Legal framework needed for data protection

Manipulation of voter preferences through social media can only be countered by enactment of a proper law, says ASHIT KUMAR SRIVASTAVA.

Legal framework needed for data protection

Photo: iStock

Someone has correctly said that modern-day elections are fought on social media, and rightly so. Social media websites have become excellent apparatus for narrative-setting and identity politics in India.

They have become a tool for political communication among Indian masses; in research taken out by Reuters Institute, majority of respondents were found to use Facebook as a news source.

This dependency on social media and messaging applications has brought a new digital element to Indian elections.


Significantly, the impact of social media websites and messaging applications on young and undecided voters makes them the swing vote in any election. This marginal shift of voters from one inclination to another has led to several marginal victories for India’s political parties.

In the recent Bihar assembly election, the use of Whatsapp increased two-fold, an acknowledgment that the capacity of the messaging application to penetrate diverse social strata is unparalleled.

However, the ability of the messaging application lies in its end-to-end model; the fact that messages in Whatsapp are end-to-end encrypted leaves no scope for the service provider to keep a check on content shared among individuals or groups, and political parties have used this feature of the application for floating fake news in and around the election period.

This creates a divisive ambiance, something which Whatsapp acknowledges and which has led to limits on the number of persons to whom a message can be forwarded.

Also, the message will say it has been forwarded.

While an appreciable step yet, it is not a significant means to curb floating of fake news by millions of volunteers of political parties, who are working at district and constituency level. This content can create divisiveness, especially because there is no fact-checking mechanism in Whatsapp.

Floating of content on messaging applications is not illegal per se but floating of fake news capable of causing divisiveness in society and hampering the decision-making power of the voter is a direct breach of the informational privacy of an individual. As per reports taken out by several newspapers, volunteers creating these Whatsapp groups at the district and constituency level can categorise voters through public and non-public data.

Public data is something which is available in a public forum easily, and could include the students list of a college, or the number of people living in an apartment. Non-public data personally identifiable information about individual, which generally is not available in the public domain. When public data is mixed with the non-public data, it identifies an individual, and categorises the voter.

This helps in identifying what kind of messages should be sent to the user. It cannot be denied that Whatsapp has been utilized for spewing hatred and misinformation. And who is to be blamed? There is an abundance of meta-data available regarding an individual at different forums which can be efficiently utilized for voter-profiling.

However, this does not fit well with the agenda of informational privacy and decisional autonomy of an individual, something held to be sacrosanct in the K.S. Puttaswamy judgment (2017) of the apex court.

The core problem with social media websites and messaging applications lie in their moderation standards. While in the case of social media websites, there are over-worked and underpaid manual moderators across the globe; in Whatsapp, moderation is difficult. How can there be moderation of content if it can only be seen by the sender and receiver.

This model reflects the company’s commitment to privacy, yet it also becomes fertile ground for voter-manipulation and the spread of misinformation.

Therefore, instead of emphasizing moderation standards in Whatsapp, it would be better to put obstacles in voter-categorization, which will by default bring down the amount of targeted content being shared within a closed group. One way of putting a curb on voter-categorization is to curb the retrieval of non-public data collected by political volunteers from various sources.

If I share my cell-phone number after making a purchase of a T-shirt at a branded store and that data is retrieved by volunteers, that piece of information would give an insight into my shopping habits, the amount of money I spent on clothing and would also be an insight into my economic background.

These pieces of information are a great leverage point for voter-categorization and targeted posting. However, the solution to this problem lies in the K.S. Puttaswamy judgment, along with the Personal Data Protection Bill, 2019.

The privacy jurisprudence in India is still in its nascent stage, yet the privacy principles as coded in K.S. Puttaswamy give enough leeway for recognition of the principle of ‘purpose limitation,’ something which also finds mention in the PDP Bill, 2019. Purpose limitation is a universally recognized tenet of limiting the usage of information to its original purpose.

If I am sharing my information at a store where I bought my clothes, I might be providing data only to avail future offers on clothes. So, the purpose of that information is limited and cannot go beyond it.

Yet the irony remains that the PDP is still a bill in India. Once it turns into a full-fledged law, it will give the Data Protection Officer enough power to keep check on non-public data and lead to strict application of purpose limitation, breach of which would be a punishable offense.

The writer is Assistant Professor of Law, National Law University-Jabalpur.