views
Thiruvananthapuram: These are interesting times when the United States of America is worried about food, medicine and economy amid the Covid-19 pandemic, while at the other end the state of Kerala is grappling with concerns about data security and privacy.
The CPI (M)-led state government which has earned appreciation within the country and outside for its adept handling of the novel coronavirus crisis and the flattening of the infection curve is getting flak for allegedly breaching the privacy of people under quarantine because of a deal with a US-based tech firm to handle the data compiled from them. The Kerala High Court on Tuesday asked the state government to file an affidavit on Wednesday ensuring the privacy of the data.
What is the deal?
The state government's deal is with Sprinklr, a SaaS (Software as a Service) company owned by Ragi Thomas, an expatriate Keralite, which offers marketing, advertising and customer engagement services. It pertains to the personal health data of people in the state, where the first novel coronavirus case was reported in the country when a student from Wuhan reached Thrissur on January 1, 2020, categorised as ‘vulnerable and potentially exposed’ to the pandemic.
The data with answers of various questions, including details of their symptoms and health conditions, was compiled by the workers at the grassroots level using a tool developed by Sprinklr to assist doctors and medical officials in making an informed choice about possible hospitalisation.
How did the controversy erupt?
Ramesh Chennithala, Leader of the Opposition in Kerala, unleashed an attack on the state government, accusing it of allowing Sprinklr to collate and handle the health data of around 1.75 lakh people under quarantine without taking their consent, at a press conference on April 12. He asked 15 questions to the state government.
According to the veteran Congress leader, the government did not follow due procedures in appointing Sprinklr and hence risked the transfer of crucial health data of the citizens to pharmaceutical companies. He questioned why the administration took the assistance of a US-based firm when there were institutions like the Centre for Development of Imaging Technology (CDIT) and Kerala State IT Mission could do the same job.
“The state government has competent agencies to handle this data and, instead, why are these strictly private data being shared with a foreign company? On their website, they have mentioned that there will be times when they will be handing over the data to others, which is unethical,” he said. "We wish to know what due process of law was done when it was decided to hand over this highly confidential data to this firm. Was there a global tender floated for this?" he asked.
Chennithala said the decision was taken unilaterally by chief minister Pinarayi Vijayan without obtaining clearances from departments like law, local self-government, health and finance. He also asked how IT secretary M Sivasankar could act in an advertising film of the company which was hosted on its website.
How did the government react?
The chief minister, who handles the IT department, which signed the deal with Sprinklr, declined to entertain a question on the matter on April 13. It was quite surprising as he used to narrate the nitty-gritty of a situation while addressing the media after the Covid-19 review meeting. Instead, he told the reporters that the IT secretary will elaborate on the deal.
However, the government defended the move by stating that the company’s tool was offered for free as SaaS and that the firm was owned by a Keralite who wanted to give back to the state for the service offered by the state to his father who is in Kerala. The IT department said the data was being collected on a massive scale and therefore needed the intervention of an app which can collate it quickly and help analyse it. Sprinklr’s tool was already ready and therefore had to be just customised to meet the state’s needs, it said.
What did the agreement say?
The government, in a step to reaffirm its transparency, released documents in connection with the contract it signed with Sprinklr on April 2. The documents included the purchase order form, service agreement, privacy policy of the company and a non-disclosure agreement. According to the documents the data belong to the Kerala government.
Additionally, the agreement order signed with the company stated, “Every employee participates in mandatory data protection and information security training and is formally obliged to data secrecy. Sprinklr established a data protection steering committee of key functional leaders throughout the company and Sprinklr also appointed an experienced Data Protection Officer.”
Did it change the domain name?
Yes. The government, after the allegation, changed the domain name for the entry of data from 'citizencenter.sprinklr.com' to
'citizencenter.kerala.gov.in'.
Why such a controversy in times of a pandemic?
It was evident that the Congress-led UDF, upset at the admiration received by the government and the role of Pinarayi Vijayan as a crisis manager, wanted a situation to target the chief minister. Hence, Sprinklr was a golden opportunity. Since the IT department is held by the chief minister, they could train their guns at him. There is no allegation on exchange of financial favours in the arrangement. With assembly elections just a year away, the Opposition believes the row can help it get an edge over the ruling coalition.
Where did it go wrong?
The date of engagement with Sprinklr was March 25 and the purchase order was signed on April 2. There was adequate time to complete the due process, including legal and financial vetting, and also escalate it with the health and disaster management departments. However, this was not done. Also, questions remain on how and why Sprinklr was singularly appointed for the task without even putting out a global tender. Since the exercise involves confidential data of thousands of people, it begs the question why the government, which was putting out almost everything
in public, did not do so.
What are the ideological tangles?
The nature of the row is troubling the CPI (M) because it had aggressively taken on the BJP-led Centre over data privacy concerns surrounding the national Aadhaar project. A 2017 Facebook post of Pinarayi Vijayan on the dangers of breach of data privacy is viral now. Moreover, the controversy in a deal with an American firm is always a cause of concern for the party and its cadres with a strong anti-imperialist stand.
What is the reaction of the CPI (M)?
The state CPI (M) secretariat on Tuesday extended its support to the government. It found that the state government had ensured the Sprinklr deal was in line with the IT rules in the country which does not have separate rules for data safety. The party also stated that its an extraordinary situation where the privacy of a person has to be breached as part of surveillance for the activities to prevent the spread of the pandemic.
What is the BJP's position on the row?
The state BJP, which stated 'no to any controversy' during the pandemic and extended its support to the government, did not attack the government as ferociously as the UDF. However, it met governor Arif Mohammad Khan with a memorandum to investigate the Sprinklr deal.
Comments
0 comment