Kerala High Court on Tuesday asked the state government to explain why it had not sought legal opinion before striking a deal with a US-based firm on processing data related to Covid-19 patients, raising a privacy point but lauding its effort to battle the pandemic.

“We are proud that Kerala has done well in controlling Covid-19. But we are also concerned about the confidentiality of data,” Justice Devan Ramachandran told additional advocate-general Ranjith Thampan.

“We need an explanation on why the contract was not referred to the law department,” Justice T.R. Ravi, the other judge on the bench, said.

The court observed that the state government would be responsible if the American company, Sprinklr, misused the data and would have to fight the case in New York if there was a breach of privacy.

The bench asked the CPM-led government to file a statement on Wednesday and fixed April 24 for the next hearing.

The Kerala government had earlier explained the urgent need for a cloud-based data analytics tool since the state had been projected to have more Covid-19 cases than it finally had to deal with.

Sprinklr, whose founder and CEO Ragy Thomas is a native of Kerala, had offered the tool free for six months.

While the state government was busy battling the virus, the Opposition Congress raked up the data privacy issue. Opposition leader Ramesh Chennithala called a media conference last week where he alleged a “Rs 200-crore data scam”.

Later, a lawyer, Balu Gopalakrishnan, had filed an independent petition in the high court seeking an interim directive to stop all upload of the health data using the Sprinklr software.

At Tuesday’s hearing, the bench of Justices Ramachandran and Ravi expressed concern over the privacy of the data being processed by a third party and the jurisdiction of New York for any future litigation, according to the agreement.

Justice Ravi alluded to television interviews that M. Sivasankaran, principal secretary, IT department, had given, admitting the department had skipped taking legal opinion because of the urgency of procuring an efficient and secure data analytics tool.

The official had said the need then was urgent since up to 40 per cent of the state’s 3.5 crore population was at risk of infection. The state government had later projected the number at around 2 lakh, based on its containment efforts.

The court asked if the state government didn’t have its own data centre and whether it wasn’t enough to handle the data of 2 lakh people.

The bench asked additional advocate-general Thampan to respond in 15 minutes but later allowed time till Wednesday after hearing him.

The court made it clear it was not against the government and just wanted clarity on the matters raised by the petitioner.

Kerala reported 19 new Covid-19 cases on Tuesday, taking the total number to 426, including 117 under treatment in hospitals and two deaths.

When the court asked why the data analytics tool was still in use after Covid-19 cases had come down, the state’s counsel said the government was monitoring about 80 lakh people even now.

The counsel said the data was stored in the cloud server account of the state-run Centre for Development of Imaging Technology (C-DIT). While the data had initially been stored on Sprinklr’s own servers, the state government had hired C-DIT to store the data in its Amazon servers based in Mumbai.

State BJP chief K. Surendran told a media conference on Tuesday his party might implead itself in the data privacy case if the government did not clarify why it had not taken legal opinion before signing the contract with Sprinklr.