The world continues to suffer from Coronavirus and individual privacy continues to be the casualty. As the pandemic gathers pace every day, it is pushing governments across India to adopt innovative steps to curb the pandemic. One such innovative step, which seems common among all States and the Union Government is that of tracing applications.

There are around 15 to 20 Covid Tracing applications floated by several States in India, notwithstanding the Aarogya Setu application of the Union government.

This is a classic example of graded surveillance across India. Not to forget that the Aarogya Setu app is already facing the ire of civil society for its excesses and unjustifiable encroachment on the privacy rights of the individual.

These excesses of the Aarogya Setu app are backed by the encroachment of privacy by the ‘Covid Tracing Applications’ floated by State Governments.

Interestingly, neither the Aarogya Setu app nor those deployed by States have the backing of any legislative enactment but rather are creations of the informatics bodies of the State.

However, floating of two different applications at the State and Union levels, raises unprecedented questions of federalism.

The first and foremost question which comes up is whether an individual who downloads a ‘State Covid Tracing Application’ is also bound to download Aarogya Setu app. If not what happens to the information collected by the ‘State Covid Tracing Application’; does the information only stay with the State or is it shared with the Union Government? This will bring disparity of information pertaining to knowledge about Covid-19, the State information might be different from that with the Union government.

Secondly, the privacy policies of the State ‘Covid Tracing Applications’ provide that the respective Governments may employ third-party companies or individuals for facilitating the services under the application and these third parties may have access to personal information collected by the app (which is duplication of information and amounts to abuse of privacy rights).

However, these third parties do not include the Union Government.

This by default means the information collected by the State Covid Tracing app will be segregated information apart from the information collected by the Aarogya Setu app and will be used by the State Government only. Under entry 6 of List-II of Schedule VII of the Constitution, the State Government is empowered to legislate on topics of ‘Public Health and Sanitation; Hospitals and Dispensaries’.

However, floating of tracing applications without any legislation is a blatant violation of privacy rights. As privacy is a fundamental right, encroachment on privacy can only take place through the medium of law.

In the absence of any legislative enactment, the usage of State apps for tracing patients and aggregated information as to their movements is a direct violation of privacy rights. However, section 2 of the Epidemic Disease Act, 1897 gives enough leeway to the State Government to undertake such measures as are necessary to curb the outspread of such disease.

But these measures cannot be disproportionate to the objective sought to be achieved. The amount of information collected by the applications is disproportionately high keeping the objective in mind, that is of tracing a suspected patient.

Most of these applications are not only using GPS enabled tracing but are also looking at the Call Details Record (CDR) of patients who are found positive and suspected to be positive for tracing individuals they have come in contact with.

This helps the State governments in creating geo-fences for the suspected cases and positive cases and helps in keeping them in quarantine.

However, neither the Aarogya Setu app nor the State Covid-19 Tracing apps can be regarded as ideal, keeping privacy in mind. Two distinct applications for tracing Covid19 patients at the Union and State levels will create disparity of information.

This is a classic example of competitive federalism, where segregated information is being created for overcoming a common issue. There must be common legislation for regulating privacy rights and creation of a common log of information. Creating a separate identity of information on grounds of separate identity will not be a healthy convention in this time of pandemic.

The writers are, respectively, Assistant Professor of Law, National Law University, Jabalpur and a 2nd year law student at National Law University, Odisha.