Chief Minister Pinarayi Vijayan looked determined not to speak about the Sprinklr deal but the Kerala High Court on Tuesday sought answers from his government on three issues related to the deal.
One, why was the deal not forwarded to the Law Department for vetting? Two, why had Kerala entered into a deal that could be tried only in a foreign court. Three, why was a cloud platform used to store patient data even after the number of COVID-19 cases, and also the number in home quarantine, in Kerala have come down.
Kerala government has been asked to file a response by April 24 when the case would be taken up again.
The two-judge bench of Justices Devan Ramachandran and T R Ravi issued their queries on the basis of a petition filed by Balu Gopalakrishnan, a lawyer, alleging foul play in the LDF government decision to hand over sensitive patient information to a private company based in the USA.
The court also objected to additional advocate general K K Ravindranath's initial statement that the data collected was not sensitive information. "We cannot accept the submission that the data is not sensitive information. Health data is sensitive," Justice Devan said. The additional AG promptly corrected his statement.
The petitioner, too, had emphasised the sensitive aspect. “The data that is aggregated and supplied to the 3rd respondent (Sprinklr) is a valuable commodity in the data market which could fetch milions of dollars. So it is a question as to why it was done so. The 1st respondent (Kerala Government) cannot feign ignorance to the above fact,” the petitioner said.
That the Law Department was bypassed is no secret. IT secretary M Shivshankar himself had conceded in his television interviews that the Law Department's advice was not taken. Even before that, Chief Minister Pinarayi Vijayan had also said so saying there was no financial involvement.
The court also wondered whether a high-capacity cloud server was required to host all the information. Again, it was the IT secretary who had gone on record saying the choice fo Sprinklr was an anticipatory measure, and therefore, was not required for the current levels of disease progression. "If the virus spread had gone out of control, as predicted by some earlier internal studies, it would not have been possible to analyse the huge inflow of information using the tools at our command. For the present level of disease spread, our capability is more than enough," Shivshankar had said.
The Court then wanted to know why Kerala had persisted with Sprinklr's Amazon cloud server. The additional AG informed the court that the data was now stored in government-run C-DIT's Amazon Cloud server. After the data theft controversy erupted, the C-DIT server's capacity was considerably augmented at a cost of less than Rs 1.25 crore.
The court also expressed surprise that Kerala opted for a deal in which any legal remedy could be secured only in New York. "A citizen is not privy to he contract between Kerala government and Sprinklr. If that company misuses the data, the state government is responsible. If there is a breach tomorrow, he state government will have to go o New York. We don not know why Kerala chose New York as the jurisdiction," Justice Devan said.
The centre, which was also included as respondent in the case on the grounds that such a decision could not be taken without its concurrence, submitted that its policy was to use the government machinery to collect, store and process citizens' data as far as possible.
