Kerala’s opposition leader, Congress’s Ramesh Chennithala, has upped his ante against Chief Minister Pinarayi Vijayan for allegedly sharing personal medical details of people placed under COVID-19 surveillance with a private American company, Manorama reported. Vijayan has denied the allegations, which were first raised on April 10. On April 12, Chennithala then asked the CM 15 questions, including why the services of an American company were solicited when C-DIT (Centre for Digital Imaging Technology) and the state’s IT Mission could perform them; why data was sold to a PR company; and where the data is stored about the deal with Sprinklr, the New York-headquartered company.

Chennithala had first made the allegations during a press conference where he said that the state’s IT department, led by Vijayan, had awarded the deal to collate personal health data of nearly 175,000 people categorised as “vulnerable and potentially exposed” to the pandemic to Sprinklr, a SaaS company that offers marketing, advertising and customer engagement services, the Hindu had reported. Chennithala has demanded an anti-corruption enquiry as Vijayan had allegedly bypassed the tender process. We have emailed the Chief Minister’s office for more information.

It is not clear whom the sites for collation of data — https://housevisit.kerala.gov.in and https://kerala-field-covid.sprinklr.com — target. The sites are available only in Malayalam and users can start entering information by just verifying their mobile number via an OTP, as we did. Thus, it doesn’t seem like it is meant only for health care workers, or government employees conducting assessments, but each user can enter more than one form. With more than 40 questions (including questions about travel history, medical history of self and family members, etc.), the questionnaire appears to be more of a self-risk assessment tool. Titled “Home Visit Registration”, the sites don’t have a privacy policy or terms of use. We have sent M. Sivasankar, Secretary, State Department of Electronics and Information Technology, an email asking for more details.

The state government had bought a healthcare worker mobile app from Sprinklr using the disaster management funds to input details of people under surveillance, as per the Hindu report. These electronic medical records have allegedly been stored in a private domain outside India’s jurisdiction. Kerala’s IT Secretary had also reportedly appeared in the company’s advertising. Sprinklr had also used the state’s coat of arms. It also took advantage of the state’s public health workers and IT department infrastructure to promote its app globally, the Hindu said. We have reached out to Sprinklr for more information.

However, Vijayan, refuting the claims, said that Sprinklr gave the mobile app to the government for free since the founder of the company, a non-resident Keralite Ragy Thomas, was “moved by the state’s struggles against the disease”, the Hindu reported later. Vijayan also reportedly denied the possibility that the company could leak vital data since even the World Health Organisation has contracted Sprinklr for epidemic surveillance. He also denied that Sprinklr is a PR company. However, he did not specify the criteria for selecting Sprinklr for the collation and management of such data, and if the selection process involved a global tender.

Sprinklr offers a product for governments — Citizen Experience Management — that can be implemented within 7 days during the COVID-19 pandemic so that governments can “bring immediate relief to panicky citizens”. The product includes building information portals, tracking the spread of the pandemic, and setting up different communication channels between the government and its citizens. The company has two offices in India in Delhi and Bengaluru.

At the time of publication, according to the Kerala government’s COVID-19 dashboard, there were 194 active cases of the disease in the state, 116,941 had been placed under observation, and 816 had been hospitalised.