The Kerala government has filed a statement in the High Court rejecting charges of illegality in its IT contract with a US firm for processing data related to COVID-19 patients and contended that initiation of penal actions for breach would fall within the ambit of Indian IT Act.
Considering a plea seeking quashing of the state government’s contract with the US-based IT firm Sprinklr, the Court on April 21 had sought to know as to why foreign jurisdiction was included as a clause in the deal for adjudication of possible disputes.
The case has been posted for Friday for further consideration.
In response to various contentions raised in the plea, the state government has filed in a statement in the High Court as directed by it.
“It is pertinent that data resides in India and hence there would no issues of jurisdiction.
Even if any breach occurs from outside India, Section 75 of the IT Act empowers initiation of prosecution within India provided such breach impacts a computer or computer resource within India,” the government said in its statement.
The government also contended that legal department’s scrutiny was not required for signing the deal as it was an issue of a purchase order to avail the service of a readymade software application, with the set of conditions binding to the purchase that accompany it.
During the hearing, the court had asked why the contract was not referred to the law department before signing it.
Noting that the head of Administrative Department has the full authorisation for issuance of a purchase order for goods or services with price less than Rs 15,000, the government said, “in this case the service is offered on probono basis and hence there is no cost involved i.e. the cost involved is zero.”
“None of the rules or procedures in Government necessitates that the purchase order being issued by an Administrative Department for the purchase of any product or service, is to be scrutinised by the Law Department.
Hence, this is not bypassing of Law Department and the matter did not require any consultation with the said department at all,” the government clarified in the statement.
It claimed that the user was properly informed in the terms and conditions that the data would be used for the COVID-19 purpose only.
“The contention in the writ petition that the details regarding the beneficiaries of the public distribution system is allegedly stored with the third respondent, is wrong”, the government said.
Referring to the clauses in the agreement, the government submitted that there is sufficient protection with respect to any data that the IT company may have access to.
“It not only gives the government, as opposed to the third respondent (Sprinklr), full control and right over the data of the people, but also obligates the third respondent to take appropriate measures to protect such data,” it said.
Observing that a citizen was not privy to the deal signed between the state government and the foreign company, the court had said that the state government will be held as responsible, if the firm misused the data.
Justifying its deal with Sprinklr, the government submitted that the COVID-19 pandemic has resulted in a situation of emergency, which is being compared to a war-like circumstance by many experts.
“In such a situation, urgent policy decisions have to be taken by the democratically elected government in its executive capacity in the interest of public health and public interest, and it must be given a greater free play in the joints so that it is better able to perform its functions,” it said.
The state government had entered into a contract with the IT company based out of the US, owned by a non resident Keralite, wherein the data of suspected and actual patients of the COVID-19 virus will be collected using government machinery and is uploaded to the foreign firm’s web server on a daily basis.
The IT company in turn will provide actual data to the State machinery after analysis, for better understanding and treatment of the pandemic.
In his plea, petitioner Balu Gopalakrishnan said the only concern is whether the data stored in the web server of company is safe and whether it can be used by the company for monetary gains.