Author: Anoushka Bose.

Background:

Elections in Indiaform the cornerstone of the nation’s democratic and political affairs. It is a common observation that during election cycle, political parties and candidates invest significant resources into campaigning efforts to garner voter support and increase their chances of success at poll. A prevalent strategy employed is targeted outreach, often referred to as “Vote Bank Politics,” which aims to connect with specific demographic group or voter segments. To understand the intricacies of this phenomenon it is crucial to comprehend the concept of “cyber trooping” refers to the coordinated utilization of social media and online platforms by political actors to disseminate information, narratives or even disinformation, with the overarching objective of shaping public opinion and potentially influencing electoral outcomes. In recent times, political parties have employed questionable tactics to amass demographic data for the purpose of conducting highly targeted campaigns using social media platform that serves as powerful predictive and analytical tools enabling actors to gauge voting intentions and preferences, there by shaping their messaging and strategies accordingly so that they can target the users and manipulate their opinion[1].

Thus, this paper delves into the emerging practice of “cyber trooping” on social media platforms and its far-reaching consequence on the electoral process in India. It unravels the intricate mechanism of micro-targeting of users where their data is harnessed to craft personalised content aimed at influencing voting decisions. This legal analysis sheds light on the regulatory and policy hurdles posed by such tactics, underscoring the vulnerabilities and gaps within the existing laws and acts.

The Cambridge Analytica Scandal: Case Analysis

There was a case that serves as a stark example of how personal data can be breached and exploited for the usage of political gain: the Cambridge Analytica case[2], the personal data of millions of Facebook users was exploited to support Former President Donald Trump’s campaign during the 2016 U.S. Presidential election. It was a major privacy breach by the data analysis firm Cambridge Analytica. This was not a straightforward hack – instead the firm took advantage of a loophole. They obtained user data through seemingly harmless app called “this is your digital life’ this app however collected just the information of those who downloaded it but also the data of their Facebook friends reaching a staggering 87 million profiles which has around 5000 data points [3]on each user. The critical point is that many of users likely never consented to their data being shared in this way. Hence this massive breach exemplifies the potential consequences of cybertrooping where individuals are targeted and their data is harvested and exploited to shape political narratives and influence electoral outcomes without their knowledge and consent.

The Indian Context:

The role of how in the Indian context, political parties are involved in cyber trooping activities and targeting of users to manipulate public opinion and how the same poses repercussions to function of our democratic and welfare state. The current situation in the Indian context is that during 2014 Lok Sabha elections witnessed the widespread adoption of social media campaigning for the first time. Memes, hate speeches, targeted messages and manipulated content such as edited videos and fake photographs proliferated across social media platforms, exerting a considerable influence on public opinion. At that time only 20 crore people had access to the internet. By 2019, this number had surged to nearly 56 crores, which amounts to nearly half of India’s population, amplifying the impact of social media as a game changer in the electoral landscape. A Twitter study [4]revealed the prevalent use of bots by political parties to inflate their follower counts and amplify their online presence through actions like retweets, likes and shares. The recent twitter purge saw Prime Minister Narendra Modi lost 300000 followers and Congress chief Rahul Gandhi lose 17,000. This underscores that the extensive use of bot activity in India’s political landscape the extensive use of bot activity in India’s political landscape. Automated accounts afford political parties the ability to extend their reach to a wider audience[5]. As observed by Bradshaw; the power to shape trends equates to the power to shape narratives’ highlighting the potential for manipulating public opinion through artificial trends. Hence some reports suggest that the Bhartiya Janata party (BJP) has emerged as a trailblazer in social media campaigning with its resounding victories in the 2014 and 2019 Lok Sabha elections [6]serves as compelling evidence.

Analysis of the Indian landscape:

Article 21 of the Indian Constitution stands as a bed rock of individual liberties while the right to privacy is not explicitly enshrined in the constitutional text, its broad interpretation acknowledges the nexus between personal liberty and ability to exercise over one’s information. This pivotal connection was reinforced through a series of landmark rulings, notably the case of R Rajagopal v. State of Tamil Nadu[7], which solidified the notion that the right to privacy is an inherent component of Article 21. However, the pervasive nature of unprotected data generation and its susceptibility to misuse have raised alarms, culminating in the seminal case of Justice K.S Puttaswamy (Retd) v. Union of India[8] before the Supreme Court. The case underscored the pressing need to safeguard individual’s right to privacy in the digital age, where personal data’s sanctity is under threat. However, before delving into the intricacies of data protection, it is crucial to grasp the fundamental notion of what constitutes “data[9]” itself.

The Information Technology Act, 2000 and Information Technology (Amendment) Act 2008, emerged as the legislative response to India’s burgeoning technological landscape which aims to foster the growth of electronic transactions, offering legal legitimacy to e-commerce and online dealings additionally the act sought to streamline governance initiatives and combat computer-related crimes notably it established a framework for secure information technology practices on a global scale. As observed the exponential growth of the internet and computer technology has ushered in a new wave of criminal activity[10].

Loop holes in existing laws:

There has been significant increase in concerns regarding the data protection and privacy of the users, as cyber trooping and micro-targeting of users has not been formally acknowledged as a distinct or separate offense under Indian law. Despite the presence of various provisions within the Information technology act[11], Information Technology rules[12], Indian Penal Code[13] and Representation of People Acts [14]these laws vaguely address activities associated with cyber trooping and targeting of users. While these statutes penalize actions involving the manipulation of online platforms for political gains, various statues address activities associated with it under section 66D of the Information technology [15]Act are limited in scope.

Despite the presence of provisions penalizing cyber trooping activities in existing laws, there remain significant gaps and shortcomings. These legal frameworks are often ineffective and inadequate in addressing the issue. The absence of a dedicated and robust data protection law has further exacerbated concerns. Although certain laws and provisions like the Sensitive Personal Data or information (SPDI) Rules [16], notified under section 43 A of the Information Technology Act, 2000 also has limited scope as it lacks coverage of data handling practices within the political sphere. Moreover, the current rules and acts have some loopholes and are ineffective when it comes to implementation. Another contentious aspect arises from the fact that Digital Personal Data Protection Act, (2023), meant to safeguard personal data remains unenforced. This creates a legal vacuum and uncertainty regarding the government’s ability to exploit personal data.  This situation highlights a pressing need for a more stringent legal framework that keeps pace with technological advancements to curb these practices. As existing legal provisions only address a small fraction of the broader spectrum of activities associated with cyber trooping and micro-targeting.

Recommendations and way forward:

• Establishing dedicated data protection officer (DPOs) within political parties is crucial to ensure ongoing compliance with data protection regulations and accountability. these DPOs can conduct privacy impact assessment before launching voter outreach campaigns that employ personal data analytics for tailored messaging
• Ethical consideration should be at the forefront as advocated by prominent groups like privacy international. They assert that individual possess a fundamental right to be informed about and comprehend how their personal data is leveraged by political parties, and there should be defined limits to prevent the misuse of data for undermining or micro targeting of users
•  Strengthening the role of Election Commission of India (ECI) legal powers is crucial to effectively curb the misuse of personal data and micro targeting by political parties. The model code of Conduct can transition from being merely directory to legally enforceable, acting as a strong deterrent against unethical practices like exploiting user data for partisan gains. Thus, highlighting an incident which involved ECI directive to cease bulk dissemination of WhatsApp messages [17]which highlight the concerns related to micro targeting of users
• Considerable number of restrictions on data driven micro targeting can be done by introducing specific regulations or guidelines taking reference of Canadian province of British Columbia who prohibits political parties from using personal information for targeted advertising based on demographics or interest.
• India can also incorporate different data protection frameworks that has been already applied by jurisdictions like Brazil (Lei Geral de Protecado De Dados) , European Union (General Data Protection Regulation) and Canada’s (Personal Information Protection and Electronic Documents). While the specifics may differ these laws commonly emphasize principles like lawful and fair processing, data minimization, purpose limitation, data security etc.

Conclusion:

The pervasive issue of cybertrooping and the misuse of personal data for political gains poses a grave threat to the very foundation of India’s democratic fabric. If left unchecked can erode the principles of free and fair elections. As we are aware of that information plays a pivotal role in empowering citizens with knowledge and awareness enabling them to make informed choices. As aptly stated by the Supreme Court of India v. Association for democratic reforms[18], “One sided information, disinformation, misinformation, and non-information will equally create an uninformed citizenry, rendering democracy a mere farce.’’. Hence, it is imperative that India takes proactive steps to address the challenges, failing to do so will undermine the fundamental rights of citizens will also jeopardize the democratic ideals. Its important to implement strict laws and regulations that can foster better transparency in political campaigning practices which can only be achieved through a comprehensive legal framework.

References:

1. Shikha, Shruti & Mishra, Nandita. (2020). Cyber Trooping activities on social media and its impact on election in India. Indian journal of law & Public Policy, 7(1), 37-52
2. Rai, Neelam. (2020). Right to privacy and data protection in the digital age preservation, control, and implementation of laws in India. Indian journal of law and justice, 11(1), 115-130
3. Kanakia, H.T., Shenoy, G., & Shah, J. (2019). Cambridge Analytica, A Case Study. Indian Journal of Science and Technology.
4. Rai, Neelam. (2020). Right to Privacy and Data Protection in the digital age preservation, control, and implementation of laws in India. Indian Journal of Law and Justice, 11(1), 115-130.
5. Boruah, Jayanta and Das Bandita, RIGHT TO PRIVACY AND DATA PROTECTION UNDER INDIAN LEGAL REGIME (March 16, 2021). DME Journal of Law, Volume 1, 2020.
6. Nandhan R. B., Rishi. (2021). Need for data protection laws in India. Jus Corpus Law Journal, 2(1), 72-78
7. Basu, Subhajit. (2010). Policy-making, technology, and privacy in India, “Indian Journal of Law and Technology 6, no. 1(2010): 65-68
8. Senthil Kumar N, Sarvanakumar K, Deepak k, On privacy and security in social media – A Comprehensive Study, Pracedia Computer Science, Volume 78, 2016, pages 114 – 119, ISSN 1877-0509
9. Kolekar, Yogesh, Protection of Data Under Information Technology Law in India (April 27, 2015)
10. Apuke, Oberiri & Tunca, Elif. (2019) Social Media and Crisis Management: A review and analysis of existing studies. 9. 199-215
11. Verma, D. (2024, April 18). Your personal data, their political campaign? Beneficiary politics and the lack of law. Internet Freedom Foundation. https://internetfreedom.in/personal-data-political-campaigning/
12. Klosowski, T. (2024, April 16).How political campaigns use your data to target you, electronic frontier foundation. https://www.eff.org/deeplinks/2024/04/how-political-campaigns-use-your-data-target-you
13. When your data becomes political | Privacy International. (n.d.)  https://privacyinternational.org/taxonomy/term/618
14. Narendra Modi’s personal app sparks India data privacy row. (n.d.). Financial Times. https://www.ft.com/content/896cf574-31c0-11e8-b5bf-23cb17fd1498
15. Panjiar, T. (2024, March 22). A DM from the PM (and the storm it stirred). Internet Freedom Foundation. https://internetfreedom.in/whatsapp-message-from-meity/?ref=static.internetfreedom.in
16. Data and Elections | Privacy International. (n.d.-b). https://privacyinternational.org/learn/data-and-elections