The High Court of Kerala on Tuesday sought a statement from the Central Government on the data privacy safeguards of the 'Aarogya Setu', the contact tracing app developed by the National Informatics Centre amid the COVID-19 pandemic.
The Court asked whether the Central Government can guarantee that the information collected by the Aarogya Setu app would not be misused.
A bench comprising Justices Anu Sivaraman and M R Anitha however declined to pass any interim order against the mandatory imposition of the app on employees.
"Extra ordinary times call for extra ordinary measures", observed Justice Anu Sivaraman, while adjourning the hearing till May 19.
The Central Government Counsel told the bench that data protocol norms were formulated on Monday to address privacy concerns.
The CGC said that it has been recognized as "the best app in the world fighting COVID-19" . With its help, about 130 COVID-19 hotspots have been identified; lakhs are downloading the app every day, added Jaishankar Nair, the CGC.
The bench was hearing a Public Interest Litigation filed by one John Dayal, challenging the directives issued by the Centre making the use of 'Aarogya Setu' app mandatory for public and private employees.
On April 29, the Centre had directed that "All the officers, staff (including outsourced staff) working in Central Government should download 'Aarogyasetu' App on their mobile phones, immediatey"
Further, the lockdown guidelines issued by the Ministry of Home Affairs on May 1 stated "Use of Arogya Setu app shall be made mandatory for all employees, both private and public. It shall be the responsibility of the Head of the respective Organisations to ensure 100% of this app among all employees".
These directions are challenged in the writ petition as violative of right to privacy and personal autonomy, as explained by the SC in the K S Puttaswamy decision.
On Monday, May 11, the Empowered Group on Technology and Data Management notified 'The Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020', which lays down the guidelines for collection, processing, storage, sharing and anonymization of the data.