IFF: New Delhi: Saturday, 30 May 2026.
An RTI was filed with Digital India Corporation in order to seek details on the Viksit Bharat Sampark's WhatsApp initiative's start date, outreach medium, funds allocated, etc. Therefore, IFF publishes an analysis of the response received
Recently, an RTI response
was shared with the Internet Freedom Foundation revealing the allocation of
funds towards the Viksit Bharat Sampark Whatsapp initiative. The response also
disclosed that the outreach mediums included WhatsApp chatbots, AI bot calls,
and manual calls, and relied on beneficiary databases developed for flagship
schemes as well as TRAI’s universal wireless telephone subscriber database. IFF
had previously written about it here and
filed an RTI in
the regard as well.
This blog further analyses the RTI response.
Background
In March 2024, several WhatsApp users had received messages from a verified business account named “Viksit Bharat Sampark.” The message contained a letter from Prime Minister Narendra Modi seeking feedback and suggestions on Government of India initiatives. Following this, an RTI application was filed seeking details on the Viksit Bharat Sampark’s WhatsApp initiative’s start date, outreach medium, the number of people contacted, the source of and extent of data collected, financial allocation, data sharing practices, suggestions received, and whether any private institutions had been contracted for the initiative.
The first RTI response however only disclosed limited information. The response disclosed that the WhatsApp outreach initiative had started on 15 March 2024 and that no expenditure had been incurred by MeitY “so far”. The remaining information was withheld under Sections 8(1)(d), 8(1)(t), and 8(1)(j) of the RTI Act, 2005. These provisions relate to information such as commercial confidence or intellectual property, cabinet papers or records of ministerial deliberations, and personal information where disclosure may amount to an unwarranted invasion of privacy.
The applicant then filed a first appeal, arguing that the RTI application had been repeatedly transferred following a complaint before the Central Information Commission under Section 18(1) of the RTI Act, alleging obstruction in the dissemination of information. During the CIC proceedings, MyGov issued a revised disclosure. This response disclosed the following information:
However, for questions on the number of suggestions received, with whom the data could be shared, and which ministries the suggestions had been shared with, the response stated that no information was available. It also stated that no contract had been given to any private institution.
Analysis
The whatsapp message from Viksit Bharat Sampark was circulated through a verified ‘public and government service’ account. The message carried a letter from Prime Minister Narendra Modi seeking feedback on government initiatives.
However, soon after it was circulated, several concerns were raised. Firstly, it was observed by the Trinamool Congress (“TMC”) that the message was a violation of the Model Code of Conduct (“MCC”). It was highlighted by TMC leader Derek O’Brien, that while the attached letter was dated 15 March 2024, it was circulated and received by voters on 16 March 2024, which was after the MCC had come into effect. He further argued that the language of the message was not a neutral government communication because it highlighted the achievements of the BJP led Central Government and stated that it had been sent under the leadership of Prime Minister Narendra Modi. On this basis, the complaint alleged that public funds and government communication channels were being used to reach voters and promote the achievements of the incumbent political leadership. Secondly, several WhatsApp users in India and abroad also raised concerns about how their phone numbers had been accessed for this outreach and noted privacy concerns around a possible “data breach.” The issue therefore became about the use of public funds, public databases, and government communication channels for a large-scale outreach exercise during an election period.
The RTI response however reveals that there was no data breach as such, the route of acquiring data has been clarified through the disclosure. It further reveals that the outreach was conducted through WhatsApp chatbots, AI bot calls, and manual calls, using beneficiary databases for flagship schemes, along with TRAI’s universal wireless telephone subscriber database and disclosed that Rupees 18,97,89,468 had been allocated by MyGov, Digital India Corporation, on behalf of MeitY. The concern is therefore not limited to whether the data was leaked or breached, but whether existing legal frameworks provide sufficient safeguards against such use cases.
Importantly, the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and associated Rules, while not yet in force, puts the expectation on public authorities to undertake proactive compliance measures. Further, the DPDPA and associated Rules permit the State and its instrumentalities to process personal data without consent in limited circumstances. First, such processing is allowed under Section 7(b) of the DPDP Act when it is necessary to provide or issue a subsidy, benefit, service, certificate, licence, or permit, especially where the individual has previously consented to such processing or where the data is available in a government-maintained database. However, even this carveout is not unrestricted. The processing must relate to a State function, government policy, or publicly funded scheme, and must comply with prescribed standards on lawful processing, accuracy, security safeguards, notice to the Data Principal, grievance access, and accountability.
Second, the State may process personal data without consent to perform functions under any law, or in the interests of sovereignty, integrity, or security of the State. Separately, notified government instrumentalities may also be exempted from the requirements of the DPDP Act altogether under Section 17(2)(a). Since these provisions operate outside the ordinary notice and consent framework, they significantly reduce the control that individuals have over the use of their personal data.
The present case highlights the exact concerns that were raised by many. While the outreach may arguably fall within the broad wording of Section 7(b), the present case demonstrates the limitations of a framework that permits extensive state processing outside the ordinary consent architecture. Individuals whose data was originally collected for welfare delivery or telecommunications regulation may not have reasonably expected that the same datasets would later be used for alleged political campaigns disguised as feedback mechanisms.
Further, IFF had previously written about this issue and highlighted the following:
“The message, broadcast to millions of people through WhatsApp, may be viewed in the context of the upcoming elections as the communication happened around the time the Model Code of Conduct went into effect. Reports of the message being received by individuals surfaced as early as March 16, the same day the ECI announced the election dates. The MCC prohibits the party in power from the misuse of official mass media during the election period for partisan coverage of political news and publicity regarding achievements. The ECI, through the MCC, also prohibits the issuance of advertisements at the cost of the public exchequer in newspapers and other media during the election period. This may lead us to question - Does the timing of the communication, which happened around the time the election dates were announced and the MCC went into effect, have potential electoral implications?”
Therefore, the concern is that the present legal framework may allow such repurposing of data without sufficiently clear limits.
Action
IFF has publicised the information disclosed through the RTI response in order to enable public access and also enable discussion.
An RTI was filed with Digital India Corporation in order to seek details on the Viksit Bharat Sampark's WhatsApp initiative's start date, outreach medium, funds allocated, etc. Therefore, IFF publishes an analysis of the response received
This blog further analyses the RTI response.
Background
In March 2024, several WhatsApp users had received messages from a verified business account named “Viksit Bharat Sampark.” The message contained a letter from Prime Minister Narendra Modi seeking feedback and suggestions on Government of India initiatives. Following this, an RTI application was filed seeking details on the Viksit Bharat Sampark’s WhatsApp initiative’s start date, outreach medium, the number of people contacted, the source of and extent of data collected, financial allocation, data sharing practices, suggestions received, and whether any private institutions had been contracted for the initiative.
The first RTI response however only disclosed limited information. The response disclosed that the WhatsApp outreach initiative had started on 15 March 2024 and that no expenditure had been incurred by MeitY “so far”. The remaining information was withheld under Sections 8(1)(d), 8(1)(t), and 8(1)(j) of the RTI Act, 2005. These provisions relate to information such as commercial confidence or intellectual property, cabinet papers or records of ministerial deliberations, and personal information where disclosure may amount to an unwarranted invasion of privacy.
The applicant then filed a first appeal, arguing that the RTI application had been repeatedly transferred following a complaint before the Central Information Commission under Section 18(1) of the RTI Act, alleging obstruction in the dissemination of information. During the CIC proceedings, MyGov issued a revised disclosure. This response disclosed the following information:
- The Vikisit Bharat Sampark's whatsapp initiative had begun on 14 February 2024
- The initiative was framed as a feedback collection mechanism for six flagship schemes: PM Kisan Samman Nidhi, PM SVANidhi, PM-JAY Ayushman Bharat Cards, Pradhan Mantri Ujjwala Yojana 2.0, Pradhan Mantri Awas Yojana (Rural), and Pradhan Mantri Awas Yojana (Urban).
- It also stated that an Inter-Ministerial Committee and Technical Committee chaired by the Secretary, MeitY had been set up for operationalising the feedback mechanism.
- The outreach was conducted through WhatsApp chatbots, AI bot calls and manual calls.
- Till 17 March 2024, around 39 lakh people had been contacted through manual calls, 6.45 crore through AI bot calls, and 41.99 crore through WhatsApp chatbots.
- BSNL was the implementing agency
- The beneficiary databases for the mentioned flagship schemes along with TRAI’s universal wireless telephone subscriber database, were used for the initiative.
- Importantly, the revised response disclosed that Rupees 18,97,89,468, including applicable taxes, had been allocated by MyGov, Digital India Corporation, on behalf of MeitY for the initiative.
However, for questions on the number of suggestions received, with whom the data could be shared, and which ministries the suggestions had been shared with, the response stated that no information was available. It also stated that no contract had been given to any private institution.
Analysis
The whatsapp message from Viksit Bharat Sampark was circulated through a verified ‘public and government service’ account. The message carried a letter from Prime Minister Narendra Modi seeking feedback on government initiatives.
However, soon after it was circulated, several concerns were raised. Firstly, it was observed by the Trinamool Congress (“TMC”) that the message was a violation of the Model Code of Conduct (“MCC”). It was highlighted by TMC leader Derek O’Brien, that while the attached letter was dated 15 March 2024, it was circulated and received by voters on 16 March 2024, which was after the MCC had come into effect. He further argued that the language of the message was not a neutral government communication because it highlighted the achievements of the BJP led Central Government and stated that it had been sent under the leadership of Prime Minister Narendra Modi. On this basis, the complaint alleged that public funds and government communication channels were being used to reach voters and promote the achievements of the incumbent political leadership. Secondly, several WhatsApp users in India and abroad also raised concerns about how their phone numbers had been accessed for this outreach and noted privacy concerns around a possible “data breach.” The issue therefore became about the use of public funds, public databases, and government communication channels for a large-scale outreach exercise during an election period.
The RTI response however reveals that there was no data breach as such, the route of acquiring data has been clarified through the disclosure. It further reveals that the outreach was conducted through WhatsApp chatbots, AI bot calls, and manual calls, using beneficiary databases for flagship schemes, along with TRAI’s universal wireless telephone subscriber database and disclosed that Rupees 18,97,89,468 had been allocated by MyGov, Digital India Corporation, on behalf of MeitY. The concern is therefore not limited to whether the data was leaked or breached, but whether existing legal frameworks provide sufficient safeguards against such use cases.
Importantly, the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and associated Rules, while not yet in force, puts the expectation on public authorities to undertake proactive compliance measures. Further, the DPDPA and associated Rules permit the State and its instrumentalities to process personal data without consent in limited circumstances. First, such processing is allowed under Section 7(b) of the DPDP Act when it is necessary to provide or issue a subsidy, benefit, service, certificate, licence, or permit, especially where the individual has previously consented to such processing or where the data is available in a government-maintained database. However, even this carveout is not unrestricted. The processing must relate to a State function, government policy, or publicly funded scheme, and must comply with prescribed standards on lawful processing, accuracy, security safeguards, notice to the Data Principal, grievance access, and accountability.
Second, the State may process personal data without consent to perform functions under any law, or in the interests of sovereignty, integrity, or security of the State. Separately, notified government instrumentalities may also be exempted from the requirements of the DPDP Act altogether under Section 17(2)(a). Since these provisions operate outside the ordinary notice and consent framework, they significantly reduce the control that individuals have over the use of their personal data.
The present case highlights the exact concerns that were raised by many. While the outreach may arguably fall within the broad wording of Section 7(b), the present case demonstrates the limitations of a framework that permits extensive state processing outside the ordinary consent architecture. Individuals whose data was originally collected for welfare delivery or telecommunications regulation may not have reasonably expected that the same datasets would later be used for alleged political campaigns disguised as feedback mechanisms.
Further, IFF had previously written about this issue and highlighted the following:
“The message, broadcast to millions of people through WhatsApp, may be viewed in the context of the upcoming elections as the communication happened around the time the Model Code of Conduct went into effect. Reports of the message being received by individuals surfaced as early as March 16, the same day the ECI announced the election dates. The MCC prohibits the party in power from the misuse of official mass media during the election period for partisan coverage of political news and publicity regarding achievements. The ECI, through the MCC, also prohibits the issuance of advertisements at the cost of the public exchequer in newspapers and other media during the election period. This may lead us to question - Does the timing of the communication, which happened around the time the election dates were announced and the MCC went into effect, have potential electoral implications?”
Therefore, the concern is that the present legal framework may allow such repurposing of data without sufficiently clear limits.
Action
IFF has publicised the information disclosed through the RTI response in order to enable public access and also enable discussion.
.JPG)
.JPG)
