Others

Surveillance vs Privacy – Balancing The Act During The COVID-19 Crisis

By 05/12/2020May 14th, 2022No Comments

Surveillance vs Privacy – The Act During The COVID Pandemic

Over 3 billion pieces of data were leaked, admitted Yahoo! in 2016. At the time, it was ranked as the largest data breach in history. This incident followed by data breaches by Facebook, LinkedIn, and MySpace, to name a few, lead us to a larger question – whether technological advancement and privacy can be allies?

The ongoing COVID-19 pandemic has engulfed over 100 countries, with over 20,000 infections and 650 deaths in India, and the government in its efforts to contain the pandemic has placed reliance on technology. So in times such as now, an appropriate adaptation would be – Roti, Kapda, Makaan our Privacy.

The Ministry of Electronics and Information Technology recently launched the ‘Aarogya Setu’ App – meant for contact tracing and information dissemination – which is designed to trace, notify, and provide medical support to those who have come in contact with COVID-19 patients.

However, the App has been heavily criticized for its non-compliance with data protection policies, accountability, and transparency, all of which are essential for privacy protection.

Another major setback is that the App is beneficial contingent on a few conditions – many people have the app installed, have the app running, with Bluetooth, and are location-enabled. But in a country where smartphones are a luxury, meeting the aforesaid prerequisites may be unviable leading to questions about the App’s effectiveness.

Further, experts believe that ratcheting up surveillance and population tracking to fight the virus now, could permanently open the doors to more invasive forms of prying later. More likely than not, the government and law enforcement agencies may have access to sophisticated surveillance mechanisms such as geo-location tagging, and facial and biometric recognition, much after the dust over the pandemic settles.

This data may be exploited and repurposed to further political agendas like communalism, anti-immigration policies, etc. Further, increased surveillance and divulgence of data have disintegrated people’s ability to keep their health status private. In the present scenario, Indians have little recourse to challenge digital exercises of sovereign power.

Presently, the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 govern India’s data protection regime. However, these legislations fail to protect individual interests in today’s time.

Geo-location tracking and facial recognition apps could invariably violate the right to privacy, but there is no legal framework that regulates or enables the use of such technologies without violating the Fundamental Right to Privacy granted under Article 21 of the Constitution.

Even the Personal Data Protection Bill, 2019 which is likely to be approved by the Parliament in the Monsoon session of 2020 fails to take into account all stakeholders involved in data breaches. For instance, the Bill imposes heavy fines up to Rs 15 crores or 4% of the annual turnover for violations but exempts the ‘consent’ requirement in certain circumstances where – data is required by the State, for legal proceedings, or to respond to a medical emergency.

These regulatory changes, though onerous to many, are almost a natural and necessary trajectory considering India’s growing digital footprint in the world and the enormous amounts of sensitive information they leave at the State’s disposal, with or without consent!

Therefore, given a choice between public health and safety versus privacy in times of a pandemic, we have an obvious answer. This, however, is an oversimplification of the problem and the real challenge lies in balancing the health of many vis-a-vis the privacy of a few. In fact, China is tracking people through their smartphones and classifies each person with a color code — red, yellow, or green — indicating contagion risk.

On the other hand, Israel resorted to surveillance tools used to counter-terrorism to monitor its people and contain the virus. Further, countries like South Korea, Italy, and Singapore are also using a contact-tracing smartphone app to track infected people and Singapore goes a step further by posting information about each coronavirus patient online with details, including relationships with other patients and infected locations.

In the battle to contain the coronavirus, countries including India have implemented several technologies meant to trace, notify, and identify potentially infected persons. However, the deployment of digital surveillance tools poses a serious threat to the balance between public health and individual privacy on a worldwide large scale.

Despite the setbacks of collating facial recognition, biometric data, and geo-location tagging, these surveillance tolls have been beneficial in the containment of the virus.

While the present deluge of surveillance may be a necessary evil to curb COVID-19, unabated tracking of citizens to curb the virus is a disproportionate act of violation of privacy and may usher in an era of unprecedented privacy violations by companies and the government alike. Thus, strengthening India’s data protection regime and making the government accountable for data breaches may give more confidence to users and keep privacy concerns at bay.

Over 3 billion pieces of data were leaked, admitted Yahoo! in 2016. At the time, it was ranked as the largest data breach in history. This incident followed by data breaches by Facebook, LinkedIn, and MySpace, to name a few, lead us to a larger question – whether technological advancement and privacy can be allies?

The ongoing COVID-19 pandemic has engulfed over 100 countries, with over 20,000 infections and 650 deaths in India, and the government in its efforts to contain the pandemic has placed reliance on technology. So in times such as now, an appropriate adaptation would be – Roti, Kapda, Makaan our Privacy.

The Ministry of Electronics and Information Technology recently launched the ‘Aarogya Setu’ App – meant for contact tracing and information dissemination – which is designed to trace, notify, and provide medical support to those who have come in contact with COVID-19 patients.

However, the App has been heavily criticized for its non-compliance with data protection policies, accountability, and transparency, all of which are essential for privacy protection. Another major setback is that the App is beneficial contingent on a few conditions – many people have the app installed, have the app running, with Bluetooth, and are location-enabled.

But in a country where smartphones are a luxury, meeting the aforesaid prerequisites may be unviable leading to questions about the App’s effectiveness.

Further, experts believe that ratcheting up surveillance and population tracking to fight the virus now, could permanently open the doors to more invasive forms of prying later. More likely than not, the government and law enforcement agencies may have access to sophisticated surveillance mechanisms such as geo-location tagging, and facial and biometric recognition, much after the dust over the pandemic settles.

This data may be exploited and repurposed to further political agendas like communalism, anti-immigration policies, etc. Further, increased surveillance and divulgence of data have disintegrated people’s ability to keep their health status private. In the present scenario, Indians have little recourse to challenge digital exercises of sovereign power.

Presently, the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 govern India’s data protection regime. However, these legislations fail to protect individual interests in today’s time.

Geo-location tracking and facial recognition apps could invariably violate the right to privacy, but there is no legal framework that regulates or enables the use of such technologies without violating the Fundamental Right to Privacy granted under Article 21 of the Constitution.

Even the Personal Data Protection Bill, 2019 which is likely to be approved by the Parliament in the Monsoon session of 2020 fails to take into account all stakeholders involved in data breaches. For instance, the Bill imposes heavy fines up to Rs 15 crores or 4% of the annual turnover for violations but exempts the ‘consent’ requirement in certain circumstances where – data is required by the State, for legal proceedings, or to respond to a medical emergency.

These regulatory changes, though onerous to many, are almost a natural and necessary trajectory considering India’s growing digital footprint in the world and the enormous amounts of sensitive information they leave at the State’s disposal, with or without consent!

Therefore, given a choice between public health and safety versus privacy in times of a pandemic, we have an obvious answer. This, however, is an oversimplification of the problem and the real challenge lies in balancing the health of many vis-a-vis the privacy of a few. In fact, China is tracking people through their smartphones and classifies each person with a color code — red, yellow, or green — indicating contagion risk.

On the other hand, Israel resorted to surveillance tools used to counter-terrorism to monitor its people and contain the virus. Further, countries like South Korea, Italy, and Singapore are also using contact-tracing smartphone apps to track infected people and Singapore goes a step further by posting information about each coronavirus patient online with details, including relationships with other patients and infected locations.

In the battle to contain the coronavirus, countries including India have implemented several technologies meant to trace, notify, and identify potentially infected persons. However, the deployment of digital surveillance tools poses a serious threat to the balance between public health and individual privacy on a worldwide large scale.

Despite the setbacks of collating facial recognition, biometric data, and geo-location tagging, these surveillance tolls have been beneficial in the containment of the virus.

While the present deluge of surveillance may be a necessary evil to curb COVID-19, unabated tracking of citizens to curb the virus is a disproportionate act of violation of privacy and may usher in an era of unprecedented privacy violations by companies and the government alike.

Thus, strengthening India’s data protection regime and making the government accountable for data breaches may give more confidence to users and keep privacy concerns at bay.


Tags: electronic surveillance act, arogya sethu, arogya setu, Surveillance vs Privacy, surveillance act, aarogya setu, arogya setu app

Sonam Chandwani

Sonam Chandwani

Sonam Chandwani is the Managing Partner at KS Legal & associates and heads the firm’s Corporate Litigation Practice.

Leave a Reply