Bugged with spam calls asking for your vote? Well, the ongoing parliamentary elections may be the last one when political parties will be able to make such random calls, making a fervent pitch for their candidates, by sourcing your phone number from third party agencies.
While the Digital Personal Data Protection (DPDP) law is in place, in the absence of supporting rules, the same has not been implemented so far. However, once the new government assumes office in June, the rules are expected to be finalised, which will put an end to such practices. At the most such calls will bug subscribers for the next few assembly elections, but not beyond that, officials said.
Passed by Parliament in August, 2023, the DPDP Act basically aims at data minimisation, purpose limitation and storage limitation. Data minimisation, means entities can only collect, what is absolutely minimum required. Purpose limitation means they can only use it for the purpose for which they have acquired the data. And storage limitations is that after the services have been delivered, the data needs to be deleted.
Hence, political parties can’t randomly source telephone numbers to make their pitch. They will need to collect the numbers, with proper user consent, specifying the purpose for which it is being collected and then also delete them.
Any violation of these guidelines may lead to a penalty, which can be as high as Rs 250 crore. Even entities from whom such data has been sourced will get booked.
According to legal experts, complaints of current data breaches can also be made under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, as well as Section 72 of the Information Technology Act, 2000. However, these are decades old legislation and punishments and liabilities are not severe under them.
Political parties currently use the services of cloud telephony companies and SMS companies for bulk IVR calls and messages.
According to independent political consultant, Sagar Vishnoi, “huge amount of data is being collected and assessed by political parties and their agencies. Data is not just restricted to phone numbers and names, but details about caste, religion, income status, etc, are also being used for targeting voters with campaigns”.
However, compared to the 2019 Lok Sabha elections, where approximately Rs 100 crore was spent the parties on IVR calls, this time the amount spent is estimated to be less, especially by the opposition parties, analysts said.
“We have the legislation in place, but the nitty-gritty of that will have to come through the Data Protection Rules. For instance, the rules will prescribe a model for seeking consent from users. The details on how a data principal can approach the data protection board in cases of breach etc, will be incorporated in such rules,” said Kamesh Shekar, senior programme manager, privacy, data governance and AI at The Dialogue.
Analysts said that parties will need to totally reinvent their tele-campaign once the DPDP rules are implemented. However, for subscribers it will be a welcome relief from being disturbed throughout the day by spam calls.