The Kerala High Court directed the state government on Friday to anonymise all the data collected by American company Sprinklr of people under observation for COVID-19. The company will not be allowed access to data until the process is complete, the court directed.
Live Law reported that Sprinklr has been asked not to carry out any act that would constitute a breach of data confidentiality.
Sprinklr 'shall not directly or indirectly deal with the data' in conflict with the confidentiality clauses in the contract signed with the Kerala government, the court ordered. The company should return the data after the contract period is over and not exploit the data directly or indirectly for commercial purposes.
The High Court Bench comprising Justices Devan Ramachandran and TR Ravi asked Sprinklr not to use the Kerala government's name or logo for promotion.
The state government has to get informed consent from people under observation for COVID-19 that their data shall be accessed by a third party foreign company, the court said.
The court said that it was refraining from interfering in the contract so that the COVID-19 control measures of the government shall not be upset.
“State has taken the view that without Sprinklr they cannot fight COVID-19. So we do not want to interfere now. That will be interpreted as the Court interfering with COVID-19 control measures,” Live Law quotes Justice Devan Ramachandran as saying.
The judge observed that the court was ‘amazed that the Law Department was not consulted’ prior to the deal with Sprinklr being finalised. The court noted that it was not impressed with the government's stand that the Law Department's sanction was not necessary for purchase orders of less than Rs 15,000.
The court took note of the submission made by the government that all the data has been transferred by Sprinklr to its control, and said that 'any residual or secondary data’ with Sprinklr should also be removed.
It noted the statement of K Ravindranath, Additional Advocate General, that the state did not have objections to availing the services of central government agencies, substituting Sprinklr.
The Centre had submitted that its agencies are capable of providing the same services.
The Kerala government was represented by Supreme Court advocate and cyber law expert NS Nappinai, who submitted that the American company will be exposed to criminal action under the Information Technology Act in India, since the data was in India.
The had earlier sought clarification on the dispute jurisdiction between Kerala and Sprinklr being the state of New York in the USA.
When the state’s counsel argued that Sprinklr had a proven track record in the field and referred to the World Health Organisation using the company’s services, Justice Devan said that the Bench was aware of the differences between dashboard services given to the WHO and SaaS (Software as a Service) given to Kerala.
“Anyone can do that. A dashboard person cannot operate SaaS,” the judge remarked.
The judge also commented that the data of five lakh persons will not be 'big data'. The government had earlier argued that the state's data centre did not have the capacity to handle big data, and that's why it was using the company's server in India.