Kochi: The opposition Congress in Kerala is escalating its charges of privacy data breach by the CPM-led government amid the coronavirus scare in the state.

A day after Chief Minister Pinarayi Vijayan refuted the allegations that the government has shared the personal medical details of thousands of people under COVID-19 surveillance with a US-based company, leader of the opposition Ramesh Chennithala on Sunday shot up 15 questions to the CM. Chennithala said Vijayan was concealing crucial information relating to the deal with US-based marketing firm Sprinklr.

Chennithala had on Friday asked several questions on why the data of COVID-19 patients and suspects - considered as protected health information in many countries – is being fed into the server of the US-based firm. Refuting the Congress' leaders charges, Vijayan on Saturday said the firm, owned by a Keralite, was offering free services to Kerala as an appreciation for its efforts to tackle COVID-19 and care for the elderly people.

The chief minister also refuted the allegation that Sprinklr was a public relations (PR) firm. Chennithala, in the first of his 15 questions on Sunday, contested this claim.

“The chief minister says Sprinklr not a PR firm. However, the company's website says it offers PR services too. Which is right?” he asked.

According to the company's website, its products include modern marketing, advertising, research, care and engagement.

Chennithala reiterated his doubts over the company's server. “The CM says that the data collected from the state would be stored in a server in India only. However, the company's website says all the data with it is stored in its server in America. Which is right?” he asked.

He also wanted to know if the company could handle the data from the US even if the server is kept in India.

“Why doesn't the data collected at the government level get uploaded on the government's data centre? Why is it directly uploaded to the web portal of www.sprinklr.com. Who has given permission for this?” reads another question by Chennithala.

He asked why was a US-based firm entrusted with a task that government agencies like C-Dit or IT Mission can carry out.

Chennithala raised a serious allegation that the company was involved in the controversies over misuse of data during the US election.

Here are the other questions raised by Chennithala:

1. Isn't it illegal to upload personal data of the people of the state into the US firm using the government machinery? Doesn't it amount to mortgaging the people's data to the US firm?

2. Can the chief minister guarantee that the company will not sell the data?

3. The company, in its website, says it can hand over or sell the data in its possession to someone else under certain special circumstances. How can the chief minister then say that the data of our citizen will be safe with the firm?

4. The chief minister says the WHO is also availing the company's services. Does the CM know that the company only hands over the data regarding the number of reported COVID-19 cases to the WHO? Personal data of the patients are not handed over. Then why did the CM try to mislead the people?

5. Has the government followed the legal steps before assigning Sprinklr to collect such very serious data? Was there a global tender call for this?

6. Has the government signed a contract with the company? If yes, when was it signed? Was it signed with an Indian citizen?

7. Who allowed the US company to use the state government's emblem?

8. Is the chief minister unaware of the fact that this company had landed in a controversy surrounding sharing of data for Donald Trump's presidential election campaign?

9. Had the secretary to the chief minister, M Sivasankar, who is also the state IT secretary, been given permission to act in the company's advertisement?

10. Will the chief minister reveal the real intention behind allowing the company, involved in the US election row, to collect data from Kerala in the cover of COVID?