The Kerala government has formed a new three-member committee to study a report prepared by a previous committee on the issues related to engaging data analytics firm Sprinklr for COVID-19 containment exercises, the government said in an order last week. However, the report prepared by the previous committee is yet to be made public. Researcher Arun PS first tweeted about the latest government order.
US-based Sprinklr, founded by a Malayali expatriate, was at the heart of a privacy-related furore when opposition leaders in Kerala questioned the basis of the government’s deal with the company. Chief Minister Pinarayi Vijayan was accused of sharing personal medical details of people placed under COVID-19 surveillance with Sprinklr.
What happened to the previous committee’s report? Following the controversy, the state government had set up a committee, which included former civil aviation secretary M Madhavan Nambiar, and former cybersecurity coordinator, Gulshan Rai, to study the deal with Sprinklr. In October, the committee presented its report, concluding that they found some procedural irregularities in selecting Sprinklr, and suggested measures to strengthen the state’s Information Technology department’s understanding, selection and implementation of data analytic platforms in the future, according to the government order issued last week.
However, a lot is unknown about what Nambiar and Rai’s report actually found, since the state government is yet to make the report public. Broadly, the committee was looking into whether citizens’ privacy was protected properly, and adequate processes were followed while signing the deal with Sprinklr, among other things.
Instead, the government is now arguing that a detailed examination by experts in the legal, administrative and information technology domain is required on many aspects of the report, on which the previous committee “has not offered its comments” — without even making the report public.
The new committee’s mandate: This new three-member committee is headed by K Sasidharan Nair, former District Judge, and former secretary of the Law Department, and includes Dr. A. Vinaya Babu, retired professor computer science and engineering, JNTUH College of Engineering, Hyderabad and Dr. Umesh Divakaran, professor, computer science and technology, College of Engineering, Thiruvananthapuram as experts. The mandate of this committee is to find:
- Whether the procedures laid down in the rules of business of the Kerala government were followed while signing the deal with Sprinklr, and whether there were any unjustifiable lapses while striking that deal
- The measures taken to ensure data security at various periods of the partnership
- The procedures that might not have been followed while signing the deal
- Analyse the report submitted by the previous two-member Committee headed by Nambiar, and suggest guidelines to be followed in future.
The controversy around using Sprinklr’s software
In early April, Kerala’s opposition leader, Congress’s Ramesh Chennithala accused Chief Minister Pinarayi Vijayan of sharing personal medical details of people placed under COVID-19 with Sprinklr. He alleged that the state’s IT department, led by Vijayan, had awarded the deal to collate personal health data of nearly 175,000 people categorised as “vulnerable and potentially exposed” to the pandemic.
Later in April, the Kerala High Court directed the state government to anonymise COVID-19 related data it had collected through software provided by Sprinklr. The court had also restrained Sprinklr, which runs a portal for health workers in Kerala to record house visits, from advertising the fact that it has COVID-19 patient data.
Sprinklr offers a product for governments — Citizen Experience Management — that can be implemented within 7 days during the COVID-19 pandemic so that governments can “bring immediate relief to panicky citizens”. The product includes building information portals, tracking the spread of the pandemic, and setting up different communication channels between the government and its citizens. The company has two offices in India in Delhi and Bengaluru.
- Explicit consent, anonymisation of personal data collected for COVID-related activities must: Kerala govt
- State government must anonymise COVID-19 data from Sprinklr, Kerala HC rules
- Kerala govt shares COVID-19 personal heath data with American company, row erupts: Reports