A petition has been filed in the High Court of Kerala challenging the agreement between the Kerala Government and US-based Sprinklr Company for processing of data related to COVID-19 patients.
The petition filed by one Balu Gopalakrishnan, a lawyer, alleges foul play in the decision of the Pinarayi Vijayan-government to choose the services a foreign-based private company for storing and analyzing COVID-19 data. The petitioner questions the decision to entrust the job with a foreign company, overlooking state entities like the C-DIT and NIC.
The petitioner states that data of citizens were collected without their informed consent, and was stored in a foreign server. According to the petitioner, more than 1.5 lakh sensitive medical information of the COVID -19 patients are with the company.
"If information as sensitive are stored in private 3rd party web servers, it is a minimum civility on part of the State to inform and seek consent from those persons from whom the data is collected and also appraise him of the possible misuses. This was conveniently looked apart. The government agencies are well equipped to deal with the storage of data. Hence the big question: why did the State prefer the 3rd Respondent (Sprinkler) for storage of sensitive information?", states the petition filed through Advocate Jaykar K. S.
The petitioner highlights that the company is facing litigation in cases alleging data theft in USA.
Citing the SC decision in K S Puttaswamy case, the petitioner argues that the agreement has resulted in the violation of right to privacy of individuals under Article 21 of the Constitution.
"The data which is aggregated and supplied to the 3rd Respondent(Sprinklr) is a valuable commodity in the data market which could fetch millions of dollars. So it is a question as to why it was done so. The 1st Respondent cannot feign ignorance to the above fact. It has the best of the IT minds in the country and advisors par excellence. The transfer of data was done by a State and not by any layman. It is a concerted decision taken collectively by a team of experts and not by a single individual, taking into consideration of all pros and cons of the action. So why?", the petitioner asks.
The petitioner has added the Union of India as a respondent in the case, and has stated that the decision to enter into a contract with a foreign company could not have been taken without the concurrence of the Central Government.
"The 2nd Respondent(Union) is the authority which should concur with such decisions of the State. It is a sad truth that the 2nd Respondent was never consulted before executing the alleged agreement and their concurrence was never sought for. The 1st Respondent feels that such important decisions which need the concurrence of the Union government can be given a go bye and decisions made by it will prevail", the plea states
The petitioner argues that the agreement is in violation of the provisions of the Information Technology Act 2000.
"The Act provides for securing sensitive information and the manner in which it can be transmitted. The 1st Respondent, with all legal paraphernalia, entered into an illegal contract in a haphazard manner. The contract exposes the information of common laymen into the hands of a private entity. It was the bounden duty of the State to protect it's individuals, rather it chose to expose then to the vagaries of a 3rd party", the petitioner states.
The petition seeks to direct the State Government to sever the agreement with Sprinkler company and to appoint a government-IT company to store and analyze COVID-19 information.
The petitioner further seeks a direction to the Central Government to conduct a forensic audit to bring out the "foul play" in the IT contract.
As an interim relief, the petitioner seeks a direction to stop the uploading of COVID-19 information in the web servers of Sprinkler.
The agreement with Sprinklr has come a major political controversy in the State, with the opposition alleging grave irregularities in the contract.
M Sivasankar, the IT Secretary, appearing in media interviews on Saturday, explained that the agreement was entered in the backdrop of the public exigency created by the COVID-19 pandemic. He admitted that the opinion of legal department was not thane before the contract due to the emergency situation.Dismissing the allegations of data theft, the IT Secretary said that the State had ultimate control over the data, and that the company was only processing it to present the information in a structured form.
Click Here To Download Petition