Sprinklr controversy stoked debate on Kerala’s data policy and allied e-governance decisions of the state government. But, after the assembly elections of 2021, the discussions on such topics evaporated from the state.
In December 2021, Kerala High Court in a suo moto case in connection with the Sabarimala Virtual queue system flagged data privacy. The high court had asked who all had access to data on the website Sabarimala Online Services, used for virtual queue management.
Notably, the portal has been managed by Kerala Police, while the technical assistance has been done by Tata Consultancy Services (TCS). Recently, the court ruled that the management of the virtual queue system should be transferred from the Kerala Police to the Travancore Devaswom Board(TDB) as the former has no right to manage a system related to temple affairs. The judgement pointed out that though police have the right to obtain data from the system for maintaining law and order in the temple premises, they should not be directly involved in the management of the virtual queue system. The court has also directed TDB to ensure the privacy of data provided by users.
In the judgement, the court referred to the advertisements displayed by the Kerala Police on the portal and made it clear that the latter do not have any right to display any advertisements on that web portal and earn revenue. "Similarly, the State Government has absolutely no authority to accord sanction to the Kerala Police to accept advertisements in a virtual queue system, to meet the expenditure towards its maintenance," the judgement said. Notably, Sabarimala Special Commissioner and District Judge in a report submitted before the Kerala High Court observed that "TDB may be directed to take steps to register the trademark/obtain a patent of the intellectual properties of the deity and Devaswom and to prevent its misuse and usurpation of revenue by third parties".
Implicitly, the judgment in the Sabarimala virtual queue system has curtailed an e-governance project managed by the state government. Because it removes Kerala Police from the middlemen role it had in the system. Meanwhile, if the judicial body has to intervene every time the government or its extensions roll out e-governance and digital service projects, then it suggests that something is foundationally wrong.
In spite of many occurrences that flag lapses in the way the state handles such projects, the authorities concerned fail to address core factors which trigger such issues. They often fail to spot the elephants in the room. However, ‘Eleventh report of the Administrative Reforms Commission’ published in January 2021 had a review on e-governance and digital transformation in Kerala. To an extent, it has pointed out the flaws and fault lines in the present system, which in a sense give a plank to understand why e-governance and digital service projects are prone to misfire. Also, the findings corroborate the issues that have been raised by experts for a long time.
According to the report, "only a few departments have qualified technical persons who can function as business analysts and have awareness of technology, technical solution process and management of e-Governance applications". The report also clearly points out that the use of obsolete technology and applications, poor functionality offered to users and a pool of technically equipped officials are negating the purpose of e-governance and digital service projects.
Another aspect flagged in the report is that the government has a high dependence on state-run Total Solutions Providers (TSPs) like NIC, C-DIT, and Keltron for its various projects. But even government insiders stated that some listed TSPs fail to provide expected functionality. This is when they are forced to approach private parties or consultancies. Here again, the issue is that there is neither an adequate policy framework nor a pool of talents to regulate and monitor them. This highlights the need for capacity building from the grassroot level. For that, the government must focus on improving bodies like the LBS Centre for Science and Technology (LBSCS&T) which was established for setting up and running institutions of technical education. The curriculums of varsities in the state should be updated. Similarly, startups and companies in the state, which employ the latest technologies should be promoted. All of these can foster a pool of individuals with technical knowledge and in turn, will create a favourable ecosystem.
Not just that. Capacity building in e-governance and digital service is inevitable to ensure cooperative federalism. Political equations between state and union government should not compromise the projects here and over-dependency should be avoided. The state should be self-reliant and equipped to build systems that deliver the requirements of the state.
Meanwhile, rolling out projects without proper regulatory mechanisms in place is a problematic trend. The pursuits of the government and its agencies to become a data custodian should be under check. Likewise, showing no concern for human rights and technology design in the pursuit of techno-solutionism is unsavoury. Belittling the informed consent of the citizens is also not a good practice. According to public interest technologist Anivar Aravind, rolling out e-governance and digital service projects without a robust IT policy is an issue.”The irony is that the state declared access to the internet as a basic human, but has no competent measures to ensure the data security of the citizens. Privacy engineering is also a matter that requires immediate attention. We must clearly define what data points the government will collect and what it will not,” he said.
Aravind also pointed out the government should have measures to scrutinize whether the agencies (private players or consultancies) that it approaches for various projects have proper authorizations.
To know further about these aspects, Mathrubhumi.com had intimated a top police official looking over the department's mobile apps to know what all data it collects. The official maintained that only phone numbers are collected. However, digital rights activists flag that the official may not be aware of the various data points on which these platforms or apps are working, including location. Similarly, when asked about the ethical framework with which the health department rolls out the digital service projects, an official concerned pointed out that “a better IT policy is in the consideration of the government”.
Not just privacy concerns, but also little attention is given to the quality of data the state government collects. Currently, departments under the government follow the 'collect all method', according to experts in the field. However, they pointed out that the data is neither properly codified nor audited. As a result, the usability of such databases is very limited. It is important to note that the state government does not even have a family database other than the data from ration cards. While the quality of data in ration cards is there again a big question. The government should be transparent about how the data will be used and should focus on public messaging on how data sharing is beneficial to the citizens.
The state does not have an exclusive and holistic policy/legislation on digital transformation. Aspirations like establishing a digital society do not happen unless backed by appropriate/comprehensive policies and frameworks. Or else commercial and political interests will be overshadowing such projects.