Governments cannot avoid doing business with SaaS (software-as-a-service) companies, and do not have a choice in the matter, Vinod Vasudevan CEO, Flytxt, has said.

Flytxt, is an Amsterdam-based company that provides Artificial Intelligence (AI)-driven customer engagement solutions to enterprises and specialises in Big Data analytics. It operates in India from offices in Mumbai and Thiruvananthapuram.

Vasudevan told BusinessLine from Dubai that government agencies are increasingly adopting cloud solutions to cut down on capital expenditure (capex) without compromising important public services. He said this in the context of the controversy over the Kerala government engaging US-based Sprinklr to collate and aggregate personal health details of Covid-19 patients in the State.

Addressing privacy issues

“Use of cloud enables governments to reduce the total cost of ownership (TCO), both directly and indirectly, which is catalysing the growth of the government cloud market,” Vasudevan said.

But an appropriate data protection and data localisation law is needed for this. Once such a law is in place, it becomes easier for a SaaS company and the purchasing government to reassure themselves that necessary data security measures are in place.

Its absence is bound to create different expectations of data privacy, multiple interpretations and resulting confusion.

“I do not think there is anything expressly wrong with the Kerala Government’s intentions. A proper technology solution for managing data and engaging with the target population was, in my view, an absolute necessity,” Vasudevan said.

Governments at all levels are harnessing technology — data analytics, predictive modelling, citizen engagement etc — to tame Covid-19. Cloud environments and SaaS services are the natural choice for urgently addressing rapidly changing situations like this pandemic, as they can be operationalised very quickly and scaled up and down on demand.

In any case, non-disclosure agreements (NDAs) are typically not meant to offer data security, but to ensure that information exchanged by parties prior to entering into a business arrangement are treated as confident by each other.

In the present case case too, the purpose is ‘to explore a business opportunity of mutual interest and benefit.’

Urgent need for data protection law

It would be very unusual if anyone intended or interprets this NDA to cover the confidentiality of personal data shared for fulling the services under the business arrangement.

“As I said, we must have a data protection law in place as quickly as possible. There is a Bill in Parliament for this purpose, however, since there is no data localisation law in India, you cannot say that the Kerala government erred here," said Vasudevan.

But having said that, it would have been prudent to make that a requirement in the first place and subject it to Indian jurisdiction, especially considering the very sensitive nature of the data under question, he added.

Local capacity available

Answering another question, he said that many public and private institutions in India process much higher volumes of data than the entire population of Kerala.

“We have services like UIDAI that cater to huge volumes of data and transactions. I know of businesses that process data and engage with a quarter of the population of India every day. There certainly is capability and technology know-how with local and domestic institutions,” he said pointing to the capacity available locally within India.

But it is not just a question of having the capability and know-how, but also how many of them are visible and hence known to be able to provide such services and also how many of them, if any, stepped in to offer the services, Vasudevan added.