COVID-19, a global pandemic, which has affected 213 countries, infected 23,32,471 people and taken 1,60,784 lives is a cause of concern for both the rich and the poor. Every affected nation is looking for ways to contain the virus and flatten the curve while simultaneously strengthening medical infrastructure and finding a cure/vaccine. One such common mode through which countries propose to contain the spread is use of Artificial Intelligence (hereinafter “AI”). As rightly said, “Technologically potent tools stem epidemics and minimize resulting deaths”; AI is one such tool that can help countries deal with the COVID-19 pandemic. It is a data analytic tool which can tackle COVID-19 by early warnings and alerts, tracking and prediction, data dashboards, diagnosis and prognosis, treatments and cures and social control. AI tracks the infected beings and the areas to which the disease could then have spread. Through its algorithm, it can prepare antigens and vaccines for the control of the pandemic based on the collected data. 

It is interesting to note that BlueDot, a Toronto-based AI, predicted the outbreak of COVID-19 and issued its first warning to the customers on 31 December, 2019. On 30 January, the World Health Organisation (hereinafter “WHO”) Emergency Committee on International Health Regulations decided that COVID-19 meets the criteria for Public Health Emergency of International Concern (hereinafter “PHEIC”). It was finally on 11 March, 2020 that the WHO declared COVID-19 a global pandemic, around 2 months after the first prediction. Theuse of machine learning and natural language processing by Bluedot helped it in recording the spread of the virus quicker than even the WHO. Post the outbreak, many AIs have been coming up to help in fighting the cause, viz., Stallion.AI, a Canada-based multi-lingual healthcare agent which is being used to give information relating to COVID-19, provide guidelines, monitor symptoms and prescribe measures for prevention. However, it is pertinent to note that with the rise of AI, there has been a proportionate rise of the issue of invasion of one’s privacy. To fix this issue, a team of MIT researchers is developing a collection of mobile apps called SafePaths which preserve privacy while contact tracing.This will use Bluetooth signals which emit from smartphones representing random strings of numbers, similar to “chirps” that close by smartphones can remember hearing. These signals trace the spread of COVID-19 while maintaining privacy. Since Bluetooth data is harder to keep anonymous, the MIT team is exploring technical solutions along the lines of stronger encryption. Many countries are using such smartphone-based apps to trace infected persons. For instance, in South Korea, the government has been tracking location of people confirmed and suspected to be infected by the virus. The Chinese government collaborated with Alibaba and Tencent to develop a color-coded health rating app which determines if a person should be quarantined or allowed in public places.

Limitations of AI

The pandemic has also uncovered some of the glitches in using AI. Many countries track your movements to map the spread of the virus. Such measures expose private information and track a person’s phone rather than the virus. This sacrifices personal privacy.In South Korea, for instance, internet mobs exploited the patient data collected by the government to identify people and harass them.In the United States, Facebook is being used as a tool to measure social distancing staging significant privacy and data protection risks.Additionally, tracing geographical location might not be convenient as people move from place to place and might also be sharing phones. 

Another shortfall is that AI systems need a lot of data to identify patterns in historical training data. Precedents are needed to find the best possible course of action. There is a dearth of such historical data to train AI systems. However, what worked in the yesteryears might not work in the future. Additionally, though AI increases speed, its effectiveness is dependent upon the data scientists who operate it. The data scientists know what AIs can do and what exactly they can’t. Thus, human input is crucial for the working of AI. A recent example of both these limitations is Google Flu Trends, a 2008 web-based service from Google, which was discontinued in 2015 due to overestimation of disease count and privacy issues.


AI is playing multiple roles in the world’s fight against pandemic, ranging from delivery of service, doubt clearing, drug research to diagnosis; and India does not stay behind. In fact its use in India seems to be spreading like wildfire covering different sectors. In health sector a few examples could be usage of robot service created by Club First in Sawai Man Singh Hospital, Jaipur, to serve food and medicines in an attempt to lessen contact and exposure of health workers and usage of risk assessment scanner in Apollo Hospital to inform people about potential risk of virus. AI is also becoming a platform to fight myths through a video-bot, created by CoRover. It has collaborated with Dr. Pratik YashavantPatil from Fortis Healthcare who in his AI Avatar will be answering questions of general public via chat and discard myths surrounding the virus. Apart from this innumerable clinical trials are taking place and AI proves helpful due to its capability of calculating numerous combinations. AI has also been helpful in employment sector as businesses and companies have switched to Work from Home thus in turn switching to virtual space. 

India has rolled out multiple apps both at centre and state level to fight COVID-19 to help in contact tracing, quarantine surveillance, delivery of goods etc. The confirmed number for now is 17, viz.,AarogyaSetu, COVA Punjab, Quarantine Watch, Mahakavach, Corona MuktHimachal. Interestingly, 11 out of these 17 do not have a privacy policy. Moreover, India has geographical and economic disparity in terms of access to smartphones and internet.

The application which sparked discussion on encroachment of right to privacy and debate related to extent of government powers to collect data in public interest is AarogyaSetu (hereinafter “app”). This app was created in public-private partnership under National Informatics Centre’s guidance. It has been downloaded by more than 50 million people till date since its launch on 02April 2020. The app uses both GPS location tracking and Bluetooth for proximity tracing and informs the user if he came in contact with anyone who later tested positive. 

The original privacy policy lacked certain aspects which brought the app under the criticism radar and were therefore later revised  and published on 11 April 2020.  The key aspects of revised privacy policy are:

  1. The data is saved on a secure server maintained by Indian government and each user is given a unique digital ID (DiD) which helps in keeping anonymity;
  2. When two devices come in proximity, the DiDs will be shared between the users and stored on device however would remain inaccessible. In case, the user tests positive, this information will be uploaded and saved on the server in encrypted form;
  3. Further, data for the users with ‘yellow’ or ‘orange’ status representing high level risk for contraction is collected every 15 minutes from the app; however, for the ones with ‘green’ status is not uploaded on the server;
  4. The app specifies that the DiD will be connected to personal data in order to communicate the possibility of the one being infected by COVID-19 and/or to facilitate data to people involved in medical and administrative intervention related to COVID-19. The data would be used only for the purposes mentioned in revised privacy policy. 
  5. Data (including DiD) would be automatically deleted after 30 days if not stored in central database, otherwise after 45 days from central database. However, for those who tested positive, data gets deleted after 60 days.

Though the government by revising the privacy policy of the app remedied a lot of issues, yet certain questions remain unanswered. Primary question being usage of least privacy- restricting approach. The app uses both GPS trail via location and Bluetooth, thus deviating from “privacy-focused global standards” which provides for Bluetooth based technology that records proximity without divulging location of people. Such technology is currently in use by TraceTogether App of Singapore and is also suggested by Massachusetts Institute of Technology. Additionally, certain limitations of GPS came forth in, indoor setting or mass-transit situations and in situations where device is shared between people. Though a few countries adopted for in-person contact tracing instead of location tracing, in order to be privacy friendly, given the huge population of India, such a method would not be feasible.

Furthermore, the scope of data usage though has been defined now, yet, the words “to carry out necessary medical and administrative interventions” are very widely worded and prone to misuse.


In treating global pandemics and tackling healthcare challenges, augmentation in role of AIs while maintaining mutual trust between the governing and the governed is unquestionably a sine qua non.

It is necessary at this point to understand the link between right to privacy and public interest. The apex court via Jt. K.S. Puttaswamy and another v. Union of India gave India the fundamental right to privacy under the Constitution of India. However, this right is not absolute and restrictions can be imposed provided the following four requirements are satisfied:

  1. There must be legality,i.e., a law and provision backing it;
  2. There must be a legitimate purpose and necessity, i.e., for public safety, national security, protection of health, prevention of crimes;
  3. There must be proportionality, i.e., legitimate purpose with a rational nexus is pursued to be achieved;  and
  4. There must be inherent safeguards in line with lawful procedure to prevent abuse.

The apex court in RiteshSinha v. State of Uttar Pradesh reiterated the principle and held that “the fundamental right to privacy cannot be construed as absolute and but must bow down to compelling public interest”.Thus, it is crystal clear that the state has power to collect data in public interest provided the four requirements, as stated above, are satisfied 

Post the pandemic, India will become more digitised which will certainly bring with it more prevalent cyber security and data privacy issues. A “Securities Investors Conference” was also conducted by the Ministry of Electronics and Information Technology to discuss ideas for transforming India into a cyber-security hub and to fast-track funding for such projects.Additionally, The Personal Data Protection Bill, 2019 is also tabled for discussion.

The authors are of the view that the state should keep in mind that personal data, ifused wrongfully,can have highly damaging effect and can deteriorate a person’s standing in the society and subject him to discrimination. It thereby is the state’s responsibility to use data only for the purpose stated on collection and only after acquiring consent for the same; if subsequently used for some other purpose then it would amount to breachof an individual’s privacy and would be punishable under law.

In the prevailing situation of a global pandemic, the state in public health interest has the power to collect data for contact tracing and purposes mentioned in its privacy policy; however, any deviation from the terms of policy resulting into breach of personal data should be strictly punished.

About the authors

(LEFT IMG)Saumya Agarwal final year B.A.LLB (Hons.) student at National Law Institute University Bhopal. She is inclined towards corporate laws with specific interest towards Insolvency and Bankruptcy Laws. She serves as Deputy Editor-in-Chief at NLIU Law Review.

(RIGHT IMG)Sakshi Ajmera, is a 3rd-Year law student of National Law Institute University, Bhopal. She has a penchant for research and writing and has publications in a series of prestigious platforms like India CorpLaw (one of the finest online blogs), NUJS Society of International Law and Policy (featuring in top 30 international law blogs) and a News Letter at NUALS Security Laws E-Newsletters. She has been an avid mooter since her first year and has participated in the Freshers’ Pool (Winners) and the National Pool (Pool Rank-4) at the college level. In addition, she represented NLIU in the 5th GNLU Moot on Securities and Investment Law, 7th RGNUL National Moot Court Competition, 2018, and the 10th NLUJ Antitrust Law Moot, 2019.

Please follow and like us:

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *