Data Privacy Safeguards Indispensable for Protecting Rights Of Citizens When App Installation Mandated By State: Meghalaya High Court
The Meghalaya High Court has held that data privacy safeguards are sine qua non for the purpose of protecting the privacy of citizens, particularly when an ‘APP’ such as a CORONTINE APP or a STAY SAFE MEGHALAYA APP is required to be installed by a citizen at the instance of the State.
A Division Bench comprising of Chief Justice Biswanath Somadder and Justice HS Thangkhiew made this observation while presiding over a PIL challenging the mandatory imposition of "Corontine App" and "Stay Safe Meghalaya App"— contact tracing apps of the state government.
The two apps were introduced by the Meghalaya Government and all persons who were recommended for home quarantine/ isolation were mandated to download them.
The petitioner a law student (NLU Jodhpur), Jade J. Lyngdoh, contended that the privacy of the citizens, particularly those residing in Meghalaya, was being compromised due to the lack of protection of the data processed by the apps.
Although the two apps appear to have been discontinued, the court said it is the bounden duty and absolute obligation of the authority concerned to preserve, protect and safeguard the private data of its citizens so that the information is not used for purposes other than what the two apps were created for.
Lyngdoh had contended that the impugned Government order dated March 29, 2020, is arbitrary.
The petition has raised following grounds-
1. There exist no protocol/guidelines of the State Government vis-a-vis the collection, processing, storage, sharing, and anonymization of the data, while using the aforesaid contact tracing mobile applications ("Coronatine App" and "Stay Safe Meghalaya App”).
2. In the absence of any protocol regarding data privacy safeguards of the aforesaid mobile applications, the State Government could not have collaborated with any app developing agencies/ institutes for using the monitoring application, leave alone making it mandatory on the individuals of the State to install/ download the applications.
3. As such, the 'Corontine App' and 'Stay Safe Meghalaya App" used by the Respondent State violates the core principles of data privacy and personal autonomy, including purpose limitation and data minimization.
4. The usage of the aforesaid mobile applications in its present form and its mandatory imposition on the individuals in the absence of any anchoring legislation and privacy policies constitute a disproportionate invasion of the constitutional rights of the public at large, and as such is required to be declared as illegal, unconstitutional and arbitrary.
“The legitimacy of the compulsory course for utilization of 'Aarogya Setu' has been tested in a huge number of writ petitions recorded in the High Court of Kerala. The petitioners submitted under the steady gaze of the Court that the required condition was absurd and subjective, as all the workers don't have smart mobile phones” - noted the petition.
In the present case the division bench observed that:
“As such, we are of the view that the instant writ petition can be disposed of with a direction upon the respondent Nos.4 and 5 to look into the specific allegations made by the writ petitioner – as contained in the pleadings – by causing a thorough inquiry in respect thereof and ensure that any private or personal data collected from the citizens who have used the two ‘APPS’ are not misused or disseminated in any manner. Needless to mention that while embarking upon this exercise, the respondent Nos.4 and 5 shall adhere to all privacy protocols that are now in place in the State of Meghalaya as well as in India”.
Case Title : Jade Jeremiah Lyngdoh v. Union of India & Ors.
Access Copy of the Judgment Here