Has the Kerala government compromised health surveillance data, or personal medical information of thousands under scanner in the aftermath of the COVID-19 outbreak, by contracting a US-based firm to collate data?
The Opposition has been alleging foul play in the contract inked with US-based Sprinklr, to collate data from 1.75 lakh “vulnerable and potentially exposed” people, collected by field workers.
The government also did not stick to the tender process to gift the deal to Sprinklr, which calls itself as the world's leading Citizen and Customer Experience Management platform.
Its Chief Executive Officer is Ragy Thomas, a Keralite hailing from Mavelikkara.
Private players from the pharmaceutical sector are likely to benefit from the data, according to the Opposition in Kerala.
The Kerala government is winning hearts for its systematic handling of the situation, but these charges raised by the opposition, despite its serious nature, have not gained much traction amid the lockdown.
Onmanorama put across the charges to Sprinklr, which categorically denied it owns or commercialises client data.
The US-based firm said it has complied with the country's data privacy regulations while dealing with its clients here.
Sprinklr, however, said in an e-mail it was unable to “provide any additional commentary given the contractual obligations with the Government of Kerala and all of our other clients”.
Sprinklr said the queries should be directed to the Kerala government.
The software firm said it was offering its services to the Kerala government free of cost.
“The data used in its platform is owned and controlled by the government and stored in India”, it said in sync with Chief minister Pinarayi Vijayan's statement, refuting the charges.
Pinarayi said the government's association with the US firm was to provide an app to health workers. The intention is to store data from those under observation.
Sprinklr was also a listed supplier of the Information and Technology department.
He did not elaborate on the charges related to the tender process for selecting Sprinklr.
Leader of opposition Ramesh Chennithala had on Sunday come out with another set of 15 questions linked to the Sprinklr row.
Chennithala's contention is that data collected at government level can be stored on the government's data centre. He says government agencies like C-Dit or IT Mission can carry out the task.
Onmanorama sought the views of industry experts on the issue.
What Sprinklr is offering is a SaaS solution to manage data and convert that data to meaningful and actionable information. Government has clarified that this service is offered for free. Understanding how SaaS solutions work is important, Robin Alex Panicker, Chief Product Office, Finotes, told Onmanorama.
The customer (in this case Government of Kerala) owns the data, where as the the SaaS company processes and manages the data. The service is usually covered under a Master Services Agreement which will have a non-disclosure clause in place. This means the SaaS company cannot disclose the data of any customer to anyone else in any format.
“I understand it's true in this case as well. Also, complying with Indian laws, the data is hosted in India. Government may do a separate agreement regarding data protection, if it feels so. But that will take time to complete the process and let that happen in due course of time. We cannot wait till then in the given circumstances. I personally feel that is not required since the master services agreement already has non-disclosure clause. As a fellow entrepreneur, I feel sad that someone like Ragy Thomas, who built a successful billion dollar business from scratch, has to go through this. When will we learn to respect entrepreneurs of our own? Especially when they are giving their services for free for public good, he asked.
A top IT honcho, who hails from Kerala but is now abroad, refused to comment citing that he was not privy to details of the contract.
However, he pointed out that usually contracted software, including SaaS products like Sprinklr, will have data protection and data ownership clauses.
“It can be stored in a government data centre and someone like C-DIT or IT Mission can do it, I think it is well within their capability. However, if Sprinklr is willing to do it for free, agrees to host the data in India and also commits to binding privacy clauses, I don't see any issue. They don't need to capture a lot of health details, only if someone has contracted COVID and their status (recovered, died) etc. I don't see a need for big controversy on this,” QBurst CEO Prathapan Sethu said.
Meanwhile, European nations are increasingly relying on technology to track the spread of the coronavirus and monitor people under quarantine, putting the region's stringent privacy rules to the test, according to a Reuters report.
Also, governments are rushing to pass emergency laws to allow use of smartphone data to trace contacts. Slovakia this week proposed temporary legislation allowing individual movements to be tracked for the duration of the pandemic. Experts reckon there is a trade-off between tech solutions and privacy compromises.
A similar proposal in Germany was blocked by a ruling coalition partner.
Apple and Google will also work together to create contact tracing technology.