The necessity to use Sprinklr’s SAAS
The government defended the contract citing exigent circumstances and the possibility of a “sudden spike in the numbers” as assessed by the Crisis management group of the government. Further, the statement also cites a study conducted by a group of experts at John Hopkins University and Princeton University, which predicted that about 80 lakh people in the state would be affected by 25/04/2020.
It also stated that around 30% of the population in Kerala still do not have smartphones and thus, their SOS messages would be through conventional phone calls or SMS. Hence, a “multichannel communication network was necessitated” to avoid data duplication during panic situations. Therefore, the state defended the use of the SAAS (Software as a service) to meet the needs.
Lapse in the regular procedure
In response to the question of why a regular call of the tender was not issued, the government justified its action by stating that the issue had to be resolved in the shortest possible time and that necessitated extraordinary steps. The statement goes on to explain the long and tedious regular process of granting sanctions for such tenders. Concerning using government entities for the purpose, the government stated that “C-DIT and Information Kerala Mission are not technically equipped to manage such a large volume of data.”
Furthermore, the selection of Sprinklr specifically was justified by explaining that the government had come in contact with the company while holding meetings with Global Malayalee Diaspora to attract investments in the State. It was also submitted that Sprinklr is a pro bono partner of the WHO in developing COVID – 19 Update dashboard. The government, therefore, asserted that such policy decisions taken by the executive in dire situations cannot be said to arbitrary and not be equated with decisions taken in ordinary times.
Data protection and privacy
Concerning the data collected, the statement clarifies that the online submissions are through a voluntary self – reporting process and that the user is properly informed in the terms and conditions that the data will be used for COVID purpose only. The statement also highlights the need for health-related data collected by the health workers to be at the fingertips of local governments for taking swift action if need be.
The collected data has been migrated to citizenccentre.kerala.gov.in from citizencentre.sprinklr.com, where it was stored earlier. The data is stored in the Amazon Cloud in Mumbai and not abroad in an encrypted form. The statement also clarifies that there are sufficient protection measures for the data collected by the company and that it is the government and not the company that has full control and right over the data of people. No data will be available to the company after the termination of the agreement.
Foreign dispute jurisdiction
Concerning dispute jurisdiction being New York, the government simply stated that it was a standard form contract clause and had to be adhered to considering the best interest of the state in the emergency. Further, for penal actions for breach, the IT Act would apply and “the restriction of jurisdiction for civil action does not limit Criminal prosecution or jurisdictions thereof”, hence, action can be initiated in India also for penal action. Even if a breach occurs outside India, S. 75 of the IT Act empowers initiation of prosecution within India.
The omission of consultation with the Law Department
In response to the allegation of bypassing the law department, the statement provides that it was merely a purchase order to avail service of a readymade software application. Since the administrative Department has full authorisation to make such purchases of price less than 15,000/- and the instant deal being pro bono, there was no obligation to consult the law department whatsoever.
Further, the statement highlights a few points of law. It refers to the decision in KS Puttaswamy, to emphasise that reasonable restriction can be imposed on the right to privacy because of compelling state interest or public health.
Section 12 of the Personal Data Protection Bill, 2019 is also cited to claim that personal data can be processed by the State without consent to respond to any medical emergency involving a threat to the life of the data principal or any other individual and to take appropriate measures to deal with such circumstances. EU regulation stating the same principle is also relied upon.
Libertatem.in is now on Telegram. Follow us for regular legal updates and judgements from the court. Follow us on Google News, Instagram, LinkedIn, Facebook & Twitter. You can also subscribe for our Weekly Email Updates. You can also contribute stories like this and help us spread awareness for a better society. Submit Your Post Now.