top of page

Deepfake Technology, Generative AI And Personal Data Misuse: Examining Legal Gaps Under The Digital Personal Data Protection Act, 2023




Prashant Kumar, Uttar Pradesh State Institute of Forensic Science, Lucknow, India


ABSTRACT


The exponential rise of generative artificial intelligence has ushered in a technological epoch that challenges the very foundations of personal identity, informational privacy, and democratic integrity. Among the most insidious products of this revolution is deepfake technology synthetic media fabricated through machine learning architectures, capable of placing real human faces, voices, and identities into fabricated scenarios with unnerving authenticity. In India, the misuse of deepfakes has escalated from a peripheral concern to a pressing socio-legal crisis, yet the legislative response remains markedly inadequate.


This article undertakes a rigorous doctrinal and analytical examination of the Digital Personal Data Protection Act, 2023 (DPDPA) India’s foundational data privacy legislation in the context of deepfake-related personal data misuse. The central argument advanced is that the DPDPA, despite representing a significant legislative milestone, contains critical structural lacunae that leave individuals exposed to harms arising from AI-generated impersonation, non-consensual biometric cloning, synthetic identity fraud, and mass scraping of personal data for AI training purposes.


Through a comparative analysis of international regulatory frameworks including the European Union's AI Act, China's Provisions on Deep Synthesis Internet Information Services, and emerging United States state- level legislation this article identifies six principal legal gaps in the DPDPA: the absence of a definition or regulatory treatment of biometric manipulation; no oversight mechanism for AI training datasets; the lack of deepfake- specific criminal liability; weak cross-border enforcement architecture; inadequate platform accountability; and the near-total absence of a victim compensation mechanism.


The article also critically evaluates whether ancillary legislation including the Bharatiya Nyaya Sanhita, 2023, the Information Technology Act, 2000, and the Bharatiya Sakshya Adhiniyam, 2023 can fill these gaps, concluding that they cannot without significant amendment. The article closes with a comprehensive reform model proposing a standalone Deepfake Regulation Act, mandatory AI content watermarking, an AI licensing regime, enhanced platform liability, and victim-centric redressal mechanisms.


Keywords: Deepfake, Generative AI, DPDPA 2023, Biometric Data, Personal Data, Synthetic Media, Cyber Law, AI Regulation, Privacy, Data Protection.



Indian Journal of Law and Legal Research

Abbreviation: IJLLR

ISSN: 2582-8878

Website: www.ijllr.com

Accessibility: Open Access

License: Creative Commons 4.0

Submit Manuscript: Click here

Licensing: 

 

All research articles published in The Indian Journal of Law and Legal Research are fully open access. i.e. immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

 

Disclaimer:

The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the IJLLR or its members. The designations employed in this publication and the presentation of material therein do not imply the expression of any opinion whatsoever on the part of the IJLLR.

bottom of page