Former Opposition Leader Ramesh Chennithala alleged that the Kerala Chief Minister’s Office issued a letter seeking the transfer of personal data of those in government service to the Public Relations Department (PRD) for misuse. The Kerala government is currently embroiled in a significant data-misuse controversy involving SPARK (Service and Payroll Administrative Repository for Kerala), the state’s integrated personnel and payroll system. The Kerala High Court has intervened following allegations that the Chief Minister’s Office (CMO) accessed the personal data of approximately five lakh government employees, judicial officers, and scheme beneficiaries for political campaigning.
Petitioners alleged that private contact details (mobile numbers and email IDs) stored in the SPARK database—intended strictly for administrative and salary purposes—were used to send unsolicited, personalised WhatsApp messages highlighting government achievements. Notably, those in service—including employees of government-aided private institutions — received personalised messages from the Chief Minister about the 10 per cent dearness allowance hike recently announced by the government. On February 24, the Kerala High Court orally remarked that, prima facie, the bulk messaging sent to government employees and judges through the WhatsApp Business account of the Chief Minister’s Office amounted to an intrusion of privacy.
According to the letter released by Chennithala, Sreeram Sambasiva Rao, Officer on Special Duty to the Chief Minister, sent a letter to Information Kerala Mission (IKM) seeking the transfer of the phone number, age, gender, district, taluk, ward, and local body details of registered users of the K-SMART application in Excel or data-pull format for a “data lake” created by the Public Relations Department.
The letter states that “essential service-related information, target groups and other relevant details from all departments” collected from K-SMART would be used to design a digital communication system named “Centralisation Notification Hub for Government Services”.
It further states that the information was sought to facilitate the delivery of real-time notifications through multiple communication channels, including SMS, email, WhatsApp, and voice/IVR.
In the letter, the OSD asked IKM to transfer the database before February 12. Notably, government employees received personalised messages on their phones only after February 12. However, it remains unclear whether the government used this particular dataset collected from K-SMART to send those messages.
CMO responds
In a statement, the Chief Minister's Office said that the IT Mission is the government’s official apex agency for information collection and dissemination. The messages from the Chief Minister have been sent through the IT Mission itself. Since the information pertains to different departments, the messages are being sent in a unified manner.
It is clear from the press conference held today by the former Leader of the Opposition that all procedures were followed in sending these messages. The very letter he released, claiming it to have been leaked, clearly explains the official procedures in detail.
The statement read, "The government believes that implementing an Integrated Data Platform or State Data Lake for government departments will greatly facilitate personalised notifications. The Central Government and other state governments also communicate messages to citizens based on information collected in this manner. Here, the IT Mission is responsible for collecting information; it is the legally authorised government body for this purpose and serves as the state’s apex agency for e-governance.
In addition to lawful data collection and organisation, ensuring the security of the information received is a primary responsibility of the IT Mission. There has been no compromise of any kind in this regard.
All personal information is secure within government systems. None of this information is shared with or transferred to any agency outside the government. Furthermore, the government has an extensive State Data Centre (SDC) under the IT Department to securely store all data."
