Nearly a month after informing the High Court that there was nothing wrong in US-based Sprinklr Inc. handling patient data, the Kerala Government told the HC in an affidavit on Thursday that the data analytics company would not be collecting or analysing patient data related to COVID-19 outbreak in Kerala.
These functions will now be done exclusively by the state-run Centre for Development of Imaging Technology (C-DIT).
Sprinklr's agreement with the Kerala Government will now be limited to just software updation, as the data will be collected using the US firm's application. Sprinklr has also been denied access to C-DIT's Amazon cloud server. The government submitted that Sprinklr had been asked to destroy the data it had collected till now.
The High Court had in the last week of April issued certain directions to ensure that public data was not misused. It had asked the government to anonymise all the data that had been collected. This directive was a follow up of the Centre's submission that data could be shared only after it was anonymised.
The latest decision is seen as an about-turn by the Pinarayi Vijayan government. In an earlier affidavit submitted to the High Court, the government had said that sensitive information was not collected.
Initially, the data collected were uploaded in Sprinklr's Amazon cloud server in Mumbai. But when this stoked a major controversy, the data was shifted to C-DIT's cloud server after augmenting its capacity for Rs 1.20 crore.
The Centre, too, had objected to the Sprinklr deal. In an affidavit submitted to the High Court, the Union IT department had questioned the Pinarayi government's decision to overlook several government-owned and government-controlled entities like the C-DIT and Information Kerala Mission.
It also pointed out that there were central agencies like National Informatics Centre capable of handling the task that was entrusted to the US firm.
The Centre also pointed out that the contract did not specify the amount of compensation that individuals should receive in case of breach of privacy or misuse of information. It also raised the concern that the information would have been collected and handed over to the data analytics firm without the consent of the people.
The Centre had taken the stand that it was always advisable to process confidential data using government agencies.
The Kerala government had justified the choice of Sprinklr saying that a multichannel communication network that could handle volumes of structured and unstructured data and pass on to supporting Information Technology systems was unavoidable at a time when COVID-19 cases threatened to spiral out of control.
There were no available alternatives within the government framework, it was argued. The government-owned and controlled entities like the C-DIT and Information Kerala Mission were not technically equipped to manage such large volume of data, it had said then.