There is nothing wrong in either highlighting the lapses or in reviewing/fixing the terms of contract between the Kerala government and the Sprinklr, a US-based SaaS (Software-as-a-Service) provider, for managing Covid-19 data in the state, says VK Mathews, Founder and Executive Chairman, IBS Software.

A leading player in the travel-transport-logistics sector, IBS provides Saas cloud services to manage mission-critical operations of major global airlines, airports, oil and gas companies, cruise lines and tour operators.

“Sprinklr has offered its services until September 2020, and thereafter, if extended, will charge at rates/fees to be mutually agreed on. Any deficiency while on-boarding it can be reviewed and corrected. And this should definitely be done if Kerala were to engage Sprinklr beyond September 2020,” Mathews said in an Email to BusinessLine from Dubai.

Data privacy laws

The importance of data privacy/ protection cannot be overemphasised and is fully recognised by both the regulators and SaaS providers. There are strict and elaborate regulations applicable to the latter in all jurisdictions of consequence. Normally, the data privacy laws automatically come into play even if protective clauses are not explicitly mentioned in bilateral agreements.

According to Mathews, Government organisations may not have certain capabilities that private sector technology specialists have, and often seek their services for specific needs. Contracting a global company for storing and processing health data, unlike those which compromise national security, does not present any threat since it too is bound by data privacy/protection laws.

Grounds of criticism

“Violations (of privacy laws) will be hugely detrimental to the credibility of the service providers’ own business and can be extremely expensive being a criminal offence,” says Mathews. Critics have taken the State government over the Sprinklr deal citing various grounds

These include weak/nil data privacy/ protection provisions, fixing governing law and jurisdiction under New York, impropriety of engaging a foreign company to process sensitive personal health data, Sprinklr’s lack of experience in healthcare or of HIPAA compliance, and fears that it might commercially exploit Kerala’s successful management of Covid-19.

Jurisdiction, track record

The area of jurisdiction should be changed to India, Mathews says, while pointing out that it is a common practice for SaaS providers to use the laws of their own jurisdiction for dispute resolution and litigation. This is also because there are several jurisdictions where the IP/data privacy legislations are not matured yet and associated legal practices are still evolving.

“I don’t know the envisaged functional requirements and product fitness. However, the experience of Sprinklr in collecting, processing and analysing structured and unstructured data to create digital intelligence for tracking patients, suspects, cross border travelers should be of value in the current crisis context.”

Exploiting state’s reference

It is a generally followed practice in the industry to use customer reference for sales promotion and marketing, however, it should be with the latter’s consent. Kerala should insist that Sprinklr should not use it as a reference without its explicit written consent.

Contracting Sprinklr is a decision taken in a situation of national emergency where time is of the essence; contractual weaknesses, if any, can be and should be addressed later, says Mathews. “We have progressed as a society because of the bold and proactive decisions taken by leaders in different walks of life. Process and procedural compliance is important but it should be viewed in the context of the intent and the outcome. Public shaming of officers will weaken their resolve to take proactive decisions.”

Related Topics
comment COMMENT NOW