Court Questions State Data Mining for CM Messages - 2026-03-05

Court Questions State Data Mining for CM Messages

In a significant hearing that underscores the tension between state administrative efficiency and individual privacy rights, the Kerala High Court has expressed prima facie concerns over the Kerala government's bulk WhatsApp messaging practices. Justice Bechu Kurian Thomas orally remarked that the unfiltered dispatch of messages from the Chief Minister's (CM) office to phone numbers mined from the SPARK database represents a potential interference with the right to privacy . The court is seized of Writ Petition (C) No. 7090/2026, Dr. Rasheed Ahammed P. and Anr. v. State of Kerala and Ors. , where petitioners allege illegal access and misuse of personal data belonging to government employees and even judges. Amidst this, the state has filed an interim application seeking permission to send 'thank you' messages to donors of the Chief Minister's Disaster Relief Fund (CMDRF) , with the matter listed for further orders.

This case arrives at a pivotal moment, as India implements the Digital Personal Data Protection (DPDP) Act, 2023 , raising questions about the boundaries of government custodianship over citizen data in digital repositories.

Genesis of the Controversy

The controversy stems from bulk messages sent via a WhatsApp Business platform operationalized by the Kerala State IT Mission (KSITM) , displaying the Chief Minister's account credentials. These communications, allegedly sourced from SPARK —a comprehensive human resource management system handling salary processing, Dearness Allowance (DA) hikes, House Rent Allowance (HRA), and other personnel matters for Kerala government employees—targeted data principals without any manual filtering or categorization.

SPARK , launched as a digitalization venture by the Kerala government, serves not just payroll functions but as a repository for HR-related services, disseminating updates collectively and individually. Petitioners contend that phone numbers, provided for salary-related purposes, were illicitly "lifted" from the Finance Department to the CM's office, violating privacy norms. Reports indicate messages included announcements of DA hikes in 2024 , following the CM's Legislative Assembly statement, and now extend to CMDRF donor acknowledgments. Notably, recipients encompassed 90% of state employees, other contributors, and—alarmingly—members of the judiciary, prompting questions like, "What is the DRA, what is the HRA that are you providing to the members of the higher judiciary?"

The CMDRF, a key disaster relief mechanism, has seen substantial contributions from state employees, with receipts already issued two years prior. Yet, the petitioners argue that unsolicited follow-ups infringe on privacy, especially sans consent for non-service matters.

The Writ Petition

Moved by Dr. Rasheed Ahammed P. and others, represented by Senior Advocate George Poonthottam (Sr.) , Advocates Nisha George , A.L. Navaneeth Krishnan , and Kavya Varma M. , the petition accuses the state of breaching privacy by accessing SPARK data through KSITM for bulk messaging. Poonthottam objected to the state's fresh application for thank you messages, promising a detailed objection. He highlighted prior receipts for CMDRF contributions, questioning the necessity of additional CM-personalized thanks.

State's Robust Defense

Advocate General (AG) Gopalakrishna Kurup mounted a vigorous defense, asserting that KSITM, under the Electronics & Information Technology Department (in the CM's portfolio), is the nodal agency for e-governance. He clarified: "The messages were delivered through the technological platform managed and operated by KSITM. This system has been established pursuant to written policies and implemented in practice. The Chief Minister's Office, through these institutional mechanisms, has ensured the highest standards of administrative integrity and coordination."

The AG emphasized the state's custodianship over SPARK data—not limited to the Finance Department but used across for DA, etc.—dismissing "lifting" allegations. Messages, he argued, served legitimate purposes: sensitizing employees on DA decisions to motivate service, akin to employer-employee expectations. "Once consent is obtained for purposes related to service, a message solely relating to service conditions such as revision of Dearness Allowance or HRA etc., can it be termed as an illegal or illegitimate purpose?" No manual access occurred; an automatic system sufficed.

On CMDRF thanks, the AG invoked judicial sympathy: "That is given to the Chief Minister's Disaster Relief Fund...What is wrong in the Chief Minister sending a thanks?" He read from the counter-affidavit underscoring SPARK 's broad mandate and denied electioneering intent absent prohibitory provisions.

Justice Bechu's Probing Questions

Justice Thomas subjected the AG to incisive queries, exposing fault lines. "You mined certain data. The data includes phone numbers of individuals, who maybe you have employed. And you are sending messages. Today it could be one message, tomorrow it could be another message. Do you have the power to mine and send those messages? If you are a State, you are entitled to mine data given to you for certain purposes?"

The court highlighted judiciary recipients, unfiltered dissemination— "It is admitted that without any filtering, these messages have been sent to all persons whose data is available in the SPARK database" —and KSITM's independence: "First question is now the message has gone from the Chief Minister's account. How can KSITM show it as Chief Minister's officer? KSITM is not under the Chief Minister."

Responding, the AG noted the CM portfolio oversight and service-related consent. Justice Thomas remarked: "That is why prima facie there can be an interference to right to privacy ...That is the subtle distinction." He directed a state officer's appearance for technical clarity, posting the application to March 5 (Thursday, as per hearing on March 3/4 context).

Application for 'Thank You' Messages

The interim plea seeks explicit court nod for CMDRF thanks, post-petitioner objections. Justice Thomas inquired: "Already messages have been sent? To how many persons? All employees have contributed?" The AG affirmed broad contributions, but the court deferred amid disputes.

Navigating Privacy Jurisprudence

The AG invoked the landmark Justice K.S. Puttaswamy (Retd.) v. Union of India ( 2017 ), where a nine-judge bench affirmed privacy as intrinsic to Art. 21 life/liberty. Proportionality—legality, necessity, proportionality stricto sensu —governs state intrusions. Here, is bulk messaging "necessary" for DA info when formal channels exist? DPDP Act mandates purpose limitation , data minimization ; unfiltered blasts to judges flout this.

SPARK data, voluntarily shared for salaries, implies limited consent. Precedents like Aadhaar (authentication restrictions) caution against mission creep in gov databases.

Implications for E-Governance and Data Protection

For legal professionals, this signals rigorous scrutiny of public HR platforms (e.g., Uttar Pradesh's Samarpan, national EPFO). E-governance advocates must embed privacy-by-design; HR counsel, explicit consents. Privacy litigators eye class actions for data breaches.

Electorally, pre-announcement DA messages risk Model Code scrutiny, blurring welfare comms and inducements. Nationwide, as DPDP notifies rules, states recalibrate employee outreach—opt-ins for non-essential alerts?

If interdicted, it mandates audits of KSITM-like hubs; if upheld, expands "legitimate state interest" in employer comms.

Road Ahead

Posted to March 5 , with potential officer testimony, orders on the application could presage substantive privacy verdict. This saga illuminates digital governance's privacy precipice, compelling stakeholders to balance transparency with restraint.