The Kerala High Court directed the state government assure the secrecy of all data collected by American company Sprinklr of people under observation for COVID-19. The company will not be allowed access to data until the process is complete, the court said in its verdict.
The High Court Bench comprising Justices Devan Ramachandran and TR Ravi also ordered that the Sprinklr 'shall not directly or indirectly deal with the data' in conflict with the confidentiality clauses in the contract signed with the Kerala government.
Court also directed the Sprinklr not to use the Kerala government's name or logo for promotion. The company should return the data after the contract period is over and not exploit the data directly or indirectly for commercial purposes.
The state government has to get informed consent from people under observation for COVID-19 that their data shall be accessed by a third party foreign company, the court said. The court said that it was refraining from interfering in the contract so that the COVID-19 control measures of the government shall not be upset.
“State has taken the view that without Sprinklr they cannot fight COVID-19. So we do not want to interfere now. That will be interpreted as the Court interfering with COVID-19 control measures,” Live Law quotes Justice Devan Ramachandran as saying.
The judge observed that the court was ‘amazed that the Law Department was not consulted’ prior to the deal with Sprinklr being finalised. The court noted that it was not impressed with the government's stand that the Law Department's sanction was not necessary for purchase orders of less than Rs 15,000.
The court took note of the submission made by the government that all the data has been transferred by Sprinklr to its control.It noted the statement of K Ravindranath, Additional Advocate General, that the state did not have objections to availing the services of central government agencies, substituting Sprinklr.
The Kerala government was represented by Supreme Court advocate and cyber law expert NS Nappinai, who submitted that the American company will be exposed to criminal action under the Information Technology Act in India, since the data was in India.
They had earlier sought clarification on the dispute jurisdiction between Kerala and Sprinklr being the state of New York in the USA.
When the state’s counsel argued that Sprinklr had a proven track record in the field and referred to the World Health Organisation using the company’s services, Justice Devan said that the Bench was aware of the differences between dashboard services given to the WHO and SaaS (Software as a Service) given to Kerala.
The judge also commented that the data of five lakh persons will not be 'big data'. The government had earlier argued that the state's data centre did not have the capacity to handle big data, and that's why it was using the company's server in India.