The outbreak of COVID-19 and its development into a pandemic has led governments across the world to take extraordinary measures to protect their residents. The Central Government and various State Governments in India, along with public-health authorities, not-for-profit organizations and corporates, are collecting, tracking, and using information about individuals to slow down the spread of COVID-19; however, since a large proportion of such information could be categorized as ‘personal data’ or ‘sensitive personal data’ its use is subject to the data protection laws in India. It is, therefore, essential that a balance is struck between an individual’s right to privacy and public interest at large. Separately, as a result of the COVID-19 pandemic, corporates are also required to implement aberrant measures to safeguard their employees and extended workforce. In this regard, the collection of personal data by corporates will need to be undertaken in compliance with the requirements of data protection laws in India.
This note discusses the use of technology platforms by the Government of India to curtail the spread of COVID-19 and the obligations of corporates in India in relation to their employees or business, in each case, in the context of the legal framework for data protection in India.