Access Now echoes the Rethink Aadhaar campaign’s serious privacy concerns around India’s Co-WIN app, and potential misuse of personal data.
“As vaccines roll out across the world, it is important that the circulation is equitable, and not used as an opportunity by governments to expand the scope of their digital identity programmes fraught with surveillance, profiling, and exclusion risks,” said Naman Aggarwal, Global Digital Identity Lead and Asia Pacific Policy Counsel at Access Now. “The Co-WIN application in India seems like the perfect example of what governments should not be doing.”
Co-WIN is a new application linked to India’s digital identity system, Aadhaar, that will store the vaccination status — and other personal data — of millions of people in India.
Who wins by linking Co-WIN to Aadhaar?
Rethink raises concerns that Co-WIN and Aadhaar linkage will lead to exclusions, misuse of peoples data
On January 16, 2020, the Government of India initiated a country-wide COVID vaccination drive, which will be facilitated via the COVID-19 Vaccine Intelligence Network (Co-WIN).
Rethink Aadhaar is concerned that the requirement that Aadhaar authentication is to be the “preferred mode” for authentication for the Co-WIN vaccine delivery system will exclude people from accessing the vaccine, in violation of the right to health. There is also a lack of transparency around how the government plans to store and use the data that will be collected as part of the vaccine delivery process, which raises serious privacy concerns.
The Co-WIN platform and app has been developed by the Government of India to track the delivery of the COVID-19 vaccine. As per reports, the app will require citizens to “self-register” in order to get the COVID-19 vaccine. According to the Health Secretary, Aadhaar-based authentication will be the “preferred mode” to verify the identity of persons who are to be vaccinated. Additionally, according to the Operational Guidelines on COVID-19 Vaccination (point 7.2.3) issued by the Ministry of Health and Family Welfare, the production of an Aadhaar number will be mandatory to receive the vaccination certificate issued once the vaccination is complete.
The guidelines state that the platform will be used to track the beneficiaries health on a “real-time basis” after they receive the vaccination. After the beneficiary receives both doses of the vaccine, the Co-WIN application will generate a “QR certificate”, which will be stored in the Government’s DigiLocker application. A DigiLocker account can be accessed either using the unique ID (an ID specific to Digilocker which is linked to the person’s Aadhaar number) or the registered mobile number of the account holder.
The Aadhaar details of persons who receive the vaccine will be used to create a Unique Health ID for them, albeit only for “willing beneficiaries”. Thus, it appears that data collected for the vaccine delivery system will be used to populate the Digital Health ID database, and people’s vaccine certificates will be stored on DigiLocker. Collating people’s health information in this manner, even as India lacks a legal framework to safeguard citizens’ data or health information, is a dangerous step.
The Co-WIN plan raises serious concerns:
- Making the vaccine or subsequent certification conditional on Aadhaar authentication or linkage, would go against all tenets of medical ethics, is a violation of the basic and fundamental right to health, and would also be poor public policy as the roll-out of the vaccine should be focused on universal access to the vaccine. The Central government’s requirement that Aadhaar authentication is to be the “preferred mode” for authentication of identities, as well as the requirement that mobile phone numbers be linked to Aadhaar to pre-register on the app, will exclude citizens. Any requirement to mandatorily link mobile numbers with Aadhaar – as some reports have indicated could be the case – would violate the Supreme Court’s judgement on the constitutionality of Aadhaar. As a recent report by Medianama shows, nearly 11% of India’s population still do not have an Aadhaar number. Errors occur frequently in the huge and complicated Aadhaar infrastructure, leading to authentication failures. Conditioning the vaccine to Aadhaar authentication will repeat the mass exclusion already seen after Aadhaar was linked to essential services and entitlements to food, pensions, scholarships.
- The lack of privacy safeguards in the app and the vaccine delivery system as a whole, is a serious violation of the right to privacy. Details on where the data related to vaccination will be shared/stored are not addressed in the app’s consent form, which only makes a blanket statement about “maintaining the privacy and confidentiality of the information provided”. Neither the website nor the application have privacy policies that address how the health data will be protected. Data related to health is sensitive data and should be accorded the highest level of protection. The Karnataka High Court’s recent interim order on Aarogya Setu, reiterated the importance of ensuring health-related data collected to track the spread of COVID-19 is safeguarded. It held that medical information or data is a category of data to which there is a reasonable expectation of privacy, and “the sharing of health data of a citizen without his/her consent will necessarily infringe his/her fundamental right of privacy under Article 21 of the Constitution of India.”
- The vaccine delivery system is being used to populate the database for the Digital Health ID and to coerce people to use Digilocker. This is a coercive step which is being taken without due deliberation or public scrutiny, and with no consideration for privacy rights. This would also violate the fundamental principle of purpose limitation, that data collected for one purpose (for the vaccine) cannot be reused for another (for the creation of the Digital Health ID system) without an individual’s explicit consent and the option to opt-out with no adverse implications of doing so. There are also worrying reports of hospital administrations sharing Aadhaar details of its staff to register them on the Co-WIN application, even without their consent. The vaccine delivery should not be used as a cover to roll out a digital health ID system without sufficient public debate, and safeguards to ensure that people are free to choose not to enroll.
Rethink Aadhaar urges the Government to:
- Adopt all possible measures to ease access to the vaccine, investing resources to improve health services, and delink the requirement of Aadhaar for the vaccine. A notification must be issued reiterating the point that multiple IDs, apart from Aadhaar, can be submitted to get access to the vaccination.
- Clearly establish the privacy policies of the Co-WIN application, particularly with respect to the protection of the health data of the beneficiaries. More particularly, assurances must be provided that the vaccine delivery system will not be used to populate the database for the Digital Health ID or used to coerce people to use Digilocker.
- Ensure that adequate safeguards are taken against making a health ID mandatory, including issuing a notification in line with the Health Data Management Policy which states that “no individual shall be denied access to any health facility or service, or any other right in any way merely by reason of not being in possession of a Health ID or for not opting to participate in the NDHE.”
The Indian public health system has administered large scale vaccine programs in the past with relative efficiency, without the restrictions and conditions being contemplated here. It should trust its public health systems to do so to counter COVID as well, without making it restrictive, conditional or linked to a digital health system, which is in its infancy and surrounded by legal and ethical concerns. The vaccine delivery should not be used as a cover to create Digital Health IDs without sufficient public debate, and without enough safeguards to ensure that people are free to choose not to enroll.