Alliance Center for
Intellectual Property Rights

Back

THE DIGITAL DOPPELGÄNGER: PROTECTING YOUR IDENTITY IN INDIA'S CYBER AGE

November 15, 2025

*Mr. Anant Gupta
**Ms. Mayuri Tumdam

INTRODUCTION:

In an age when artificial intelligence can imitate your voice, alter your image, and bring back antiquated information about you online indefinitely, a troubling question arises i.e., who owns your digital self? This question is at the heart of The Digital Doppelgänger, an important new concept on personality rights and the right to be forgotten under Indian law. As technology continues to outstrip legislation, the courts in India have stepped in to fill the void; however, the judicial solutions remain a patchwork of questions and solutions that reveal a deeper need to protect digital identity in total.

THE DIGITAL DOPPELGÄNGER: A NEW THREAT

Consider a version of yourself that exists in the digital landscape, created without your permission, unable to be mended and made for someone's profit or to inflict damage. This is the “digital doppelgänger”, a flawed, permanent identity in digital form, composed of deepfakes, preserved news articles, previous court rulings, and AI-generated representations. Unlike your physical self, this digital version never forgets, never ages, and increasingly, doesn't seem like you at all.

The permanence of online data generates a troubling tension: while society can allow people to move on from their past mistakes, the internet does not let people escape. A person acquitted of the charges is free to rebuild his or her life, but the search results that link this person to the crime continue to show up. An AI can clone a celebrity's image and place it in a misleading sexual context. A woman's image can be altered to create non-consensual pornographic deepfakes.

This concern is no longer hypothetical. In 2025, entrepreneur Ankur Warikoo successfully removed AI-generated videos that depicted him in fraudulent schemes to defraud people. Bollywood celebs Aishwarya Rai Bachchan and Abhishek Bachchan obtained injunctions against deepfakes with non-consensual explicit content. These aren't outliers, they're harbingers of a much deeper and systemic issue, one that may shake the foundations of India's legal systems.

PRIVACY RIGHTS AS A CONSTITUTIONAL FOUNDATION

India's digital identity protection framework rests on the Constitution. In Article 21 of the Indian Constitution, it is stated that "no person shall be deprived of his life or personal liberty except by the procedure established by law." For years, this article was interpreted narrowly as protecting only bodily liberty from arrest by the state. The watershed moment came in 2017 with the Supreme Court's decision in Justice K.S. Puttaswamy (Retd.) v. Union of India.

In Puttaswamy, a nine-judge bench unanimously held that privacy is a fundamental right. As relevant for our digital context, the Court noted, "Human beings forget, but the Internet has a long memory. A person should always have the opportunity to recreate and start when they have made a mistake in the past." The ruling constitutionalized personality rights over one's name, image, voice, and likeness and initiated the right to be forgotten (RTBF).

THE PERSONALITY RIGHTS PATCHWORK: FROM COMMON LAW TO IP LAW

Before Puttaswamy judgment, there was no coherent system of protecting personality rights in India. Courts had pieced together protections from a variety of legal sources, which have been referred to in this article as a 'mosaic of protection.'

A. THE TORT OF PASSING OFF

In the past, the tort of passing off under trademark law served as the most common remedy for unauthorized use of a person’s likeness. A landmark case pertaining to this area is D. M. Entertainment Pvt. Ltd. v. Baby Gift House (2010), in which the Delhi High Court held that the sale of dolls that depicted singer Daler Mehndi constituted an unauthorized commercial exploitation of his persona. However, this remedy necessitates the requirement of consumer confusion to be proved, which often becomes a difficult task in non-commercial environments that involve privacy violations, such as in the cases of "revenge porn."

B. RETROFITTING INTELLECTUAL PROPERTY LAWS

Courts have employed original IP statutes in interesting ways:

• Copyright Act, 1957: Protects performers' rights for a period of 50 years, but only for performances recorded. It therefore provides no protection against unauthorized voice clones of a performer as a consequence of AI.
• Trade Marks Act, 1999: Individuals can trademark their names and catchphrases, but as a result, it converts personal identity into a commodity rather than protecting one's dignity as a performer.

There are serious limitations within the intellectual property framework. These legal frameworks are designed to protect commercial interests rather than to protect individuals, such as a teenager from non-consensual deepfake pornography, or an ordinary citizen from a decades-old criminal charge being re-circulated online, from violations of privacy and personal dignity.

THE RIGHT TO BE FORGOTTEN: A JUDICIAL TUG-OF-WAR

The right to be forgotten ["RTBF"] – the right to request the removal of outdated or irrelevant personal information from public exposure – is arguably the most controversial development in Indian cyber law. In contrast to Europe, where the RTBF has been codified in Article 17 of the GDPR, India lacks such a statutory framework. The Indian Courts must take the task of balancing claims to the RTBF against the competing constitutional principles such as the right to freedom of speech and the public’s interest in accessing information. This act of balancing between the two emphasizes the broader tension between individual autonomy in the digital landscape and the collective value of preserving information as part of the public record.

THE SPLIT VERDICT

The Indian High Courts have come up with divergent conclusions on the scope and applicability of the RTBF. In Jorawar Singh Mundy v. Union of India, the Delhi High Court provided interim relief to a man who was acquitted of NDPS charges and directed Google to remove the judgment from search results as its continued availability was harming his career and social life. The Court treated the RTBF as being fundamental to the right to privacy. In contrast, in Vysakh K.G. v. Union of India, the Kerala High Court held that the RTBF could not trump the principles of open justice and freedom of the press. This conflicting jurisprudence has created a legal uncertainty over these questions, which the Hon’ble Supreme Court is expected to clarify in the case of IKanoon Software Development Pvt. Ltd. v. Karthick Theodore.

AI AND DEEPFAKES: THE INSUFFICIENCY OF EXISTING LAW

Generative AI poses difficulties that no prior law could foresee. Detrimental deepfakes hyper-realistic synthetic media generated through Generative Adversarial Networks, can be used to harm people through:

• Non-consensual pornography: At disproportionate rates to women.
• Political disinformation: Violating, or invalidating, democratic outcomes.
• Financial fraud: Including voice cloning for wire transfer scams.
• National security threats: Including impersonating government officials.

A. THE LEGISLATIVE GAP

The Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 have useful provisions that prohibit identity theft, obscene representation, and impersonation but address only small factual slices of the problem that deepfakes present. The Digital Personal Data Protection Act, 2023 contemplates unauthorized scraping of data for the purpose of training AI models but is silent on harmful synthetic media that scrape data.

B. JUDICIAL INNOVATION: "JOHN DOE" AND DYNAMIC INJUNCTIONS

In the absence of a comprehensive legislation to deal with these issues, the Indian courts have adopted inventive judicial strategies to address these emerging digital harms. The Delhi and Bombay High Courts have issue "John Doe" orders against unidentified creators of deepfakes, and, more recently, have granted dynamic injunctions that automatically apply to future URLs and platforms carrying infringing content. While these measures seem to be clever, they ultimately remain unsustainable as long-term solutions to a phenomenon that exists at a massive scale.

LEARNING FROM GLOBAL FRAMEWORKS

While international approaches should inform India’s future policy, the country must avoid merely replicating the foreign models. Instead, India’s framework should be drawn from best practices across the globe while adapting them to its unique constitutional structure, socio-cultural realities, and technological ecosystem. For example, the European Union’s General Data Protection Regulation (EU-GDPR) provides a comprehensive rights-based approach that emphasises on consent, accountability, and the right to be forgotten. Hence, India’s challenge lies in developing a framework that balances both individual rights with technological innovation, ensuring that there exists both digital accountability as well as the freedom of expression.

A. THE EUROPEAN MODEL: RIGHTS-BASED

The European model focuses on the EU’s GDPR, which enshrines the right to erasure as a legal right and sets objective criteria for its challenges (see Richards, 2018). These include cases where data is no longer necessary for the purpose for which it was originally processed, consent has been withdrawn, or the processing is unlawful. Article 17(3) creates exceptions for rights of freedom of expression and for processing undertaken for archiving purposes in the public interest and historical research. In this way, the regulation balances privacy against competing rights.

B. THE AMERICAN MODEL: PROPERTY AND FREE SPEECH

In the United States, there is no federal law for a right to be forgotten. Erasure is seen as a First Amendment violation, or compelled removal of truthful speech. The fragmented American right of publicity is enforced on a state- by-state basis. It treats the right of publicity as property and primarily in favour of celebrities or "public figures." Ordinary individuals and victims of deepfakes do not have recourse.

TOWARD A UNIFIED DIGITAL IDENTITY PROTECTION ACT

The article recommends that India must move beyond this judicial patchwork by creating a full and comprehensive Digital Identity Protection Law. A law like this should:

1. Protect Personality Rights for Everyone: Dictate that protectable characteristics (name, image, voice, likeness, distinctive mannerisms) are for everyone and not just for commercial celebrities, and are rooted in personal dignity rather than commercial value.
2. Establish the Right to Be Forgotten: Build objective criteria for RTBF attacks (information is inaccurate, information is no longer relevant and/or newsworthy, unlawful processing) and tiered remedies (de-index from search results, redact sensitive information, remove data in egregious cases).
3. Balance Competing Rights: Create statutory clarity to balance privacy and freedom of speech (Article 19(a)) with the public's right to information, so that ad hoc balancing by the courts do not produce unpredictable results.
4. Be Prepared for Technology Threats: Implement policies requiring plaques or labels to identify synthetic media and require strict liability for maliciously created deepfakes and place liability on online intermediaries to remove them more quickly, among other measures.

THE IMPERATIVE FOR LEGISLATIVE ACTION

The situation is ultimately ironic: while the courts in India have been remarkably interventionist in the development of personality rights jurisprudence, this very mercurial activism indicates the limits of the case-by-case development. Ordinary citizens, who have been harmed by deep fakes, often lack the resources to engage in litigation, while economic precedent has been dominated by celebrities, thereby misinterpreting the law towards economic interests. High Courts remain divided on fundamental questions, and any legislative response lags behind technological development. A single law would not merely protect the increasingly anachronistic digital self, but would elevate India from reactive measures to a position of leadership in negotiating the democratic principles of dignity, autonomy, and liberty in the context of technological development.

The digital doppelgänger is no longer a hypothetical scenario; it is already here. The question now lies whether India will respond by continuing its historic approach judicially with a case-by-case basis judicial approach as developed to date; or legislatively; or by adopting some proactive measure. The time to generate real, comprehensive statutory protections for dignity, autonomy and liberty relative to living in the digital world is not tomorrow; it is now.

REFERENCES

1. Ankur Warikoo v. John Doe, (2025) SCC OnLine Del 3727.
2. Aishwarya Rai Bachchan v. John Doe, CS(COMM) 956/2025 (Delhi H.C. Sept. 10, 2025).
3. Abhishek Bachchan v. Bollywood Tee Shop, CS(COMM) 960/2025 (Delhi H.C. Sept. 2025).
4. INDIA CONST. art. 21.
5. Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors, AIR 2017 SC 4161.
6. D.M. Entertainment Pvt. Ltd. v. Baby Gift House and Ors, 2010 SCC OnLine Del 4790.
7. The Copyright Act, 1957, No. 14, Acts of Parliament, 1957 (India).
8. The Trade Marks Act, 1999, No. 47, Acts of Parliament, 1999 (India).
9. Regulation 2016/679, art. 17, 2016 O.J. (L 119) 1 (EU). 
10. Jorawer Singh Mundy vs. Union of India & Ors,W.P.(C) 3918/2021.
11. Vysakh K.G. v. Union of India, 2022 SCC OnLine Ker 7337.
12. IKanoon Software Development Pvt. Ltd. v. Karthick Theodore, SLP(C) No. 15311/2024.
13. The Information Technology Act, 2000, No. 21, Acts of Parliament, 2000 (India).
14. The Bharatiya Nyaya Sanhita, 2023, § 356, NO. 45, Acts of Parliament, 2023 (India).
15. The Digital Personal Data Protection Act, 2023, § 6, NO. 22, Acts of Parliament, 2023 (India). 
16. Akshay Hari Om Bhatia v. John Doe, 2025 SCC OnLine Bom 4044
17. Regulation 2016/679, of the European Parliament and of the Council of 27 Apr. 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), art. 17, 2016 O.J. (L 119) 1 (EU).
18. Regulation 2016/679, art. 17(3), 2016 O.J. (L 119) 1 (EU). 
19. INDIA CONST. art. 19, cl. 1(a).

Author:
*Mr. Anant Gupta,
5th Year B.A. LL. B. (Hons.) Student, Dharmashastra National Law University (DNLU), Jabalpur
**Ms. Mayuri Tumdam,
5th Year B.A. LL. B. (Hons.) Student, Dharmashastra National Law University (DNLU), Jabalpur

Disclaimer: The opinions expressed in the article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of the Alliance Centre for Intellectual Property Rights (ACIPR) and the Centre does not assume any responsibility or liability for the same.

Back