India has taken down the local website of Cambridge Analytica following allegations the company used personal data of 50 million Facebook members to influence the US presidential election.
SCL India, a venture between the SCL group in London and Ovleno Business Intelligence, says both India’s major political parties are its clients.
The company has no charges against it.
Facebook would also face “tough action” if it was found to have misused Indians’ data, the IT minister warned.
Both the ruling Bharatiya Janata Party (BJP) and main opposition Congress deny links with SCL India but have accused one another of utilising the services of the company.
Cambridge Analytica has also consistently denied any wrongdoing and most recently suspended its boss Alexander Nix, after footage by Britain’s Channel 4 News showed him appearing to suggest tactics his company could use to discredit politicians online.
Amrish Tyagi, the head of SCL India, in a 2016 interview with a regional channel, spoke about his involvement with Mr Trump’s presidential campaign. Mr Tyagi told the BBC that he could not comment on the controversy, but said the removal of Mr Nix would pave the way for a “fair investigation”.
What do the parties say?
On Wednesday, India’s law and IT minister Ravi Shankar Prasad, said there were “numerous reports” of Congress involvement with Cambridge Analytica and called upon its leader Rahul Gandhi to “explain” the company’s role in his social media outreach.
Mr Prasad also issued a public warning to Facebook founder Mark Zuckerberg, saying that Facebook was welcome in India but: “If data theft of Indians is done through the collusion of the Facebook system, it shall not be tolerated. We have got stringent power in the IT Act, we shall use it, including summoning you in India.”
The Congress, for its part, hit back saying that it was Prime Minister Narendra Modi who used the firm and not them.
These claims appear to be backed by Himanshu Sharma, the vice president of SCL India, who says on his publicly available LinkedIn profile that the company has “successfully managed four election campaigns for the BJP” and among them names the 2014 general election which swept Prime Minister Narendra Modi to power.
Earlier on Tuesday, the head of the BJP’s social media unit Amit Malviya told the BBC that the party had “not heard of SCL Group or Amrish Tyagi so there is no question of us working with them.”
Congress social media strategist Divya Spandan said they had never used SCL or any of its affiliate companies as it has its own data analytical team.
What does SCL India do?
SCL India claims it has 300 permanent employees and more than 1,400 consulting staff in offices across 10 Indian states.
It offers a range of services in India, among them “political campaign management” which includes social media strategy, election campaign management and mobile media management.
Under social media strategy it offers services such as “blogger and influence marketing”, “online reputation management” and “daily management of social media accounts”.
What exactly is the problem?
Jagdeep Chhokar, the head of the Association for Democratic Reforms (ADR), a non-governmental organisation that works in the area of electoral and political reforms, told the BBC that while political parties were required to include expenses on social media campaigns as part of a sworn affidavit to be submitted after every election, it was unclear how many of them were doing that.
“As far as the question of political parties’ payment to data companies is concerned it should indeed be declared properly in the sworn affidavits but there is no proper authority to implement it,” he added.
Furthermore, even if SCL India were running a similar campaign to that alleged in the US, it is unclear how much of that activity would even be considered illegal in India.
Speaking to the BBC, Smriti Parsheera, a technology policy researcher at the National Institute of Public Finance and Policy in Delhi, said that the current law as laid down in the Information Technology Act, 2000, provides for compensation for losses caused due to inadequate protection of “sensitive personal data”.
Ms Parsheera said that the law goes on to define sensitive data to mean information such as passwords, financial information, health conditions and biometric information.
“The problem with the current framework lies in both the narrow scope of the protections as well as the inadequate implementation of these limited protections. Information such as a person’s name, location, general preferences, friend’s list, are clearly powerful tools for analytics and profiling of users but do not qualify for protection as sensitive data under the present law,” she added.