The Pinarayi Vijayan led Government has told the Kerala High Court that there are enough provisions in the contract with US based tech company Sprinkler to ensure security of data and there is no breach of privacy.
The Government told the court that at a time when the that entire world is facing the unprecedented crisis caused by COVlD -19, the State took steps to ensure identification of persons affected and initiated measures to safeguard its citizens. These measures included launching Government of Kerala’s direct APP and interactions with Telecom Service Providers to request them to ensure sufficient bandwidth as internet usage was bound to increase due to increased online activities and work from Home measures. The government quoted a study dated 24/03/2020 of experts with Centre for Disease Dynamics Economics and Policy, John Hopkins University and Princeton university, according to which 80 lakh people in Kerala would be affected with COVID between 28.03.2020 and 25.04.2020.
V Manu, Senior Government Pleader told the court , “Crisis management Group of Government was faced with dangerous situation like never before by sheer volume of threat.” He then listed the steps taken and the reasons thereof:
Data Gaps
Physical handwritten forms collected from passengers (coming into the state from outside) were insufficient as there were data gaps with respect to port of origin and residential address. The situation could be handled efficiently with big data network that could be customised.
Need of Multichannel communication network
Multichannel communication network that could handle structured and unstructured data and pass on to supporting IT systems was necessitated.
Paucity of time
Any invitation for tender would be time consuming as these processes of sanctions would consume a month.
Respondent’s capabilities would help Government in:-
● Enriching the identified vulnerable population data
● Establishing communication channel with reverse quarantined people
● Engaging with reverse quarantined and monitoring their health
● Reporting geospatially on health of reverse quarantined
● Identifying vulnerable, requiring focussed attention
Data Protection
SAAS provided by respondent analyses unstructured data in cloud and converts it into structured. Order forms Master Service Agreement with service level agreement and data protection addendum provides for security of data. Privacy policy of company and international data protection norms (GDPR) ensure confidence.
Jurisdiction
Data is localized in (AWS) servers in India, all laws of data protection in country are applicable to this arrangement . Any breach shall come under section 75 of Indian IT act. Additional claims on data breach and agreement violation only need be and can be addressed through the courts of New York.
Legal Justification
Article 47 of Constitution mandates State to have regard to improvement of public health as its primary duty.
A Nine-Judge Bench Supreme Court decision in K.S Puttaswamy held that reasonable restrictions can be imposed on right to privacy in view of State interest or public health.In present case ,right to health of the people and public interest in controlling epidemic would take precedence over the right to privacy.
Data collection is also justified as per provisions of Disaster Management Act, 2005 and Kerala Epidemic Diseases Ordinance, 2020.
-India Legal Bureau