With the Covid-19 crisis creating immense dismay, the government of India came up with an initiative of wellbeing and goodwill for its citizens- a Bluetooth based contact tracing application called the ‘Aarogya Setu’. By the end of May 2020, a staggering 114 million people had not only registered, but also provided the application with sensitive and private information. Several lapses have been identified with regard to the security of this information. It further went on to breach several privacy protocols before mandating its use. One of the biggest problems was the lack of a transparent and verifiable framework with a chance of sensitive data being exposed. The risk was further increased by the fact that the application is not backed by a legislative aid, as directed by the Puttaswamy Judgement. The privacy policy of this application lacks a set protocol for the accessibility and shareability of the data or a predetermined penalty for the misuse of the data. Thus far the application has been sacrificing the right to privacy in favour of right to health. Here the courts should apply the rule of harmonious construction. The government has backed the legality of this application only with the Disaster Management Act, 2005. The authors seek to analyse and elucidate the flaws with the ‘Aarogya Setu’ application and provide viable solutions for the same.​

DOI: http://doi.one/10.1732/IJLMH.25951