Author: Kshitika Ajgaonkar
College: Kirit P. Mehta School of Law
Linkedin Profile: https://acesse.one/7zzflem
Abstract
In the digital era, where the line between reality, fabrication and hyper-realistic content generated by Artificial Intelligence(AI), has emerged as one tool of harm and defamation particularly against women in India.
At the core of this very debate lies an arduous question:
“When privacy and technological transparency collide, what should democracy prioritise?”
The inadequacies of our very own legal system get thoroughly exposed through these narratives. The inconsistencies of our statutes further falter in front of cases involving synthetic AI generated media, making us question if our current laws are well equipped to handle the flaws brought about by situations entailing digital dystopia and the further ruin; reputational, emotional and psychological, it brings to its victims.
To the Point
Current IT Laws, while pioneering “privacy”, are woefully ignorant against deepfake generation. The IT Act’s provisions— Sections 66E (violation of privacy via capture of private images), 67(publication or transmission of obscene material in electronic form), and 67A (material containing sexually explicit acts) offer little redressal but suffer from lack of specificity regarding Artificial Intelligence, stringent thresholds to establish mens rea, and incompetent mechanisms to establish liability, a very important factor of a crime(Section 79). The Digital Personal Data Protection Act, 2023(DPDP)
Has managed to factor-in consent based data processing safeguards under certain obligations but exempts the same for publicly available data. Petitions before High Courts and the Supreme Court, invoking Article 21’s privacy jurisprudence, highlight urgent calls for reforms via writs, yet parliamentary debates on the DPDP Bill bring forward legislative inertia favoring technology over victim-centric protection.
A similar instance exposing a flaw include an MBBS student in Ujjain’s Panwasa region, who became a victim of the deepfake conspiracy after her morphed obscene video was circulated on Social Media. The accused were put behind bars, with one absconded but will that ever reverse the irreparable reputational, social ostracism and emotional damage done to the victim?
Use of Legal Jargon
According to common law, statutory, and constitutional frameworks, deepfakes cause harm. When used improperly for defamation, Article 19(1)(a)’s freedom of speech seemingly conflicts with Article 21’s broad fundamental rights to privacy and dignity. Sections 66E (violation of privacy), 67 (publication of obscene material in electronic form), and 67A (sexually explicit content) of the IT Act provide cognizable offenses; however, prosecutors are usually burdened with proving knowledge of false outputs due to their mens rea (intention important to facilitate crime) requirements. In order to process personal data, including biometric media, the DPDP Act, 2023 defines creators as fiduciaries who must seek free, explicit, informed, and unambiguous consent (Section 6). Failure to do so may result in harm penalties (through consideration via court) under Sections 33 and 34. However, strict liability is lessened by exemptions and intermediary safe harbors (Section 79, IT Act). Takedown injunctions are frequently obtained through judicial review through writ petitions under Articles 32/226, but enforcement lags because of jurisdictional uncertainties in cross-border AI servers. There are still gaps in the criteria of evidence for detecting deepfakes, and there are no laws that recognize AI outputs as direct violations.
The Proof
There is overwhelming evidence of legal failure, thousands of deepfake occurrences, majorly involving non-consensual pornography, are reported each year with few to no convictions. Preventions are neglected by the very reactive framework of our IT Act, which is solely dependent on victim’s complaints after injury. A stringent loophole of which is the DPDP Act’s carve-out of publicly available data, which permits the unapproved scraping of social media photos. Following this the platform compliance for take down notices(that extend beyond 36-24 hours) and lack of mandated AI watermarking(despite advisories). In one case, a young professional in Delhi discovered her face on porn sites, leading to workplace harassment; police invoked Section 67A but struggled with tracing the anonymous uploaders involved in the crime. Another surrounded our Home Minister, Amit Shah’s deepfake speech, in which his voice was manipulated to falsely claim he promised to abolish reservation for Scheduled Castes and Tribes, inciting unrest, threatening national integrity and exposing gaps concerning BNS Section 353. Petitions, such as those urging Supreme Court intervention for AI regulation, and parliamentary debates on the DPDP Bill highlighted concerns over our enforcement machinery, yet the Act’s Data Protection Board remains underwhelming. Articles from legal journals emphasize how these gaps disproportionately victimize women, violating gender justice under Article 14’s equality mandate.
Case Laws
Indian courts have dealt with end number of cyber harms, providing precedents that expose deepfake-specific deficiencies in our constitutional framework:
1. Justice K.S. Puttaswamy (Retd.) v. Union of India (2017, Supreme Court): The nine-judge bench declared privacy a fundamental right under Article 21, encompassing informational self-determination. This foundational precedent supports claims against unauthorized use of likeness in deepfakes but lacks direct enforcement against private AI actors.
2. Shreya Singhal v. Union of India (2015, Supreme Court): Struck down Section 66A of the IT Act for vagueness, emphasizing precise speech restrictions. It undermines challenges in regulating deepfake “misinformation” without chilling expression.
3. Avnish Bajaj v. State (2005, Delhi High Court): Addressed intermediary liability for obscene content sales online, clarifying Section 79 safe harbors. Courts still grapple with applying this to deepfake hosting on global platforms.
4. Delhi High Court Influencer Deepfake Case (Recent): Directed porn sites and social media to remove AI-generated obscene images of a female influencer under Section 67A IT Act. Highlights judicial reliance on ex post factoremedies rather than systemic prevention.
5. Sadhguru Jaggi Vasudev Deepfake Precedent:Established principles against unauthorized deepfake creation, invoking privacy and defamation, yet enforcement remains limited to high-profile victims.
6. West Bengal Non-Consensual Image Abuse Case (2018): Involved sentencing for intimate image sharing, the court further awarded compensation but omitted restraining orders, exposing gaps in ongoing victim protection for deepfakes.
Additional references include applications of IPC Sections 354C (voyeurism), 509(outraging modesty), and 499 (defamation) in cyber contexts, often combined with IT provisions.
Conclusion
The concept of technology, Deepfakes, assaults the core of identity and autonomy our constitution seeks to provide. Although the Information Technology Act, and the Digital Personal Data Protection Act, reflects legislative intent, the intent remains inert and useless if one doesn’t strive to work on it and bring about the much called for amendment needed in this aspect. Victims are systemically let down by the flaws entailed in the current architecture of IT Laws in our country. The “let-downs” include evidentiary requirements, intermediary immunities, consent exemptions, and definition voids. While we affirm our rights, the above mentioned case-laws, precedents stand as proof of failure but at the same time depict a step forward. They call for pro-active legislation, tougher fiduciary duties, enhanced technological forensics, and most importantly, mandated AI labelling.
Without these, “Beyond the Screen” will remain to exist, a place of unbridled lawlessness. To protect dignity, swift parliamentary action is necessary. India has to transition from a reactive regulation to a much more victim centric, and resilient approach.
This is no longer a debate about data protection. It is a debate about the balance between:
The Right to Privacy and Technology.
A single judgement could shape the future of digital governance, privacy, liability and rights in India for years to come.
FAQs
Q1: What is a deepfake?
AI-generated synthetic media swapping faces or voices to create false depictions, often with malice.
Q2: Which laws apply currently?
Primarily IT Act Sections 66C/D/E, 67, 67A, DPDP Act for data consent; BNS/IPC for defamation/misinformation.
Q3: Why do laws fail victims?
Lack of specificity, evidentiary burden challenges, slow takedowns, and exemptions allow frequent evasion.
Q4: Can victims sue platforms?
Yes, via intermediary notices, but safe harbors limit liability unless due diligence fails.
Q5: Role of DPDP Act?
Mandates consent for personal data processing, penalties for violations, but enforcement nascent.
Q6: How to report?
Cybercrime portals, police under IT Act, or Data Protection Board complaints.
Reference
● Legal Gaps in Addressing Revenge Porn and Deepfake Pornography in India:https://ijmrset.com/upload/44_Legal%20Gaps%20in%20Addressing%20Revenge%20Porn%20and%20Deepfake%20Pornography%20in%20India.pdf
● Delhi HC Deepfake Order: https://lawchakra.in/high-court/ai-porn-delhi-hc-deepfake-influencer/
● DPDP Act Regulation of Deepfakes:https://www.epw.in/engage/article/regulating-deepfakes-under-indias-digital-personal
● Puttaswamy Judgment:https://indiankanoon.org/doc/91938676/
● Deepfakes in India Analysis:https://tijer.org/tijer/papers/TIJER2411075.pdf
