Company, By Getting List Of Persons, Who Have Not Vaccinated, Will Not Tantamount To Circulating Sensitive Personal Data: Madras HC
The Madras High Court held that companies obtaining a list of individuals who have not been vaccinated do not amount to circulating sensitive personal data.
The Court allowed the Petition seeking to quash the proceedings under Sections 43A and 72A of the Information Technology Act, 2000 (IT Act) and Sections 52 and 199 of the Indian Penal Code, 1860 (IPC).
The Court noted that the company ensured vaccination of employees for COVID-19, aiming to protect against the virus, doesn't violate Section 43A of the IT Act.
The Bench of Justice N. Anand Venkatesh observed, “company by getting a list of persons, who have not vaccinated, will not tantamount to circulating the sensitive personal data”.
“The petitioner company was following up with its employees to ensure that they got vaccinated and took preventive measures to safeguard themselves from the Corona virus attack. Such an effort within the petitioner company or any other organization cannot and will not become an offence, per se, under Section 43A of the IT Act. That apart, the termination of the respondent for his unauthorized absence, cannot indirectly become an offence under Section 72A of the IT Act”, the Court noted.
Senior Advocate Vijay Narayan with Advocate P. J. Rishikesh appeared for the Petitioner.
During the COVID-19 pandemic, the petitioner company encouraged its employees to get vaccinated through tie-ups with hospitals offering free vaccination. The Respondent, however, refused to vaccinate or disclose his vaccination status, protesting against mandatory vaccination. The Company, following safety protocols, identified employees who did not vaccinate, including the Respondent.
Upon discovering his name on the list, the Respondent objected, citing privacy concerns and alleging coercion in wearing masks and getting tested. The company clarified that vaccination wasn't compulsory, offering online work options or leave for those unwilling to vaccinate. Subsequently, the Respondent absented himself, leading to a termination notice, which he did not challenge legally. Instead, he filed a private complaint against the company, leading to legal action under the IPC and IT Act.
“It is to be noted that Section 43A of the IT Act is not categorized strictly as an offence under the IT Act. On carefully reading the provision, it is seen that it is categorized more in the nature of a tort and the consequence of commission of such tort only leads to payment of damages or compensation and no punishment has been prescribed under the IT Act. Therefore, strictly, it cannot be construed as an offence, which can be taken cognizance by a court of law”, the Court noted.
The Bench observed that, even if the accusations in the complaint were accepted as true, no offence was evident on the part of the company and its officers. The complaint appears to be driven by malicious intent, particularly because the company terminated the Respondent's services due to an unauthorised absence, prompting the Respondent to retaliate with a baseless complaint out of spite.
“The first petitioner (A1) is clearly outside the territorial jurisdiction of the Court below. Therefore, the Court below ought to have conducted an inquiry as mandated under Section 202(1) of the Criminal Procedure Code. The order taking cognizance has been extracted supra and this Court finds that absolutely, there has been no application of mind”, the Court observed.
The Court noted that the unprecedented COVID-19 pandemic paralyzed the world from March 2020 onwards, and the impact and severity of the virus were not fully understood, resulting in numerous fatalities and a lack of effective treatment. However, amidst this crisis, scientists achieved a remarkable feat by developing a vaccine in record time. This vaccine was identified as a crucial preventive measure against the virus. With the world engulfed in confusion and human interaction limited to virtual platforms, the petitioner company was urging its employees to get vaccinated during this challenging period.
The Bench observed, “no one can be forced to vaccinate himself/herself since such a compulsion will result in infringement of bodily integrity and personal autonomy of an individual”. The Court referred to the case of Jacob Puliyel v Union of India [2022 SCC OnLine SC 533] and noted that while individuals have the right to refuse vaccination, organizations have a responsibility to prioritize the well-being of the majority.
Therefore, the Bench emphasized that individuals who choose not to vaccinate and adhere to COVID-19 safety protocols cannot be permitted to interact with others in public settings. In the balance between individual rights and the welfare of a larger group, the latter takes precedence. Consequently, the petitioner company informed the respondent that without vaccination and adherence to safety protocols, he could not physically attend work. This measure, implemented by many institutions including courts, is not coercion but a necessary precaution during the pandemic.
The Court noted that the petitioner company's action of compiling a list of unvaccinated individuals does not constitute the dissemination of sensitive personal data. It was merely an effort to ensure employee vaccination and protect them from COVID-19. Such actions, whether by the petitioner company or any other organization, do not inherently violate Section 43A of the IT Act. Furthermore, the respondent's termination for unauthorized absence does not indirectly constitute an offence under Section 72A of the IT Act. The Court noted that the Respondent's private complaint against the petitioner company and its officers was an abuse of the legal process.
Accordingly, the Court allowed the Petition and quashed the proceedings.
Cause Title: Gopal Vttal v Kamatci Shankar Arumugam (2024:MHC:6072)
