Introduction:

In Dr. Rasheed Ahammed P. and Another v. State of Kerala and Others (WP(C) 7090/2026), the Kerala High Court addressed an important constitutional question concerning data privacy and the permissible use of personal information collected by the State through official databases. The case arose from a writ petition alleging that the Government of Kerala had violated the privacy of government employees, judicial officers, and beneficiaries of government schemes by sending bulk WhatsApp messages to their phone numbers using information stored in the Service Pay Roll Administrative Repository for Kerala (SPARK). The petitioners contended that the data, including mobile numbers and email addresses, had been accessed without proper authorisation and used for purposes other than those for which it had originally been collected. They argued that such action amounted to unauthorised access and misuse of personal data, violating the Digital Personal Data Protection Act, 2023 as well as the fundamental right to privacy guaranteed under Article 21 of the Constitution of India. The matter was heard by Justice Bechu Kurian Thomas. After examining the submissions of both sides and analysing the nature of the messages sent, the Court dismissed the writ petition. The Court concluded that the data had been used for legitimate governance purposes and that the messages communicated official information regarding salary-related benefits such as enhancement of Dearness Allowance and house-building advances. The Court emphasised that when the State utilises data in its possession for lawful and legitimate administrative purposes connected with governance and welfare, such use cannot automatically be considered a violation of privacy. Accordingly, the High Court held that the petition lacked merit and dismissed it.

Background of the Case:

The dispute originated when certain government employees and other individuals associated with the State began receiving WhatsApp messages that contained information about government decisions relating to salary benefits and welfare measures. These messages were reportedly sent using data available in the SPARK portal, an official digital platform maintained by the Kerala government to manage payroll, employee records, and other administrative data relating to government employees. The petitioners believed that the messages were sent after illegally accessing personal information stored in the SPARK database. They alleged that the Chief Minister’s Office (CMO) had accessed sensitive personal information such as mobile numbers and email addresses without obtaining consent from the individuals concerned. According to the petitioners, this amounted to unauthorised data mining and misuse of personal information. They argued that government employees had submitted their personal information to the SPARK portal for specific administrative purposes, primarily relating to salary processing and official record keeping. The State, they contended, could not use this data for unrelated purposes without explicit consent. The petitioners therefore approached the Kerala High Court seeking judicial intervention. They requested the Court to declare that the State’s actions were illegal and violated the right to privacy guaranteed under the Constitution. The petitioners also raised concerns that the use of such data could potentially be misused for political campaigning, particularly since elections were approaching.

Arguments on Behalf of the Petitioners:

The petitioners, represented by Senior Advocate George Poonthottam along with Advocates Nisha George, A.L. Navaneeth Krishnan and Kavya Varma M., argued that the State had violated the constitutional right to privacy of government employees and other individuals whose personal data was stored in the SPARK portal. They contended that personal information such as mobile phone numbers and email addresses had been collected for a specific administrative purpose and could not be used for any other purpose without obtaining consent from the individuals concerned. The petitioners relied heavily on the landmark judgment of the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India, where a nine-judge bench had recognised the right to privacy as a fundamental right under Article 21 of the Constitution. According to the petitioners, the Puttaswamy judgment clearly laid down principles governing the collection, storage, and use of personal data by the State. They argued that any use of personal data by the government must satisfy the tests of legality, necessity, and proportionality. The petitioners contended that the alleged data mining carried out by the State did not satisfy these constitutional requirements. They also argued that the use of data from the SPARK portal to send WhatsApp messages constituted a misuse of information because the individuals concerned had never consented to such communication. According to them, the State could not access information given for one purpose and use it for another purpose without explicit consent. The petitioners further argued that the alleged actions of the State violated the provisions of the Digital Personal Data Protection Act, 2023. They claimed that the Act imposes strict obligations on data fiduciaries, including the government, to ensure that personal data is processed only for lawful purposes and with proper consent. The petitioners therefore requested the Court to declare that the State’s actions were illegal and unconstitutional.

Arguments on Behalf of the State:

The State of Kerala, represented by Advocate General Gopalakrishna Kurup, strongly opposed the petition and defended the use of the SPARK data for sending informational messages. The Advocate General argued that the State is the custodian of the data stored in the SPARK portal. According to him, government employees had voluntarily submitted their personal information to the portal as part of the administrative framework for managing payroll and employee records. Therefore, the State had the authority to utilise this data for legitimate administrative purposes. The State argued that the messages sent through WhatsApp were purely informational in nature and related to matters such as enhancement of Dearness Allowance and house-building advances. These messages were intended to inform employees about benefits and welfare measures introduced by the government. Therefore, they could not be characterised as political communication or misuse of data. The Advocate General also emphasised that the messages were sent through the Kerala State IT Mission (KSITM), which is an official government body responsible for implementing digital governance initiatives. Since KSITM operates as part of the government, the use of data by the organisation could not be considered unauthorised. It was further argued that the messaging system had earlier functioned through SMS, and the transition to WhatsApp was merely an infrastructural change aimed at improving communication efficiency. The State also clarified that access to the SPARK platform is highly restricted and protected by a two-step authentication process. Only authorised personnel are permitted to access the system and send messages. Therefore, the petitioners’ allegations of unauthorised data access were unfounded.

Court’s Analysis:

Justice Bechu Kurian Thomas carefully examined the submissions made by both sides and analysed the legal framework governing data protection and privacy. The Court acknowledged that the right to privacy is a fundamental right under Article 21 of the Constitution and that the State must exercise caution while handling personal data. However, the Court also emphasised that the right to privacy is not absolute and must be balanced against legitimate state interests. The Court observed that the primary question in the case was whether the data stored in the SPARK portal had been used for a legitimate purpose. If the use of the data served a legitimate administrative objective connected with governance, it could not automatically be considered an infringement of privacy. The Court noted that the messages sent to employees related to salary benefits such as Dearness Allowance and house-building advances. These matters were directly connected with the employment and welfare of the recipients. Therefore, the communication could reasonably be viewed as an administrative measure aimed at informing employees about government decisions affecting them. The Court also examined the allegation that the data had been transferred to the Chief Minister’s Office. After reviewing the materials placed before it, the Court found no evidence indicating that any such transfer had taken place. The Court observed that the messages had been sent through the official WhatsApp account of KSITM, which is a government entity responsible for digital governance initiatives.

Court’s Judgment:

After analysing the facts and legal principles involved, the Kerala High Court concluded that the petition lacked merit. The Court held that the messages sent to employees through the SPARK database were intended to communicate information regarding salary-related benefits and other administrative matters. Such communication, the Court observed, could not be regarded as illegal or illegitimate. The Court further emphasised that in a social welfare state, the government has a duty to inform citizens and employees about policies and benefits introduced for their welfare. Therefore, using official databases to disseminate such information could be considered a measure of good governance rather than a violation of privacy. The Court rejected the petitioners’ claim that the messages were politically motivated or constituted misuse of data. It also held that there was no evidence to support the allegation that the Chief Minister’s Office had improperly accessed or used the data. Accordingly, the High Court dismissed the writ petition.