KOCHI: The Kerala high court on Tuesday said it cannot, prima facie, agree to the state government’s stance that data of Covid-19 patients and suspects being shared with US-based Sprinklr is not sensitive or privileged.
A division bench comprising justices Devan Ramachandran and TR Ravi questioned the government’s stance while considering a petition filed by Balu Gopalakrishnan of Thiruvananthapuram through advocate Jaykar KS. The petitioner had alleged that data is being shared with the US-based company without obtaining permission from the patients or those under quarantine.
Blog: Level the field - News producers can’t keep incurring the costs while digital platforms drain away profits
During the hearing that began at around 12pm, additional advocate general KK Ravindranath submitted about the data, “What he (petitioner’s counsel) has stated is that the data is saved in the server of a third party. First thing I have to say is that there is no sensitive data.”
To which, justice Devan replied, “That is a contention that you must establish. You can't say that the medical history of a person is not sensitive. Please don't say that. It is a very dangerous submission. Medical data of an individual is certainly covered by by Puttuswamy's judgment (Justice KS Puttuswamy and Anr. Vs. Union of India and Ors). How do you guarantee that the data collected remains confidential in the hands of the third respondent (Sprinklr).”
Read our coronavirus live blog for all the latest news and updates
Further, the court asked what is the need of engaging a third party software-as-a-service (Saas) provider when the number of patients in Kerala is very low. The additional AG submitted that it is only because of the timely intervention and action of the government. The court replied, “We appreciate that. We completely agree also. We are not taking away any credit from you. We are only saying what is the purpose of requiring a third-party service provider at this time. You have your own systems. Own-premise systems are there. There is only one thing that we are concerned about. That the data remains confidential. How can you guarantee us today that the data is remaining confidential? Just guarantee us that.” The additional AG replied that a reply statement can be filed the next day itself.
The court asked whether uploading of data is being continued. When the additional AG answered in the affirmative, justice Devan said, “How do you guarantee us the confidentiality of the data? We do not want you to upload data unless you tell us that the data will be confidential, from the hands of the third respondent (Sprinklr) also. We cannot accept your argument, that is prima facie, that this information that has been taken from the patients are not sensitive. Prima facie, we cannot accept that. You told us that, and that is worrying us. If the Government of Kerala thinks that this is not sensitive, then something is amiss. It's a very sensitive information and we want to know how you are dealing with it, that’s all. We're not against you now. We give you full credit for the control of the pandemic but that doesn't mean that the data you collect from the patients can be just dealt with casually.” The court then allowed time until 12.45pm for the additional AG to respond.
More on Covid-19
When the court heard the case again, the additional AG submitted that the government expects that around 80 lakh persons have to be screened. Responding to the court’s query, he submitted that data is being captured from all those being screened. Data is stored on Amazon cloud service, which is a service approved by the central government. Provisions in the SaaS purchase-order form addresses the concerns of data privacy and confidentiality and all SaaS proceedings globally happen in the same manner, he added.
The court said as far as a citizen is concerned, he is not in any privity with Sprinklr. If there is any breach of confidentiality of information of any individual citizen, he or she only needs to sue the state government, the court said. The responsibility of ensuring that no breach occurs is with the state government, the court added.
Regarding government’s liability, the court said, “First, we were concerned that you said it is not privileged information, which we cannot accept. (The additional AG intervened and submitted, ‘No, it is not like that’). It is very sensitive and privileged information. Please accept that. If the government accepts that this information is privileged and sensitive, then your obligation to ensure that the data is protected is far more than normal. Every information that you are uploading to the server from today is your responsibility. We'll make it very clear to you. We'll hold the State personally responsible, the officers will be personally responsible, whoever, if at all, is found guilty later on.”
A division bench comprising justices Devan Ramachandran and TR Ravi questioned the government’s stance while considering a petition filed by Balu Gopalakrishnan of Thiruvananthapuram through advocate Jaykar KS. The petitioner had alleged that data is being shared with the US-based company without obtaining permission from the patients or those under quarantine.
Blog: Level the field - News producers can’t keep incurring the costs while digital platforms drain away profits
During the hearing that began at around 12pm, additional advocate general KK Ravindranath submitted about the data, “What he (petitioner’s counsel) has stated is that the data is saved in the server of a third party. First thing I have to say is that there is no sensitive data.”
To which, justice Devan replied, “That is a contention that you must establish. You can't say that the medical history of a person is not sensitive. Please don't say that. It is a very dangerous submission. Medical data of an individual is certainly covered by by Puttuswamy's judgment (Justice KS Puttuswamy and Anr. Vs. Union of India and Ors). How do you guarantee that the data collected remains confidential in the hands of the third respondent (Sprinklr).”
Read our coronavirus live blog for all the latest news and updates
Further, the court asked what is the need of engaging a third party software-as-a-service (Saas) provider when the number of patients in Kerala is very low. The additional AG submitted that it is only because of the timely intervention and action of the government. The court replied, “We appreciate that. We completely agree also. We are not taking away any credit from you. We are only saying what is the purpose of requiring a third-party service provider at this time. You have your own systems. Own-premise systems are there. There is only one thing that we are concerned about. That the data remains confidential. How can you guarantee us today that the data is remaining confidential? Just guarantee us that.” The additional AG replied that a reply statement can be filed the next day itself.
The court asked whether uploading of data is being continued. When the additional AG answered in the affirmative, justice Devan said, “How do you guarantee us the confidentiality of the data? We do not want you to upload data unless you tell us that the data will be confidential, from the hands of the third respondent (Sprinklr) also. We cannot accept your argument, that is prima facie, that this information that has been taken from the patients are not sensitive. Prima facie, we cannot accept that. You told us that, and that is worrying us. If the Government of Kerala thinks that this is not sensitive, then something is amiss. It's a very sensitive information and we want to know how you are dealing with it, that’s all. We're not against you now. We give you full credit for the control of the pandemic but that doesn't mean that the data you collect from the patients can be just dealt with casually.” The court then allowed time until 12.45pm for the additional AG to respond.
More on Covid-19
When the court heard the case again, the additional AG submitted that the government expects that around 80 lakh persons have to be screened. Responding to the court’s query, he submitted that data is being captured from all those being screened. Data is stored on Amazon cloud service, which is a service approved by the central government. Provisions in the SaaS purchase-order form addresses the concerns of data privacy and confidentiality and all SaaS proceedings globally happen in the same manner, he added.
The court said as far as a citizen is concerned, he is not in any privity with Sprinklr. If there is any breach of confidentiality of information of any individual citizen, he or she only needs to sue the state government, the court said. The responsibility of ensuring that no breach occurs is with the state government, the court added.
Regarding government’s liability, the court said, “First, we were concerned that you said it is not privileged information, which we cannot accept. (The additional AG intervened and submitted, ‘No, it is not like that’). It is very sensitive and privileged information. Please accept that. If the government accepts that this information is privileged and sensitive, then your obligation to ensure that the data is protected is far more than normal. Every information that you are uploading to the server from today is your responsibility. We'll make it very clear to you. We'll hold the State personally responsible, the officers will be personally responsible, whoever, if at all, is found guilty later on.”
Coronavirus outbreak
Trending Topics
LATEST VIDEOS
City
COVID-19: Delhi-Noida border gets sealed, total chaos at various entry points 
COVID-19: Drones deployed to spot lockdown violators in Madhya Pradesh’s Indore 
COVID-19: Quarantined migrant labourers in Rajasthan's Sikar paint village school in return for good care 
AgustaWestland case: SC dismisses Christian Michel's bail plea citing COVID-19 risk in Tihar jail
More from TOI
Navbharat Times
Featured Today in Travel
Quick Links
Kerala Coronavirus Helpline NumberHaryana Coronavirus Helpline NumberUP Coronavirus Helpline NumberBareilly NewsBhopal NewsCoronavirus in DelhiCoronavirus in HyderabadCoronavirus in IndiaCoronavirus symptomsCoronavirusRajasthan Coronavirus Helpline NumberAditya ThackerayShiv SenaFire in MumbaiAP Coronavirus Helpline NumberArvind KejriwalJammu Kashmir Coronavirus Helpline NumberSrinagar encounter
Get the app