A bench comprising of Justice Devan Ramachandran and Justice T. R. Ravi of the High Court of Kerala, hearing a petition filed by Advocate Balu Gopalakrishnan regarding the selection of the U.S. based company Sprinklr as a SAAS (Software as a service) to collect and store the data of COVID – 19 patients and those under quarantine in Kerala, has sought government explanation on various aspects of the contract.
Personal data privacy
The primary point noted by the court was concerning the privacy of the data collected by the company. When Additional Advocate General K.K. Ravindranath submitted that the data collected did not constitute “sensitive personal information, Justice Devan retorted by terming it a “dangerous submission” and reiterated that Medical data is certainly covered under “sensitive data”. The petition also raises concerns over choosing a foreign private company over national entities like C-DIT and NIC. Advocate Jaykar K.S., counsel for the petitioner argued that the data were collected without their informed consent and was stored in foreign server and added that therefore, the agreement violates the right to privacy of individuals as granted under Article 21 of the constitution, citing the SC decision in K.S. Puttaswamy case. The state’s counsel stated that the data was now being handled by The Centre for Development of Imaging Technology (C-Dit) and its server account is with Amazon, an entity approved by the government.
Dispute Jurisdiction
The dispute jurisdiction as per the contract between State of Kerala and Sprinklr is New York, U.S.A., and the court has sought clarification regarding the same. The bench added that “the responsibility of data confidentiality is on the state government… A citizen is not privy to the contract between the Kerala government and the company. if that company misuses the data, the state government is responsible. If there is a breach tomorrow, the state government will have to go to New York.” Such a clause raises concerns over the logic and prudence adopted by the state in entering into the contract.
The omission of referral to the legal department and Central government
Justice T.R. Ravi also sought an explanation on why the contract was not referred to the law department before finalisation, as was admitted by M. Sivasankar, the Secretary of I.T. Department. The petitioner also added Union of India as a respondent in the case and has stated that the decision to enter into a contract with a foreign company could not have been taken without the concurrence of the Central Government.
The bench adjourned the hearing till April 24 and commented that “We do not want the COVID-19 pandemic to be substituted with a data pandemic”
Libertatem.in is now on Telegram. Follow us for regular legal updates and judgements from the court. Follow us on Google News, Instagram, LinkedIn, Facebook & Twitter. You can also subscribe for our Weekly Email Updates. You can also contribute stories like this and help us spread awareness for a better society. Submit Your Post Now.
