For the best experience, open
on your mobile browser or Download our App.

Your Personal Data, Their Political Campaign? Beneficiary Politics and the Lack of Law

As the 2024 elections inch closer, a look at how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means to create voter profiles for targeted campaigning.
Illustration: Pariplab Chakraborty

In the months leading up to elections, electoral candidates and political parties make large investments into campaigns, rallies, outreach, and other modes with which they can reach voters and influence popular vote. A prevalent way of doing this is targeted outreach, or what is commonly known as ‘votebank politics’, where parties can appeal to certain socio-economic groups specifically by outlining the kind of welfare they can bring to the groups.

However, in recent years, parties have resorted to questionable means of collecting demographic data for the purposes of targeted campaigning. By tapping into government databases and accessing beneficiary information across schemes, or by means of online ‘surveys’ and mobile apps, parties are able to extract a lot of personal information about voters and create 360° profiles to run extremely targeted campaigns. This video by Shivam Shankar Singh titled ‘Weaponising Data for Politics’, explains how precisely parties are able to draw voter profiles from data accessed by dubious means.

Recently, the Ministry of Electronics & Information Technology (“MeitY”) used a government-run account to send a WhatsApp message to millions of users, Indian citizens and otherwise, seeking feedback and suggestions on the incumbent government’s initiatives. We unravelled the message and its legality in depth in this blogpost. But amid the chaos, among the first and most pertinent questions we collectively asked was – how does the government have my number, and where did they get it from?

This article attempts to highlight some ways in which electoral candidates and parties may access personal data such as contact information for electoral benefit, and put this practice to test against established privacy principles.


In the run up to the last Lok Sabha elections in 2019, many parties and candidates were reported to engage in such practices:

  • Bharatiya Janata Party Union Minister Prakash Javadekar reportedly said in context of the ongoing Rajasthan elections, “beneficiaries are present in every poor household, and their testimonials are our campaign” and that government scheme beneficiaries are “not only targets”, but are also “new addition to us [our voter base].”
  • The Sevamitra app, created by a private vendor IT Grids Pvt. Ltd. for the Telugu Desam Party to conduct voter surveys, also collected biometric information, polling booth-level voter data, and helped the party in profiling voters in Telangana and Andhra Pradesh. Through this, in April 2019 and just before general elections, the company was also able to illegally access the Aadhaar data of 7.8 Crore Indians, and was booked by the Telangana police for data theft.
  • In Maharashtra, district-level Bharatiya Janata Party karyakartas (workers and volunteers) were asked to identify and “tap” beneficiaries of union and state-level development schemes for campaigning before the 2019 general elections.
  • Bharatiya Janata Party Union Minister Amit Shah tasked party volunteers to reach out to each of the 22 crore+ families that benefited from different schemes run by the Narendra Modi government and turn them into potential backers in the 2019 general election.
  • This report by The Wire carries in-depth analysis on how political parties access personal beneficiary data stored in state resident data hubs and other scheme databases for targeted campaigning.

But it certainly did not come to an end after the 2019 elections.

  • In 2021, Bharatiya Janata Party in Uttar Pradesh reached out to beneficiaries of several state welfare schemes, calling them the “biggest voter class cutting across castes and communities.”
  • In 2023, news reports show how the Biju Janata Dal is distributing benefits of government schemes in Bhubaneswar to strengthen their vote bank by taking away lands meant for entitled beneficiaries.
  • Several parties have tapped into electricity and water bills of households to build 360° socio-economic profiles for specific groups of voters.
  • In 2023,  young voters in Bengaluru reported getting calls from canvassers belonging to Aam Aadmi Party, Indian National Congress, and Bharatiya Janata Party from constituencies they were not even registered in. They also received automated messages from the Bharatiya Janata Party and Congress asking them to vote for particular candidates, and even prompting them to record a message which would then be sent to Party presidents.
  • In 2024, All India Trinamool Congress unwittingly revealed having access to personal details of scheme beneficiaries in West Bengal by posting a screenshot on their Twitter/X handle.

While using demographic data for targeted campaigns is not new in Indian elections, several issues emerge once political parties are able to tap into databases owned by the union and state. Electoral candidates and parties are non-governmental organisations, and should not have unchecked access to government-owned and run databases which possess personal data of a large number of individuals. Further, collection of personal data by political parties to run targeted campaigns could be a function creep, which is when individuals give up their data for one purpose, eg. for a scheme or a political party survey, but it is used for a completely different purpose, such as targeted campaigns.

What does the law say?

On electoral conduct and propriety, the Election Commission of India (“ECI”) issued a Voluntary Code of Ethics in 2019 – but it fails to adequately address campaigning practices which include accessing voter data. In ‘Regulating Diffuse Actors in India’, Amber Sinha argues why the current ECI rules and Codes of Conduct are not adequate or comprehensive enough in the context of new-age digital campaigning. They are further non-binding and lack the force of law. On March 19, 2024, the ECI further released a Model Code of Conduct, which falls silent on methods and means of voter outreach. It only regulates the use of the parties’ official channels of mass communication during the election period for partisan coverage of political news and publicity regarding achievements. Currently, this is a gap regulators must fill, but it is worth considering if the ECI is the right body to fill it.

By accessing and processing personal data of scheme beneficiaries and potential voters, electoral parties fall within the mandate of India’s data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) (which also makes MeitY the regulator responsible for addressing the gap). However, the Act is not in force yet and will not be until after the 2024 General Elections, leaving valuable personal data open to arbitrary access and misuse by actors for yet another election cycle.

Even when the DPDPA comes to life, some of its loopholes and grey areas can be leveraged for political gains. The union government enjoys a range of powers to exempt itself from various obligations created by the Act, and data collected by the government can be exempted from privacy and surveillance safeguards as well. For instance, Section 7 of Act can allow data fiduciaries to not obtain the informed consent of the data principals (or voters) and assume the consent if the processing was considered necessary as per “certain situations”. Specifically, Section 7(b) gives “state instrumentalities” a concerning amount of liberty to process the personal data of voters if they previously ever consented to its processing, or if such data is maintained by any instrumentality of the state.

When a party forms a state or union government, it can amass and come in possession of a large amount of personal data relating to various schemes and services. The DPDPA can further confer them with unbridled powers to process, use or share this personal data with third parties or affiliates – without checks and balances – in a manner that may benefit the party later on in an election, say for targeted campaigning. Therefore when it comes to data processing, use, and possible sharing, it is difficult to say if the DPDPA will be able to put a definitive end to this manner of targeted campaigning.

Another glaring gap here which laws may not be able to fix is the lack of data empowerment and ownership in the country. While yes, Indians are becoming uneasy with the data-gathering potential of mobile apps or government schemes to an extent, a large chunk of the population is still unaware and unempowered about the ways in which they are being surveilled, profiled, and targeted for a vote. We hope to see a rise in voter literacy and empowerment in the coming elections. Voter empowerment is a vital step to ensuring free, fair and democratic 2024 Lok Sabha elections, and it includes voters taking control of their data privacy.

This article was originally published on the Internet Freedom Foundation website.

Make a contribution to Independent Journalism
facebook twitter