New Delhi: The ministry of electronics and information technology (IT) on Friday formally responded to the recent Cambridge Analytica-Facebook controversy and stated that it had issued a notice to the controversial data analytics firm, asking for information on whether the data of any Indian citizens had been compromised in the alleged theft of social media data.The statement that was circulated to media persons on Friday evening, however, also was a climb-down from the seemingly tough stance that law and IT minister Ravi Shankar Prasad took on Facebook and its CEO Mark Zuckerberg.On Wednesday, Prasad had warned that “any data theft of Indians” would not be tolerated and that if needed, provisions in the Information Technology Act could be used to summon Zuckerberg to India.The statement put out on Friday though, while noting that “breach of privacy cannot be tolerated”, was more mild. It includes a line that curiously re-affirms the role played by social media in “social cohesion and empowerment” and also acknowledges the Facebook CEO’s recent apology made to various American media publications.“While the Government is cognizant of the positive role played by social media in promoting awareness and acting as a tool for social cohesion and empowerment; breach of privacy cannot be tolerated. In this regard it is pertinent to observe that the CEO of Facebook, Mr. Mark Zuckerberg has apologized for the mistakes his company had made in handling data belonging to its users, and has promised tougher steps to restrict access to such information,” the IT ministry notes.There is no mention of whether Zuckerberg or any senior officials of the social networking giant will be summoned or at the very minimum asked to help with any investigation it may launch into the controversy.Cambridge questionsThe ministry also acknowledges various media reports that indicated attempts to “influence the sanctity of the polling process”. In particular, it notes that there are “other downstream players such as Cambridge Analytica and its alleged associates” who have were reportedly involved in the data breach.Ravi Shankar Prasad. Credit: PTI“Note has also been taken of alleged claims whereby elections in India were sought to be influenced through questionable means. The fairness of Indian democracy and electoral process is a matter of pride and any attempt to influence the sanctity of the electoral franchise through dubious and questionable means is unacceptable. In particular, all intermediaries and their associates have the legal obligation to maintain security, confidentiality and sanctity of data and any unauthorized use of data can entail legal action,” the statement notes.It is unclear whether “intermediaries and associates” referred to here is in refernece to Facebook or Cambridge Analytica and its India partner, Ovlene Business Intelligence (OBI). OBI is run by Amrish Tyagi, the son of Janata Dal (United) leader K C Tyagi.Over the last four days, multiple media reports, including The Wire, have highlighted how the parent company of Cambridge Analytica (CA) and its India partner had played a role in helping various political parties over the last seven years. They were also in talks with both the BJP and the Congress for the 2019 general elections.The IT ministry’s notice in particular asks CA whether they have “been engaged in any assignment to utilise data of Indians from the above cited breach” . And if yes, it has asked CA which entities hired or engaged them to do so.The six questions asked of CA are reproduced below:1) Whether they have been engaged in any assignment to utilize data of Indians from the above cited breach?2) Who are the entities that have engaged them for the above?3) How did they come to be in possession of such data?4) Was consent taken from the individuals?5) How was such data collected used?6) Was there any profiling done on the basis of such data?The ministry concludes by stating that the “intermediaries cited above” have been given time till March 31, 2018 to respond.What next?It’s unclear whether the IT minister and the Modi government genuinely believe that Cambridge Analytica and its parent company will respond honestly and wholeheartedly to a mere notice. In the United Kingdom for instance, media reports have indicated that British officials are currently seeking warrants that will allow them to search the offices of CA and conduct a forensic audit.While this obviously cannot be done by the Centre – although it’s certainly worth asking the UK government for any potential India leads – there are multiple avenues of investigation that can and should be followed up in India. Two recent media reports have pointed out how Cambridge Analytica CEO Alexander Nix (who has now been suspended by his company) and his Indian partners reached out to various political parties back in 2011 and 2012.Amrish Tyagi of OBI, a partner organisation of Cambridge Analytica in India. Credit: WikimediaThe Wire has also reported how senior CA officials and Tyagi continued working well after that 2012 on various projects, although the JD(U) leader’s son insists that no Facebook data or profiling was used in their political campaigns here.If the IT ministry intends on embarking on a serious investigation, it would better served by questioning Tyagi and others connected with Ovleno Business Intelligence. Given the abundant media reports that finger the involvement of various political parties, it would also make sense to question senior BJP, Congress and JD(U) officials to determine whether any illegally-gathered Facebook data from Cambridge Analytica was used to micro-target Indian voters.Finally, what the government conveniently leaves out in its statement is that it has dragged its feet in formulating and passing a strong data protection law. In light of multiple and massive data leaks, it did set up the Justice Sri Krishna committee in August 2017. Since then, civil society stakeholders and independent privacy experts have raised red flags over the composition of this committee, which is largely staffed by government officials and government-friendly members.While the committee has started work, it appears unlikely that a data protection law will be passed before the 2019 general elections, which is when concerns over the role that Facebook and social media data will play in influencing the electoral process will spike.