Kerala HC Restrains Sprinklr From Breaching Data Confidentiality; Govt Directed To Anonymize Data & Take Informed Consent [Read Order]

The High Court of Kerala on Friday passed a slew of directions to address the concerns of data confidentiality over the controversial Sprinklr deal to process data related to COVID-19 cases in Kerala.A bench comprising Justices Devan Ramachandran and T R Ravi passed the directions after a four hour long hearing held through videoconferencing via Zoom.The following are the directions in the interim order:Govt of Kerala directed to anonymize all data that have been collected and collated so far, and allow Sprinklr to access data only after such anonymization is completed.Sprinklr restrained from committing any act which will be in breach of confidentiality of data entrusted with them by Kerala Govt under the impugned contract.Sprinklr shall not directly or indirectly deal with the data entrusted to them by the Kerala Govt in conflict with the confidentiality clauses in the contract, and will return the data as soon as their contractual obligations are over. They should not disclose or part with the entrusted data to any third party entity.Sprinklr injuncted from advertising or representing to any third party that they have access to data relating to COVID-19 cases.Sprinklr restrained from exploiting directly or indirectly any data entrusted with it for commercial purposes. Sprinklr further injuncted from using the name or logo of Government of Kerala for its promotional acts.Government has to take informed consent from individuals that their data will be processed by a third party foreign company.Taking note of the submission made by the State Government that Sprinklr has already transferred all data with it to the control of the Government, the bench directed that any residual or secondary data with Sprinklr shall be immediately deleted.The Court also recorded the statement of K Ravindranath, Additional Advocate General, that the State Government has no objection in approaching the Central Government for availing the services of central agencies for substituting the services of Sprinklr Inc. The case will be next listed after three weeks."We want to ensure that there is no data epidemic after the COVID-19 epidemic", HC states in the order.#sprinklr— Live Law (@LiveLawIndia) April 24, 2020The bench orally expressed reservations over many aspects of the deal and said that it was refraining from interference at the present moment so as not to upset the COVID-19 control measures adopted by the State."State has taken the view that without Sprinklr they cannot fight COVID-19. So we do not want to interfere now. That will be interpreted as Court interfering with COVID-19 control measures", J Devan Ramachandran orally observed.He added: "We have many serious reservations about statement filed by the State. We do not know how the company was selected and what are their credentials. Normally, we would have interfered. But we do not want to interfere with COVID-19 battle. So, a balance has to be drawn" The Court also observed that it was amazed that the law department was not consulted before finalizing the Sprinklr deal despite several legal issues in it."What is worrying is that the IT Secretary took a decision without consulting the law department even though many legal issues were involved. Merely because there is an emergency, you cannot create more problems. The cure cannot be worse than the problem", Justice Devan Ramachandran, heading the bench, observed.Not impressed with the government stand that law department sanction was not necessary as per rules of procedure for purchase orders costing less than Rupees 15,000, Justice Devan Ramachandran remarked :"We are amazed by your statement"."If there is a breach, costs will be unimaginable. Can a head of department enter into a contract on his own under Article 299? This is throwing up a lot of legal issues, and no law dept sanction was taken!", the judge remarked.The bench, also comprising Justice T R Ravi, was hearing a bunch of petitions challenging the IT contract between the Government of Kerala and US-based tech company Sprinklr Inc for analyzing and processing data of COVID-19 patients.Before putting questions to the State, the bench remarked that it was not against the government at present but wanted to get clarifications on many points of concern."Today's proceedings are not incriminatory or recriminatory. That is, we are not finding fault with you or blaming you. Court is fully with you in fight against COVID. But, we are concerned about data security", Justice Devan said.The bench said that the the statement by the government that a standard form of contract was accepted is "worrying".The State Government roped in the services of Mumbai-based cyber lawyer Advocate N S Nappinai to explain the aspects of the deal to the bench. She submitted that the concerns over data confidentiality are baseless. She highlighted that data was under the control of the State Government. The Master Service Agreement has clauses clearly defining the purpose of data...

Kerala HC Restrains Sprinklr From Breaching Data Confidentiality; Govt Directed To Anonymize Data & Take Informed Consent [Read Order]

Manu Sebastian

Tags