Kerala government said that data on persons under Covid-19 surveillance will not be uploaded on the website of US-based company Sprinklr after the state Opposition alleged breach of citizens’ privacy.
The state’s IT department is using a mobile application developed by Sprinklr which allows health workers to record details of the citizens under surveillance for symptoms of the novel coronavirus.
Opposition leader Ramesh Chennithala had last week alleged that the government had entered into the data-handling contract with Sprinklr without due procedures, thereby risking the privacy of the people under quarantine.
The IT department’s statement on Monday said that the data will be fully owned by the Kerala government and will be moved onto the government’s servers after expanding capacity.
What is Sprinklr?
Sprinklr is a tech company that calls itself the “world’s leading Citizen & Customer Experience Management (CXM) platform”.
It was started in 2010 by Ragy Thomas, who hails from Mavelikkara in Kerala.
The tool provided by Sprinklr will be used to identify Covid-19 hotspots in the state and to help local bodies take preventive measures to stop the spread of the disease, the Kerala IT department’s statement said.
The IT department described the service provided by the company as follows: “The data for COVID-19 war room is collected through Facebook, Twitter, email, WhatsApp etc. Help is made available to the needy by analysing these data fast. We had faced similar troubles during the floods also. We accepted the free service of Sprinklr, owned by Keralite entrepreneur Ragy Thomas, as we found it the best tool for the service we need. The software tool provided by Sprinklr is a software as a service (SaaS) application. It’s a ready-to-use software. It just has to be customised as per our needs. The company is responsible for its maintenance and update.”
The company told Manorama that it had complied with Indian laws on data privacy while entering into a contract with the Kerala government.
It also said that it did not own or commercialise client data.
What are the Opposition’s allegations?
Opposition leader Ramesh Chennithala had last week said that the data, collected using government machinery, was being uploaded not on the government server but in that of the foreign company, Chennithala had said.
Chennithala had slammed the government saying such data was considered as ‘protected health information’ by other countries and handing it over to a foreign private agency was a “serious” issue.
Chennithala raised 15 questions regarding the deal, saying the state government was concealing crucial information. His questions included whether the IT secretary had been permitted by the government to act in Sprinklr’s advertisement and whether the government was aware the company had been part of a controversy regarding data sharing of US President Donald Trump’s 2016 campaign.
Chennithala said Sprinklr had scarce experience in monitoring epidemics or collating health data and was now sitting on a treasure trove of electronic medical records of many Keralites which could be sold to private companies for large amounts of money, The Hindu reported.
Congress legislator KS Sabarinadhan said the government’s contract with the company did not follow data protection laws. “The laws stipulate that the data should be collected with the permission of the persons concerned and also need to be destroyed after the purpose. These aren’t followed in this case,” The New Indian Express quoted.
On Monday, Chennithala demanded a probe into the deal and asked for IT Secretary Sivasankar to be removed from the department, Manorama deported.
What the Kerala govt said
Kerala Chief Minister Pinarayi Vijayan on Monday dismissed questions regarding the deal during the state government’s daily press conference and referred reporters to the state’s IT secretary M Sivasankar.
“This was not a PR company as was alleged. No money was given to them for the services being rendered. It is an NRK- run company which is helping the state”, Pinarayi had said last week, refuting allegations of data leakage.
In his statement on Monday, IT secretary M Sivasankar said: “It is impossible for the state IT department to immediately develop and maintain a foolproof software to handle a crucial data required to initiate post-Covid measures in the state. The government’s intention is to have a customised analytical tool to handle the data and to make required interventions.”
The IT department’s statement also said: “In the work order for the customisation of the data collection tool, it has been made clear that the the data collection will be done totally under the ownership of the state government. A non-disclosure contract that the data will be stored in the servers within the country and that the data will not be used for any other purpose has been included in this,” Malayala Manorama quoted.
The government also said it has changed the domain for entry of data from citizencenter.sprinklr.com to citizencenter.kerala.gov.in.