Kerala High Court has raised concerns over data privacy of COVID-19 patients while hearing the case today
Pfizer, an American multinational pharmaceutical corporation, is not buying any data from Sprinklr, which has COVID-19 patients’ data collected in Kerala, the drugmaker has said.
On Monday, Kerala media had reported that Sprinklr, a US-based social media management company that has been entrusted to do a survey among COVID-19 patients in the state, has been collecting data and selling it to Pfizer.
In an exclusive emailed comment to The Lede, Pfizer said that it has not partnered with Sprinklr in COVID-19 patient data collection from India.
“We have not partnered with Sprinklr to support the provision of any COVID-19 patient information from India. We use Sprinklr’s platform to manage content on our social media channels,” Roma Nair, Global Media Relations – AsiaPac & China at Pfizer Inc, said.
The Kerala media had quoted a 2017 speech of Sarah Holiday, the Pfizer Social Media Strategy Lead, where she states that the drugmaker uses a tool called Sprinklr that helps manage social channels in one place – to publish, listen and monitor and moderate comments all in one place.
Nair added that, “Pfizer has reviewed news reports on access to COVID-19 patient data appearing in certain sections of the media and has found these to be entirely baseless.”
Sprinklr, a Rs 15,000 crore valued Keralite-owned US-based company, has reportedly collected data of 1.75 lakh COVID-19 patients in Kerala.
Even though queries on data sale was sent to Sprinklr, a reply was not received when this story was filed.
Owned by Ragy Thomas, a Keralite, Sprinklr works with more than 1000 large enterprise global organisations, like Allstate, McDonald’s, Microsoft, NASA, Nike, Philips, Procter & Gamble and many others.
During the first week of April, Kerala’s Opposition leader Ramesh Chennithala said in a press conference that the Kerala government had allowed Sprinklr to collate and handle the health data of 1.75 lakh people under quarantine without taking the consent of patients.
The data collected includes health condition of patients and even medicines used by them.
The Congress leader said that the same work could have been done by the Centre for Development of Imaging Technology (CDIT) and Kerala State IT Mission and the state government had not taken consent from any government departments.
The Communist Party of India (Marxist)-led Kerala government had said Sprinklr’s tool was offered free of charge as a software-as-a-service (SaaS).
However, official documents reveal that the tool is free until September only.
Last week, responding to media queries, Kerala Chief Minister Pinarayi Vijayan had said that queries on Sprinklr had to be asked to the state IT Secretary.
Later on, in interviews with different news channels, IT Secretary M Sivasankar IAS, owned up to taking the call on signing a deal with Sprinklr.
Sivasankar, who is also the private secretary to Chief Minister Pinarayi Vijayan, said that he had not sought the law department’s guidance before signing the deal with the American company.
“It was my professional decision to agree. I had examined all sides of the deal. There was a consensus that a technology platform was required to handle the situation. So I decided to choose that platform and take the project on board,” he said.
The IT Secretary had appeared in an advertisement video of the Sprinklr website. But it was later removed when the controversy erupted.
Even as he pointed out that the Law department’s permission was not required for the purchase order, he maintained that he would rectify his mistake, if there was any.
Meanwhile, Kerala law minister AK Balan said the IT department has done nothing wrong in entering into an agreement with US company Sprinklr on data storage.
“There was no need to get the clearance of the law department since it is a temporary agreement,” he added.
On Monday, when mediapersons asked about Sprinklr and Pfizer connections at a press conference, Pinarayi responded that “I am not here to comment on such issues. I am here to brief on COVID-19 combat.”
The Sprinklr data row is troubling the Communist Party of India (Marxist) as it had aggressively protested over data privacy concerns in the past.
Interestingly, the CPM was the only political party in India which promised to stop ‘bulk surveillance’ and also scrap the Aadhaar biometric system of identification for welfare measures, which has faced its fair share of controversy since its initiation like the data breach in 2018 where the information of 1.1 billion people was exposed.
Meanwhile, today, the Kerala High Court sought explanation from the Kerala government on the foreign jurisdiction clause in the IT contract with Sprinklr, and also regarding the omission to seek sanction from the law department before finalising the deal for processing data related to Covid-19 patients.
Justice Devan Ramachandran directed the government to file a statement by April 24, when the matter will be considered again.
Justice Devan expressed concerns about the confidentiality of citizens' data processed by a third party, and also about the jurisdiction being kept as New York for adjudication of possible disputes.
"We are proud that Kerala has done well in controlling COVID-19. But we have also concerns about data confidentiality," Justice Devan said.
"A citizen is not privy to the contract between Kerala government and the company. If that company misuses the data, state government is responsible. If there is a breach tomorrow, the state government will have to go to New York. We do not know why Kerala chose New York as the jurisdiction,” Justice Devan added.