavirus-contact-tracing-apps-mean-spying-end-to-data-privacy-835786.html , last accessed on 24/05/2020 at 10:47 p.m.

[96] The Apple Google contact tracing system won’t work. It still deserves a praise. , Jennifer Daskal & Matt Perault, available at https://slate.com/technology/2020/05/apple-google-contact-tracing-app-privacy.html , last accessed on 24/05/2020 at 10:50 p.m.

[97] Data | How safe is Aarogya Setu compared to Covid-19 contact tracing apps of other countries? , The Hindu Data Team, available at https://www.thehindu.com/data/how-safe-is-aarogya-setu-compared-to-contact-tracing-apps-of-other-countries/article31618852.ece , last accessed on 24/05/2020 at 11:00 p.m.

• aarogya setu app
• aarogya setu app privacy issues

A wonderful piece of legal research in the present context. The research article is reader friendly and crystal clear with enough substantiations and explanations !

Leave a Reply Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.

Notify me of new posts by email.

LexForti Legal News Network

LexForti Legal News and Journal offer access to a wide array of legal knowledge through the Daily Legal News segment of our Website. It provides the readers with the latest case laws in layman terms. Our Legal Journal contains a vast assortment of resources that helps in understanding contemporary legal issues.

A violation of Right to Privacy- Aarogya Setu app

Contact us for Legal Drafting and Reviewing