From UPSC perspective, the following things are important :
Prelims level : Epidemic Diseases Act-1897
Mains level : Paper 2- Privacy and use of technology to tackle the pandemic.
Two issues are examined in detail in this article. The first is about the lack of legal framework in India. And the second which is related to the first is the deployment of technology and its benefit and issues it raises. The nature of private-friendly technology to track the disease is also elaborated.
Disease surveillance and individual rights
- Concerns about the impact of disease surveillance on individual rights—including privacy—are not new.
- Globally, previous epidemics have led to an increasing acceptance that public health initiatives must also respect freedom and privacy to the greatest extent possible.
- Lessons from history and other jurisdictions show that a rights-friendly response to the pandemic is possible and must be strived for.
- Canada amended its Quarantine Act in 2005 to give legislative powers to powers state may exercise and also placed some limits on these powers.
- Similarly, in 2015, South Korea also amended the Infectious Diseases Control and Prevention Act, 2009, giving power to state as well as an individual.
- In 2017, the World Health Organization (WHO) published its guidelines on “Ethical Issues in Public Health Surveillance” (WHO 2017).
- These guidelines require states to ensure that there is no unauthorised access or disclosure of information collected.
- It also requires states to take stock of how much data is rightfully required by various agencies of the government before access is granted.
- However, India does not appear to have factored this into its response to the COVID-19 pandemic.
- Rather, what we are witnessing is a push to develop and adopt ad hoc technology-based solutions without a clear understanding of their limitations and harms.
How the absence of legal framework could be problematic?
- During an epidemic (or a pandemic), state agencies may act in a way that significantly impacts people’s fundamental rights to liberty, free movement, and privacy.
- Authorities may have to compel individuals to undergo testing, mandatory isolation and/or enforce quarantine measures, and trace all of their interactions in case they test positive for the infection.
- With such grave implications for civil liberties, a legal framework is essential to bring certainty and accountability to government functioning.
- It will have checks and balances in place and will state the rights and remedies of those affected by the wrongful exercise of powers.
- A 2015 report by WHO’s International Health Regulations has highlighted this fact.
- International Health Regulations are currently the only global regulations on public health, which are binding on India.
Let’s look into this WHO’s report
- WHO’s International Health Regulations-2015 observed the absence of appropriate legislation that would enable the Indian government to mobilise its different wings in the case of an imminent outbreak (WHO 2015).
- The report noted that this legal gap is exacerbated when coordination is required with states.
- This is presumably because health is a domain over which states have exclusive powers.
- The report also noted that India lacks a standard operating procedure (SOP) to clarify when existing legislative provisions could be invoked, and who could be directed to respond to the outbreak.
- However, in nearly five years since this report was published, there is still no sign of a legal regime to describe the powers of the state and its functions during such times.
Acts used in India to control pandemic and issues with them
- In the absence of such an SOP, states in India have resorted to invoking the Epidemic Diseases Act, 1897.
- This act is pre-independence legislation that confers extremely wide powers on states without any procedural safeguards.
- In order to exercise powers under this statute, most states have framed regulations under it, conferring upon themselves the power to impose and enforce quarantine and to collect vast amounts of personal information.
- These regulations are vaguely worded and contain no limitations or safeguards.
- Similarly, on 24 March 2020, the central government invoked the Disaster Management Act, 2005, which allowed it to issue binding guidelines to states.
- [The central government’s entire response to COVID-19 has been through these guidelines, including its imposition of a strict nationwide lockdown for over two months.
- The result has been the issuance of top-down orders, even though much of the economic and infrastructural burden has fallen directly on state governments.
Adoption of technology and issues with it
- There has been the alarming increase in the adoption of digital technology, with the supposed objective of overcoming existing infrastructural gaps.
- India spends approximately 1.28% of its GDP on health.
- Such technologies are often rolled out with neither understanding their limitations, nor properly examining their potential to harm.
- More worryingly, an over-reliance on technology also makes the state complacent.
- Technological interventions tend to become the default, replacing efforts to understand and address the underlying causes of the problem.
Arogya Setu and other digital interventions in India
- Arogya Setu is a contact-tracing application.
- States have also taken to widespread deployment of drones in several cities to enforce quarantine measures as well as the lockdown itself.
- More recently, BECIL, a public sector undertaking, issued expressions of interest to invite bids for a “personnel tracking GPS solution” as well as a “COVID-19 patient tracking tool”
- The first envisages a wearable device to track health workers’ location and to store the data on a centralised government server.
- The second proposes the collation of information from government databases and from telecom and internet data to identify “locations, associations and behaviour” of patients/persons suspected of being infected.
- However, evidence suggests that these interventions may only end up ramping up surveillance without achieving any of their stated objectives.
Limitations of digital surveillance and possible harm
- Such apps are inherently limited:
- 1) Their success depends on self-reporting by confirmed infectious persons, which in turn depends on large-scale testing.
- Given India’s abysmally low testing rate, self-reporting too will predictably below.
- 2)In view of India’s low smartphone penetration, it is likely that the app will be ineffective for a large part of the population.
- 3)Such apps assess risk based on Bluetooth signals, which may result in false positives as the signals are capable of transmitting across walls or ceilings, therefore alerting people in adjoining houses or cars, even in the absence of physical contact.
- In addition to these limitations, such technological tools also vastly expand the government’s surveillance architecture.
Issues with Aarogya Setu and use of Drones
- Aarogya Setu collects a large amount of personal information from users when they sign up, and constantly builds on this by collecting location and Bluetooth data in real-time.
- This allows the app to create a social graph of a person’s interactions.
- Neither the app nor the Data Access and Knowledge Sharing Protocol—which was subsequently issued—provide for a fixed period of time after which the collected data will be destroyed.
- The protocol also reveals that the app’s functionality is not limited to contact tracing, but that the data gathered through it will be used to inform government decision making on almost all aspects related to COVID-19.
- The government recently relied on the data generated by the app to identify new hotspots.
- But the inherent limitations of the app referred to above make these decisions highly suspect.
- This is in addition to some states in India promoting their own applications for contact tracing and geofencing, which raise similar concerns.
- The use of hired drones by the police for surveillance also raises several concerns.
- These drones are being deployed without any legal basis or transparency on how the recorded footage will be used or retained.
- A number of troubling scenarios are possible—the data may be used to surveil and target specific locations or communities that are already subjected to discrimination and harassment.
- It may also be retained and used later for purposes unrelated to disease surveillance.
- Reports suggest that this data is already being shared freely amongst various entities of the government without people’s knowledge or consent.
- No doubt, public health interests may require some restrictions to the right to privacy—as was expressly recognised by the court itself.
- However, any restriction must necessarily pursue a legitimate aim, be based in law, and be a necessary and proportionate means to achieve said aim.
- This means that the state must first identify the goals it seeks to achieve rather than first creating surveillance mechanisms and then continuously shifting the goalposts.
- If multiple ways exist to achieve an objective, the state is obliged to adopt the least restrictive one.
- The legal regime for public health, such as in Canada and South Korea, is therefore essential to ensure that public safety is not used as an excuse to unnecessarily restrict constitutionally guaranteed freedoms.
- The state needs to be transparent about the digital tools it adopts, which would only go towards increasing public trust and ensure better adoption of the technology.
- Individuals should be informed if their information has been collected and used by the government for surveillance or research purposes, giving them an opportunity to challenge the government’s acts if they feel such powers are wrongly exercised.
- If surveillance is legitimately warranted to deal with a public health emergency, then it must be subject to a sunset clause.
- Data that is no longer required must be deleted.
- And clear protocols need to be created to determine who can access the data in case it has to be retained for research or medical purposes.
Consider the question “A pandemic admittedly requires the extensive gathering of data and surveillance to understand disease trends, infrastructural constraints, and to frame prevention and mitigation strategies. Howerver, the technology adopted to achieve this aim must be privacy-friendly. Comment.
Our past experiences can and should inform our decision on the similar deployment of surveillance technology for public health. Such technology must not be excessively invasive and should always have the legal framework which could help the citizens challenge its applications in a given situation.