Abstract
The corona pandemic altered many traditional and historical norms of society and law. COVID-19 created a humanitarian crisis in some parts of globe, while pandemic privacy and civil liberties were under threat all over world. To combat the deadly virus, individual liberty and equality were compromised. This paper focuses on how India’s health problem has compromised people’s right to privacy. It will highlight how strict executive policies led to the creation of a massive surveillance system in the name of combating the COVID-19 pandemic, as well as how the absence of any policy or legal framework led to the exclusion of individuals and their families who were suspected of having the virus or caring for those who were infected with the deadly virus. The paper uses case studies and data collected from primary as well as secondary sources. The authors will also point out how the absence of privacy regulation puts millions of citizens’ private information at risk of being compromised or exploited against their will.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
Introduction
On 11 March 2020, the World Health Organization proclaimed the outburst of the deadly virus as a pandemic. The unanticipated flare-up of COVID-19 has overshadowed the routine life as the exponential growth of the virus implored and alarmed the world community. It requires very serious and aggressive efforts to contain the pandemic. Doctors and paramedical staff worked from dawn to dusk to cope with the aberrant crisis. Government agencies who were part of the COVID-19 task force asked for personal details of citizens suffering from COVID-19. In these circumstances, it is extremely important to protect data privacy in order to mitigate risk and also maintain individual harmony in such a challenging time. Emergency does change the priorities of life and underestimate the basic standards of life. The latest developments put forth amid the pandemic infringe one’s privacy and other human rights, thereby affecting netizens’ personal information transgression and the improper use of data. Unprecedented measures are used to respond COVID-19; the heavy-handed exercise of contact-tracing has been used to contain the dissemination of the deadly virus throughout the world. As methodology, it has a long history of use against diseases from SARS and AIDS to typhoid and influenza. Eventually, the epitome of all these core developments badly affected surveillance and privacy (Zwitter and Gstrein 2020).
Health Privacy during the COVID-19 Pandemic
In India, the contact tracing, surveillance, and technological tools damaged the privacy of an individual. Technology was used in full swung to contain the pandemic. Digital technologies have been applied for tracing efforts, tracking, testing vaccine registration, and patients’ databases, such as human addresses, phone numbers, social security numbers, and vaccination status, which presents additional problems because they entail sensitive personal information about our whereabouts and health. In the midst of the corona, a person’s extensive medical history has been revealed. Sharing personal data violates privacy and has negative effects. Because the information or data acquired in this regard by governmental and commercial entities is extensively disseminated through social media networks, it is simple to identify and recognize an individual using personal data (Murthy 2020; Javed et al. 2020). Medical privacy is very indispensable to preserve private medical history. Appropriate care should be taken so as to ensure minimum possible interference, while collecting, storing, and disseminating of personal health data. Health and privacy bear a close bond in modern societies. State should put in place proper procedure, policy, and legal framework to safeguard health information. Data and modern technology tools while making scientific advancements and research should fully protect the personal interests of an individual. While carrying out the operation of personal data—including health data—privacy and data protection becomes critical in their roll out (Brand Equity 2022). While analyzing health data safety measures should be incorporated so as to prevent the manipulation and develop public health, “Whenever you increase surveillance of individuals, you must simultaneously increase surveillance of government and corporations, so it’s not just topdown surveillance, it’s balanced by a bottomup surveillance” (Majumdar 2022).
India has observed largest health data breaches during 2022; lakhs of personal health data of citizens were found online. After investigation, it was observed that COVID-19 data of citizens was uploaded by various district health authorities on their websites. In one of the northern states of India, health authorities have uploaded PDF files directly with all details of citizens. Such type of data breach was also found in West-Bengal and other states of India. Web portal the probe has reported that all details of dead COVID patients were also compromised by uploading on health authorities’ websites (Sridevi 2022). Indian Embassy officers working in Iran have shared list of positive pilgrims in a WhatsApp group instead of sharing individual test results directly to the individuals. These officials did not care about people’s right to privacy (Agarwal and Mitra 2020). Data pertaining to COVID-19 has reportedly been stolen from government servers and sold, according to the Indian Express, which includes name, age, gender, mobile number, address, date, and result of COVID-19 report. The shared data documents were available on Raid Forums and it was observed that leaked data was meant for uploading on the Co-WIN portal (Business Today 2022; Indian Express 2022).
In Kashmir under Indian administration, excel sheets with details of persons tested for COVID-19 were shared on WhatsApp app to each and every person of locality with an intention to spread awareness about families with positive patients. For the contact tracing process during the first, second, and third waves of the COVID-19 pandemic, the government transferred a number of government teachers and other personnel during COVID-19. They received no training or data privacy guidelines, either. Without any privacy or data sharing guidelines from the state health authorities, they were free to share all state data with any local resident without worrying about the privacy of specific individuals. We have retrieved a screenshot of a WhatsApp group that contains an excel sheet with information about COVID-19 RTPCR reports. To authenticate our statement, we have shared excel screenshot with 4372 individuals with information about persons’ name, parentage, gender, ages, phone numbers, and addresses attached, COVID-19 vaccination status, travel history, symptoms, contact with positive patients, underlying medical conditions, previous history infections, and reports of the COVID-19 test (Figs. 1, 2A, B). Such information was collected from every individual who visited COVID-19 testing facilities across Jammu and Kashmir.
Showing screenshots of excel data sheets that were shared most of the time of friends and relatives with intention of awareness about COVID-19-positive individuals. We have blurred the name, parentage, and address in these images
A and B shows the list of COVID-19 patients shared in WhatsApp groups of J&K Bank directly
Sher-i-Kashmir Institute of Medical Sciences, Srinagar, Kashmir, is a tertiary care hospital in where state-level viral research and diagnostic laboratory, Department of Microbiology, is only having BSL 3 facility for COVID-19 testing. The Department was taking care of data privacy of patient’s information during COVID-19; Ironically, we found that COVID RT-PCR result data sheets were also found to be shared to public during pandemic as show in Fig. 2A, although the institute was also issuing COVID-19 RT-PCR results individually from COVID-19 center.
Health technology adversely affected positive patients and their families, while revealing their private information; they face stigmatization, putting psychological fear. Unfortunately, such exercise alienated families and caused psychological trauma to the patients. Sharing of personal information of COVID-19-infected individuals and their antecedents should remain strictly confidential. To observe the secrecy while tracing and tracking the affected individuals is utmost requirement in the civilized society. UN medical personal performer contact tracing will disclose the minimum amount of information to achieve the objective of the contact tracing (UNMD 2020).
Ostracization
In India, ostracization emerged like a tinderbox amid perplexed social distancing measures in place. It poses a very serious threat in the multi diverse cultural community like India. It is indeed important not to ostracize COVID-19 patients and those who have recovered but to support them to come out of illness. To ostracize is to push them further and thereby create psychological trauma in them. Corona stigmata added the tribulations and horrors led the dehumanization. The way the social media remained flooded with COVID-19 stuff exposes and expels them in the society. The world scenario of corona death toll and helplessness aggravated trepidation (NIMHANS 2020). The virus has been present in the societies of past time too but the present COVID-19 seems very dangerous. Deadly virus has taken the toll of fatalities across the globe, shaking the world class powers. As of 11 April 2022, the total number of COVID-19-confirmed cases has been reported to WHO as 497,057,239, including 6,179,104 deaths. Any person suffering from COVID-19 infection was subjected to quarantine or isolation either at government isolation centers or home quarantine. The patient’s family and close contacts have to face the heartbreaking and mentally unsuitable behavior, a phenomenon got created wherein one suffers the worst form of stigmatization. In such circumstances, one would hardly come forward for voluntary testing and mostly would avoid testing feels better to die at once then to bear the worst form of seclusion.
A stigma associated with deadly virus presents imminent danger to one’s dignity. Researches from HIV, Ebola, Hansen’s disease, and other infectious epidemics show that stigma downgrades the speed of voluntary testing and dealing with COVID-19 patients. The common populace does feel alienated and troubled if being declared as COVID-19-positive patients or seek treatment after develo** of symptoms, the wrong perception of the society and the threat that overhangs that of disease—after taking precautions to avoid the illness. Record of past major diseases shows us that stigma aggravates the mindset of infected people. The current COVID-19 stigmata could prove more fatal in this digital world, as the stigma created after hard-wired distancing from others who could infect us. We see the complete suite of evolutionary behavior called “parasite avoidance,” to avoid contact with persons who may infect us. A demonizing response perturbs on attaining signs of sicknesses such as skin lesions or vomiting, whether or not these symptoms are a real hazard to our health (Earnshaw 2020). We observed from chronic diseases like cancer, HIV/AIDS, and H1N1 stigma in November 2009, as compared to other slurred sicknesses. HIV/AIDS was the most stigmatized disease throughout the world (Earnshaw and Quinn 2013).
Ostracization and Public Reaction
COVID-19 phobia and public perception entangled further, as nursing staff, paramedical staff, and doctors are bearing the public fulmination, tagging them as “disease spreaders.” Rather than being appreciated for incredible services, their sweat labor is being trampled down. Forcefully evicting paramedical staff from their tenanted premises by owners was heart wrenching. Stigmatization further increases as the private information of quarantined individuals is being widely circulated.
Anjali Rai and Pratika Pradhan (Giri 2020), serving as nurses at the state-run North Bengal Medical College and Hospital (NBMCH), expose different emotions—whether be excited or dejected, over their personal involvement in the virus; while serving first patient of the region, Pradhan said that “Nurses, doctors ward boys, hospital staff, and sweepers—all those who at the frontline in battling the pandemic—aren’t receiving the appreciation they deserve.”.
“When I initially got the symptoms, I requested many people in my neighborhood to keep my son with them for a few days. But they refused on the pretext that other residents might object,” Rai said (Giri 2020).
The worst happened to destitute and demonized migrant workers in their home towns and villages. In Patna, Rajasthan, and West Bengal, several incidents occurred where migrants were not allowed to enter their respective areas. In Durdih, one family faces ostracism even after his departure; they were “not being allowed to take water from the local hand pump,” he said (Agrawal 2020). A woman in Kochi too was ostracized on her daughter’s home quarantine, while arriving from Dubai, even was not permitted to seek blessings for her well-being in the church (The Hindu 2020). A milk man was committed after receiving vehement criticism and on being treated as virus spreader (Jayarajan 2020).
Law and Pandemic
While combating COVID-19 in India, the old colonial legislative provisions were invoked. Prior to annunciating of the Epidemic Diseases (Amendment) Ordinance, 2020, India was struggling with unamended 123-year-old Legislation to contain the deadly virus, the conflagration of the twenty-first century. The Britishers implemented the age-old legislation during the turmoil of the bubonic plague in India, which conferred very cruel powers to the government (Kumbhar 2020).
Central and state government issued guidelines for public, social distancing measures, segregation of suspected individuals, etc. under the unchanged colonial law. The Act imposed severe restrictions; its accredited powers regarding separation of COVID-19, the hospitals, traveling guidelines, and quarantine measures were put in place in order to stop the deadly virus from spreading. Moreover, the legislation was used as a constant reminder of public information [v] (EDA- Sec 2). The Indian penal code has been invoked to punish the violators of COVID-19 rules punishable offence u/s. 188 of IPC [vi] (EDA- Sec 3). The legislation provides immunity to officials from the process of legal proceedings [vii] (EDA– Sec 4).
Along with the Epidemic Diseases Act, the Disaster Management Act, 2005, has been implemented to tackle COVID-19 in India. The Disaster Management Act places restrictions on the liberty of the common man, proposes action against rumor-mongers, and enumerates provisions for accessing emergency funds.
Privacy and Law in India
Since 2010, attempts was made to ponder over the privacy regime in India and documents was prepared in 2011 and 2014. The 2014 version got exposed and could not move forward. In July 2017, the Indian governance created an adroit committee to seek intimation regarding drafting of a Data Protection Bill. The chairman of the committee was Justice B. N. Srikrishna, onetime Apex court judge (Burman 2019). In November 2017, the panel issued a white paper for public argumentation, so as to shape privacy regime (MeitY 2017). The dexterous commission held various sessions across the Indian states to receive necessary suggestions on data privacy (Bell 2020; MeitY 2018). In 2020, the Justice A. P. ShahFootnote 1 panel advised dominating law to prevent privacy violation and personal data in personal and social arenas. Furthermore, it provided for the establishment of privacy commissioners at union as well as at domestic level, mentioned nine basic guidelines significant for drafting the privacy legislation (Chakraborty 2017; Srikrishna et al. 2018).
The Indian judiciary postulates privacy as a fundamental human right. The highest court in India expounded clearly in different cases and comprehended privacy as essential part of Article 21 of the Constitution of India (WHO 2020; Kharak Singh v State of Uttar Pradesh and Ors. AIR 1963 SC 1295).Footnote 2 The Supreme Court went ahead in August 2017; the constitutional bench explicitly declared privacy as a segment of life and liberty.
India is still lagging behind in the protection of personal data. India does not have any legislation to protect one’s personal data, especially sensitive data; the only law that is being used is the Information Technology Act 2008 (IT Act) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal information) Rules (IT Rules) (MeitY 2011). These IT rules under the IT Act that were notified in April 2011 clearly define “sensitive personal information” and safeguard any such details from uploading prevent; thereby, it saves privacy of an individual. Rule 3 mentions medical records as sensitive personal data or information (Singh 2011). The PDPB (Personal Data Protection Bill 2018)Footnote 3 nurtures sensitive medical data similar manner, and it also explains “Critical personal data and protection” measures and policies in a crystal-clear way. The bill empowers the common man to contain one’s data (Obhan and Patodia 2020). The proper mechanism is provided regarding data aggregation, circulation, and it protects sensitive data covering the different classification of data from health data to biometric data to genetic data. Rule 4 of the IT Rules (MeitY 2011) enlightens the collector, receiver, and manager of personal data to uphold the privacy measures while holding and supervising the sensitive information of an individual. Rule 6 of the IT Rules (MeitY 2011) deals with the revelation of “sensitive personal data or information” by the authority to seek the approval of the information provider obtained through any agreement or otherwise by corporate body (Seema et al. 2018). The state instrumentality shall provide the guidelines that acquired information shall not be released or distributed to any individual.
Section 43A is significant provision for safeguarding sensitive data and describes rules for managing, possessing, personal information of patientFootnote 4 laid in a computer network, holding, governing, and is negligent in the same and which adversely impacts individual personality; concerned data holders shall be liable to pay damages by way of compensation, which shall not exceed a sum of INR 50,000,000 (rupees five crore).
Public institutions as well as different private organizations have put in place number of methods to counter the dissemination of COVID-19. The human distance and social space (where possible) incumbent teleworking, abandoning of unnecessary gathering, and raised the standard of hand hygiene protocol. Other factors adopted like individual monitoring and their travel history, recording of temperature, and also locating the contact tracing of infected patients trample down individual privacy.
Thus, when it comes to protection of privacy, India is falling behind. The law put in place amid COVID-19 is in adequate to protect the privacy of an individual. Personal data breach of confidential information of millions of people is at risk. It is utmost important in the modern society while tackling the health problem to uphold individual liberty. Although data can be used for good, the arbitrary and uncontrolled use of data, particularly personal data, has raised questions about an individual’s privacy and autonomy. In order to avert worst-case scenarios and to guarantee that data is used for the benefit of citizens rather than to manipulate them, governments have the power to regulate matters like artificial intelligence (AI) (Majumdar 2022).
Global Updates of Data Protection Laws and Privacy Measures amid COVID-19
Lawmakers like Cantwell and privacy advocates like Schwartz showed their helplessness on privacy surrender while fighting the battle of deadly virus. As the online platform activities widened, more and more social and economic activities were conducted via online, but in doing all this, we must protect health privacy. The grave concern amid the health emergency is of data collection, use, and sharing of personal information. To analyze Indian and African counterpart practices of handling sensitive personal data, in Africa, 55% of countries have adopted data protection legislation from which 23 are least developed countries (UNCTAD 2021). Legal regime of personal data protection is still missing in India. India is still lagging behind in the drafting of data security laws amid COVID-19.
From small to large, socio-economic, everything is kept up online, so to protect individual liberty is of utmost importance. Equally applying, collecting, and sharing private information even when there is no permission from the consumer is questionable. Africa and Asia have shown keen interest in introducing data privacy measures.
For example, the African Union (2014) members adopted the African Union Convention on Cyber Security and Personal Data Protection. The 2016 EU General Data Protection Regulation backdrops an example for many countries like Nigeria—the continent’s important economic power and very populous state—adopted its first Data Protection Regulation in early 2019. “It’s a fair starting point, but now we need a comprehensive Data Protection Act and an independent monitoring authority,” said Ridwan Oloyede, a privacy expert at Nigerian consultancy firm Tech Hive. Oloyede is particularly worried about secure technology and independent monitoring. Brazil’s privacy law has been postponed due to the COVID-19 disturbance.
There have been developments in the USA to protect privacy, with the legislators proposing the privacy protection bill amid COVID-19 to constrain the data collection. The COVID-19 Consumer Data Protection Act would “consider providing all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data”; Sen. Richard Blumenthal (D-CT) said that he is going to consider the privacy policy of a consumer. “These crises have highlighted the vital need for strong, reliable protections or law for privacy and security of personal data,” Blumenthal said. “As just one example, there is certainly a need for clear guardrails concerning information resulting from testing and contact tracing.” (Lyons 2020). COVID-19 Inspires Federal Consumer Privacy act aims to enhance protection by ensuring to protect information that constitutes “precise geolocation data, proximity data, and personal health information” (Heck 2020).
Across the globe, developed and develo** countries introduced legal measures to personal liberty like UK enacted the Corona-virus Act, 2020, covering COVID-19 rules, and similarly, Singapore has passed the Infectious Diseases Regulations Act, 2020 (Shunmugasundaram 2020). The Italian government too prepared a decree in order to produce a strong, robust mechanism for data collection pertaining to health in the arena of public health crisis. In Germany, the government is also trying to make a necessary alteration in the Infection Protection Law, so as to permit the Federal Ministry for Health to make “risk” individual identification easy and also let them to furnish necessary journey details with their contacts. The amended existing statute which confers wide powers for identification and in obtaining the communication data has been deleted. In France, emendation of legal provisions allow, “any measure,” the data processing for the duration of 6 months during the COVID-19 crisis. Such alteration was disapproved as it confers unbridled power to intrude into private life.
Privacy and Health Secrecy in India
Privacy is the right of an individual to be protected from vituperation of personal existence in the society. The civilized society protects the individual’s privacy, the threat of abuse, or misuse of personal information. Health secrecy during the pandemic is important; it is vital to regulate unrestricted circulation, to ensure the separation and a dignified life without any sort of obstruction and interference by public. While collecting and operating with health data, it shall be commensurate to the individual liberty. While handling the deadly pandemic outbreak, modern state propounds promote personal privacy; man’s well-being is advocated as indispensable part of privacy. Privacy is heart and soul of liberty, an important principle in the modern-day world. In the case of The Queen v Brandon Roy Dyment, ([1988] 2 SCR 417), while emphasizing on the significance of data privacy, it was thought that “This concept of privacy is based on the belief that all information about a person is, in some manner, his own, and that he has the right to share or keep it as he sees fit. The ability to retain information about oneself is especially crucial in modern life. We may wish or be compelled to reveal such information for a variety of reasons, but situations abound in which the reasonable expectations of the individual that the information will remain confidential to the persons to whom it is disclosed and limited to the purposes for which it is disclosed must be safeguarded.”. The health sector is indispensable for privacy; the interrelation in between the solitude and medicinal jurisprudence has been discussed by the apex court in the number of cases, like Mr. ‘X’ v. Hospital ‘Z’ ((1998) 8 SCC 296).Footnote 5
In Balu Gopalakrishnan v. State of Kerala and Ors,Footnote 6 the Kerala High Court issued an interim order to protect data gathered from patients or those susceptible to COVID-19. The state government was also ordered by the court to anonymize all sensitive personal data before sending it to a corporation in the USA. The court further barred Sprinkle (a corporation based in the USA) from violating the data’s confidentially.
Challenges to Privacy in the Era of Technology
Privacy is an indispensable right of the individual to maintain the personality. Privacy being an inalienable and inherent right of a human being is inseparable. New prospects and issues arise as exemplified by the global health emergency, where privacy is being discussed from the informational perspective. Personal privacy issues have become particularly serious in today’s information and technology-based society since the virtual world has impacted every aspect of daily life. It is uncertain how the courts would maintain data protection in the current health crisis and the privacy of information in the digital age.
Warren and Brandeis (1989) expounded the versatile effect of digitalization on individual privacy:
Modern creations and business strategy require the next step to be pursued for personal safeguard, and to guard the individual liberty, what Judge Cooley calls the right “to be let alone”. As the newspaper enterprises have exposed the boundary of behind the scenes and domesticated life system; and various engineering tools could prove the prophecy that “what is whispered in the closet shall be proclaimed from the house-tops.” Since long ago, it was felt that the law ought to provide appropriate remedies for personal information circulation without the authority. The complexities of life, made it urgent amid crucial discoveries some retreatment from the world, and man, as in modern society, one is more concerned about the publicity, so that seclusion and isolation becoming very indispensable, but advanced technology has invaded individual privacy, which deeply disturbed and caused mental agony to the individual.
The judgment in the case of Life Insurance Corporation of India and Ors vs. Prof. Manubhai D. Shah ((1992) 3 SCC 637)Footnote 7 referred to the decision given in Indian Express Newspapers (Bombay), Pvt Ltd vs. Union of India ((1985) 1 SCC 641),Footnote 8 which interpreted privacy as part of Article 19(1) (a) and also that it encompasses communicational privacy. The apex court in Indian Express mentioned the United Nations Report, further nothing was done.
Personal health records are very indispensable; it should not be harmed in any way, as the personal details of the virus-affected and quarantined patients have surfaced in the social media. Karnataka and Mohali published a list of people quarantined. The revelation of personal data manipulates personal liberty and hence affects individual privacy. In August 2018, the Ministry of Health and Family Welfare issued a script on the “charter of patient rights” including in its privacy of medical history. In the current crisis of the COVID-19 outbreak, another form of privacy violation has been observed. Medical prescriptions of suspected individuals were posted and forwarded on social media platforms. The lady who tested positive and was the first case in the Northeast region, or the 4-year-old child from Assam—in both cases, prescriptions were widely shared on social media. Personal information is being circulated across social media platforms, without realizing the legal violation of the privacy of these individuals. Identification lists prepared by authorities and many even bear signatures of police officials are widely available on WhatsApp. Shrill and hysterical reporting on the gathering in Delhi’s Nizamuddin Markaz in mid-March 2020 flooded in social media with a list of individuals containing their address, age, and cell numbers (Bhattacharjee 2020).
Such disclosures invite danger, too. “Disclosure of private facts has the propensity to disrupt a people tranquilly. It may cause him to develop a number of complexes, as well as psychological issues. Because the right of privacy is an integral component of the right to life envisaged by Article 21, breach of right to privacy might cause disturbed life for the rest of his life.” ([1988] 2 SCR 417).
The Ministry of Electronics and Information Technology (MEITY) has launched the AarogyaSetu app, which tracks subjective personal facts such as sex and travel details in order to create data while respecting privacy rights. A plethora of facts, such as (i) name, (ii) phone number, (iii) age, (iv) sex, and (v) profession, are stored and analyzed while processing and safely driven to cloud memory. (vi) Countries visited in the last 30 days and (vii) smoking details and present health status are requisitioned to know the health update of an individual. In addition to it, the person is being monitored fully so as to trace all the contacts with their respective locations; however, the tragedy is that policy papers are silent about the definition “legal requirement.” The definition lies within the discretion of the government, which can lead to misuse of stored personal information. Furthermore, real anonymization of private information was deliberated upon by scientists and policy makers regarding the anonymous data handling carefully. Authority’s responsibility is limited legally, even when inaccurate data is collected by App or when there is omission to extract reliable data. Therefore, after analyzing all these features, it seems that “AarogyaSetu” is data snatching tool only (Bhandari and Rahman 2020; Krehling and Essex 2021).
It was more shocking in the Mohali list which particularized the suspicious notion of over more than 300 people. Health-oriented programmed mechanism must uphold the basic human rights’ personal liberty, equality, and privacy. Constitutional jurisprudence has accepted privacy as inviolable human right, as explicated in Justice K.S Puttaswamy and Another vs. Union of India and Ors ((2015) 8 SCC 735).Footnote 9 J. Bobde put forth in the case that personal approval is significant for sharing of intrinsic data like personal health history. Despite apex court ruling, respect for an informational privacy is still craving for protection across India. The Puttaswamy judgment formulates the three-part test to determine whether the state has intruded personal privacy and its validity. Firstly, act should be backed by law. Secondly, the legitimacy and necessity stand up of action. Thirdly, action should be proportional to achieve that goal (CIS India, and Privacy International 2016). A thorough examination of the Epidemic Diseases Act, 1897, and the National Disaster Management Act, 2005, clearly depicts lack of authorization and legitimacy to put out individual information in social outreach. The uploading of individual information in the public sphere has the tendency to infringe the right of privacy (Justice KS Puttaswamy and Another Vs. Union of India 2017).
Without any comprehensive data protection legislation, collecting and disseminating one’s individual information in the public domain without their assent are very dangerous. The reason of the government is that data dissemination has become an important weapon to combat the deadly pandemic. This is not the proper justification as the state is pushing people away rather motivating them to cooperate to fight with this deadly virus jointly; it causes knee-jerk reaction. By placing personal symptom reports on social media will lower the morale of people and will try their best to avoid testing. During these extravagant times, we need to adopt people friendly policies.
To maintain the spirit and philosophy of privacy of an individual amid these odd hours, the government should desist from putting sensitive information in the public sphere. We must extract data-based methods and policies to stop the flare up of the virus; it is necessary to contemplate that how our data would be stored and kept after the pandemic is over (Senger 2020; Gerke et al. 2020).
Delhi-based non-profit legal services organization SFLC.IN along with a coalition of non-profit organizations, civil society groups, lawyers, public policy professionals, technologists, social activists, entrepreneurs, and citizens raised and are advocating for the robust legal mechanism to control and monitor data collecting policy and further processing of data in the ongoing COVID-19. (SFLC 2020) To accept contact tracing, data tracking the temporary supervision may get permanently attached to the system of life, which is undeniable. “In this particular case, if we have technology for minimizing harm, we have a moral obligation to use it,” Marcello Ienca, a bio ethicist at the Swiss university ETH Zurich, said. “But we have to merge it with the best available technology in the areas of cyber security and privacy.” To work for the best, Ienca added, the medical health luminaries should collaborate with constitutional experts. As Senator Maria Cantwell wrote, “Rights and data surrendered temporarily during an emergency can become very difficult to get back” (Halpern 2020).
Conclusion
As a large section of the people is still unaware and indifferent to laws, unregulated mechanisms and policies to collect and store data are highly obnoxious to individual life. Data manipulation and mishandling personal health records further their wide circulation trampled down individual liberty. The law related to medical legislation; personal data security measures have been sidelined and indeed widely ignored amid global pandemic in India. India should adopt a strategy to mitigate the effects of COVID-19 and personal data collection. A personal data regime needs to be set in place in the digital community. Data minimization and confidentiality must be respected. It is expected amid COVID-19 to maintain the balance between fundamental rights. The dissemination of COVID-19 information should take all precautions of individual liberty and personal freedom. There are very serious privacy implications of the corona disease which can be worse than the disease itself. Individual privacy should be protected and safeguarded while combating invisible virus. Data privacy legislation is the need of the hour in India, as in the world-wide; data privacy laws are recognized as a fundamental human right. India needs to increase legal certainty, to articulate and enforce available data protection provisions and investigate alleged privacy violations amid COVID-19. The measures adopted temporarily in emergencies become a fixture of life. So, digital privacy measures should be fully appropriated, drafted, and implemented to contain the crisis for posterity.
Notes
Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court), available at: http://planningcommission.nic.in/reports/genrep/rep_privacy (Visited on Aug 20, 2020).
The term “sensitive personal data or information” of a person consists of information relating to the following—(i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details; (iii) physical, physiological, and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored, or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005, or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these regulations.
References
African Union. 2014. African Union Convention on Cyber Security and Personal Data Protection. African Union, 27 June 2014. https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection. Accessed 20 August 2021.
Agrawal, Parul. 2020. Covid-19 lockdown: Bihar migrants who fled cities face ostracism at home. Scroll, 3 April 2020. https://scroll.in/article/958010/covid-19-lockdown-bihar-migrants-who-fled-cities-face-ostracism-at-home. Accessed 1 August 2021.
Agarwal, Kabir and Devirupa Mitra. 2020. List suggests 254 Indian pilgrims in Iran have tested positive for COVID-19. The Wire, 17 March 2020. https://thewire.in/health/254-indians-iran-coronavirus-positive. Accessed 24 September 2022.
Bell, Genevieve. 2020. We need mass surveillance to fight covid-19—but it doesn’t have to be creepy, MIT Technology Review, 12 April 2020. https://www.technologyreview.com/2020/04/12/999186/covid-19-contact-tracing-surveillance-data-privacy-anonymity/. Accessed 28 July 2021.
Bhandari, Vrinda, and Faiza Rahman. 2020. Constitutionalism during a crisis: the case of Aarogya Setu. The Leap Blog, 25 May 2020. https://blog.theleapjournal.org/2020/05/constitutionalism-during-crisis-case-of.html. Accessed 20 February 2021.
Bhattacharjee, Subimal. 2020. What privacy means in times of Covid-19. Daily O, 13 April. https://www.dailyo.in/. Accessed 25 May 2021.
Brand Equity. 2022. Covid-19 related data of thousands of Indians leaked online. Brand Equity, 22 January 2022. https://brandequity.economictimes.indiatimes.com/news/digital/covid-19-related-data-of-thousands-of-indians-leakedonline/89059409. Accessed 22 September 2022.
Burman, Anirudh. 2019. Will a GDPR-style data protection law work for India? Policy Commons, 15 May 2019. https://policycommons.net/artifacts/431404/will-a-gdpr-style-data-protection-law-work-for-india/1402471/. Accessed 23 July 2021.
Business Today. 2022. Covid-19 data of thousands of Indians leaked online, put on sale. Business Today, 21 January 2022. https://www.businesstoday.in/technology/news/story/covid-19-data-of-thousands-of-indians-leaked-online-put-on-sale-319934-2022-01-21. Accessed 2 September 2022.
CIS India, and Privacy International. 2016. Stakeholder report universal periodic 27th session: the right to privacy in India. Centre for Internet and Society India, and Privacy International, October 2016. https://privacyinternational.org/sites/default/files/2018-04/India_UPR_Stakeholder%20Report_Right%20to%20Privacy.pdf . Accessed 12 May 2021.
Chakraborty, Ananya. 2017. Right to privacy: nine principles of data privacy in AP Shah Report. News 18, 24 August 2017. https://www.news18.com/news/india/right-to-privacy-a-fundamental-right-nine-principles-of-data-privacy-in-ap-shah-report-1500003.html. Accessed 24 February 2022.
Earnshaw, Valerie. 2020. Don’t let fear of Covid-19 turn into stigma, Harward Business Review, 6 April 2020. https://hbr.org/2020/04/dont-let-fear-of-covid-19-turn-into-stigma. Accessed 28 July 2020.
Earnshaw, Valerie A., and Diane M. Quinn. 2013. Influenza stigma during the 2009 H1N1 pandemic Journal of Applied Social Psychology 43(S1): E109–E114. https://doi.org/10.1111/jasp.12049
Gerke, Sara, Carmel, Shachar, Peter R. Chai, and I. Glenn Cohen. 2020. Regulatory, safety, and privacy concerns of home monitoring technologies during COVID-19. Nature Medicine 26(8): 1176–1182. https://doi.org/10.1038/s41591-020-0994-1.
Giri, Pramod. 2020. Covid-19: Darjeeling nurses face ostracism, say health workers are least appreciated. Hindustan Times, 30 April 2020. https://www.hindustantimes.com/india-news/covid-19-cured-darjeeling-nurses-face-ostracism-say-health-workers-are-leastappreciated/story-M5u0kqrlgaNBCoOpoGW53N.html. Accessed 25 September 2021.
Halpern, Sue. 2020. Can We track COVID-19 and protect privacy at the same time? New Yorker, 27 April 2020. https://www.newyorker.com/tech/annals-of-technology/can-we-track-covid-19-and-protect-privacy-at-the-same-time. Accessed 15 August 2021.
Heck, Zachary. 2020. COVID-19 inspires Federal Consumer Privacy Act. Taft, 18 May 2020. https://www.privacyanddatasecurityinsight.com/2020/05/covid-19-inspires-federal-consumer-privacy-act/. Accessed 22 July 2021.
Indian Express. 2022. Covid-19 related data of thousands of Indians leaked online. Indian Express, 21 January 2022. https://indianexpress.com/article/technology/tech-news-technology/covid-19-related-data-of-thousands-of-indians-leaked-online-7735940/. Accessed 24 September 2022.
Javed, Bilal, Abdullah Sarwer, Erik B. Soto, and Zia‐ur‐Rehman Mashwani. 2020. The coronavirus (COVID‐19) pandemic’s impact on mental health. International journal of health planning and management 35(5): 993–996. https://doi.org/10.1002/hpm.3008.
Jayarajan, Sreedevi. 2020. Kerala woman who recovered from COVID-19 ousted from hostel by residents. The News Minute, 19 October 2020. https://www.thenewsminute.com/article/kerala-woman-who-recovered-covid-19-ousted-hostel-inmates-135698. Accessed 20 August 2021.
Krehling, L., and A. Essex. 2021. A security and privacy scoring system for contact tracing apps. Journal of Cybersecurity and Privacy 1: 597–614. https://doi.org/10.3390/jcp1040030.
Kumbhar, Kiran. 2020. Epidemic Diseases Act, India’s 123-year-old law to help fight the pandemic. The Wire, 21 March 2020. https://thewire.in/health/epidemic-diseases-act-india-pandemic. Accessed 30 July 2020.
Lyons, Kim. 2020. Senators’ plan for reining in contact tracing apps doesn’t make a lot of sense. The Verge, 2 May 2020. https://www.theverge.com/2020/5/1/21243977/gop-senators-contact-tracing-data-coronavirus-covid-19-privacy. Accessed 10 May 2021.
Majumdar, Romita. 2022. Use data carefully to avoid digital dictatorship, data colonies: Yuval Noah Harari. Economic Times, 16 February 2022. https://economictimes.indiatimes.com/tech/technology/use-data-carefully-to-avoid-digital-dictatorship-and-digitalcolonies-yuval-noah-harari/articleshow/89613777.cms. Accessed 15 September 2022.
MeitY. 2011. Notification. Ministry of Communications and Information Technology, 11 April 2011. https://meity.gov.in/writereaddata/files/GSR313E_10511%281%29_0.pdf. Accessed 22 January 2022.
MeitY. 2017. Public consultation on white paper – data protection framework for India. Ministry of Electronics & Information Technology, 28 December 2017. https://meity.gov.in/writereaddata/files/public_consultation_on_white_paper.pdf. Accessed 13 May2021.
MeitY. 2018 Data protection in India. Ministry of Eletronics and Information Technology, 13 February 2018. https://digitalindia.gov.in/writereaddata/files/6.Data%20Protection%20in%20India.pdf. Accessed 25 May 2021.
Murthy, Pratima. 2020. The COVID-19 pandemic and mental health – An introduction. In Mental health in the times of COVID-19 pandemic: guidance for general medical and specialized mental health care settings. National Institute of Mental Health and NeuroSciences, April 2020. https://www.mohfw.gov.in/pdf/COVID19Final2020ForOnline9July2020.pdf. Accessed 25 May 2021.
NIMHANS. 2020. Mental Health in the times of COVID-19 Pandemic: Guidance for General Medical and Specialized Mental Health Care Settings. National Institute of Mental Health And Neuro Sciences, April 2020. https://www.mohfw.gov.in/pdf/COVID19Final2020ForOnline9July2020.pdf. Accessed 25 May 2021.
Obhan, Ashima, and Vrinda Patodia. 2020. Data protection or data localisation. Obhan & Associates, 17 January 2020. https://www.obhanandassociates.com/blog/data-protection-or-data-localisation/. Accessed 24 July 2020.
Seema, Jhingan, Neha Yadav, and Monica Benjamin. 2018. An overview of data protection laws in India and European Union. Mondaq, 4 April 2018. https://www.mondaq.com/india/data-protection/687750/an-overview-of-data-protection-laws-in-india-andeuropean-union. Accessed 12 May 2021.
Senger, Ashutosh. 2020. Privacy challenges during Covid-19. Business Line, 20 April 2020. https://www.thehindubusinessline.com/opinion/privacy-challenges-during-covid-19/article31382552.ece. Accessed 5 August 2021.
SFLC. 2020. Joint letter to the central and state governments on unwarranted, excessive, collection and processing of personal data of individuals during the ongoing COVID-19 pandemic. Software Freedom Law Center, 31 March 2020. https://sflc.in/jointletter-central-and-state-governments-unwarranted-excessive-collection-and-processing-personal. Accessed 5 August 2021.
Shunmugasundaram, Manuraj. 2020. India needs to enact a covid-19 law. The Hindu, 8 May 2020. https://www.thehindu.com/opinion/lead/india-needs-to-enact-a-covid-19-law/article31529036.ece. Accessed 1 August 2021.
Singh, Shiv Shankar. 2011. Privacy and data protection in India: a critical assessment. Journal of the Indian Law Institute 53(4): 663–677. https://www.jstor.org/stable/45148583.
Sridevi, Prema. 2022. Massive public health data leak puts personal data of scores of citizens at risk. The Probe, 31 January 2022. https://theprobe.in/massive-public-health-data-leak-puts-personal-data-of-scores-of-citizens-at-risk-the-probe-investigation/. Accessed 24 October 2022.
Srikrishna, B.N., Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta, Rama Vedashree. 2018. White paper on data protection framework for India. Ministry of Electronics and Information Technology, 31 January 2018. https://meity.gov.in/white-paper-data-protection-framework-india-public-comments-invited. Accessed 23 July 2021.
The Hindu. 2020. COVID-19: Health officials intervene to end social ostracism. The Hindu, 18 March 2020. https://www.thehindu.com/news/cities/Kochi/covid-19-health-officials-intervene-to-end-social-ostracism/article31093983.ece, Accessed 3 August 2021.
UNCTAD. 2021. Data protection and privacy legislation worldwide. United Nations Conference on Trade and Development, 14 December 2021. https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx. Accessed 18 October 2022.
UNMD. 2020. Preserving the privacy and confidentiality of COVID- 19 infected UN personnel and dependents. United Nations Medical Directors, 2 April 2020. https://www.un.org/sites/un2.un.org/files/2020/04/preserving_the_confidentiality_of_covid_19_infected_un_personnel_2_april_2020.pdf. Accessed 3 August 2021.
Warren, Samuel, and Louis Brandeis. 1989. The right to privacy. In Killing the Messenger, ed. Tom Goldstein, 1–21. New York, NY: Columbia University Press.
WHO. 2020. Statement on the second meeting of the International Health Regulations (2005) Emergency Committee regarding the outbreak of novel coronavirus (2019-nCoV). World Health Organization, 30 January 2020. https://www.who.int/news-room/detail/30-01-2020-statement-on-the-second-meeting-of-the-international-health-regulations-(2005)-emergency-committee-regarding-theoutbreak-of-novel-coronavirus-(2019-ncov). Accessed 28 July 2021.
Zwitter, Andrej, and Oskar J. Gstrein. 2020. Big data, privacy and COVID-19 – learning from humanitarian expertise in data protection. Journal of International Humanitarian Action 5(1): 1–7. https://doi.org/10.1186/s41018-020-00072-6.
Acknowledgements
We acknowledge the assistance by Miss Insha Jan, Msc, Microbiology Skims, Srinagar, Kashmir, for giving us proof of shared COVID-19 data to locals by WhatsApp Messaging App.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and design. Material preparation, data collection, and analysis were performed by Mohamad Ayub Dar and Dr Shahnawaz Ahmad Wani. The first draft of the manuscript was written by Mohamad Ayub Dar and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Ethics Approval
Not applicable.
Consent to Participate
Not applicable.
Consent for Publication
Not applicable.
Conflict of Interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Dar, M.A., Wani, S.A. COVID-19, Personal Data Protection and Privacy in India. ABR 15, 125–140 (2023). https://doi.org/10.1007/s41649-022-00227-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41649-022-00227-0