Nearly a month after rejecting charges of illegality in its IT contract with a US firm for processing data related to COVID-19 patients in the state,the Kerala government on Thursday informed the High Court that the US-based IT firm Sprinklr will have no role in analysing the data.
In an affidavit, the state government has submitted that it has now "full and exclusive ownership of the data" which will be analysed by state-owned CDIT.
"There is no basis for apprehensions on the use or abuse of data," the government said in its counter filed to deny the averments made in a batch of writ petitions seeking quashing of the state government's contract with Sprinklr
The government submitted that the data collected is stored in the Amazon Web Server (AWS) account owned fully
by CDIT, which is a Government institution. It also stated that the Amazon Cloud Web Server, which has signed a Non Disclosure Agreement with the Goverment of India, is one among the 12 cloud providers empanelled by the Union Ministry of Electronics and Information Technology and subjected to audit by STQC, an internationally recognized
Assurance Service providing organization.
"...insofar as the data is residing in C-DIT control and with it being processed in the servers in the control of C-DIT through the use of the third respondent's software deployed in the control of C-DIT, there is no transfer of data to third party," the state government said.
On April 24, the High Court had restrained the US-based IT firm from analysing or processing the data related
to COVID-19 patients and directed it to retransfer to the state government, any data it has obtained.
In an interim order on a plea seeking to quash the state government's contract with Sprinklr, the High Court
had also directed the state government to anonymize all data of COVID-19 patients collected by it and allow the IT firm to access data only after completing the anonymization process.
The state government had entered into a contract with the IT company based out of the US, owned by a non resident Keralite, wherein the data of suspected and actual patients of the COVID-19 virus will be collected using government machinery and is uploaded to the foreign firm's web server on a daily basis.
The IT company in turn will provide actual data to the State machinery after analysis, for better understanding and treatment of the pandemic. Earlier, the Kerala government had filed a statement in the Court,rejecting charges of illegality in its IT contract with a US firm for processing data related to COVID-19 patients in the state and contended that initiation of penal action for breach would fall within the ambit of Indian IT Act.
The main demand of the opposition Congress and the BJP was to stay and cancel the agreement. The Centre had also filed a preliminary statement in connection with the case, saying sharing of sensitive data, especially of health related information of large number of people, is to be resorted to in a very careful manner.
In his plea, petitioner Balu Gopalakrishnan had said the only concern is whether the data stored in the web
server of company is safe and whether it can be used by the company for monetary gains.