#FactCheck - Philadelphia Plane Crash Video Falsely Shared as INS Vikrant Attack on Karachi Port

Introduction

As India moves full steam ahead towards a trillion-dollar digital economy, how user data is gathered, processed and safeguarded is under the spotlight. One of the most pervasive but least known technologies used to gather user data is the cookie. Cookies are inserted into every website and application to improve functionality, measure usage and customize content. But they also present enormous privacy threats, particularly when used without explicit user approval. 

In 2023, India passed the Digital Personal Data Protection Act (DPDP) to give strong legal protection to data privacy. Though the act does not refer to cookies by name, its language leaves no doubt as to the inclusion of any technology that gathers or processes personal information and thus cookies regulation is at the centre of digital compliance in India. This blog covers what cookies are, how international legislation, such as the GDPR, has addressed them and how India's DPDP will regulate their use.

‍

What Are Cookies and Why Do They Matter?

Cookies are simply small pieces of data that a website stores in the browser. They were originally designed to help websites remember useful information about users, such as your login session or what is in your shopping cart. Netscape initially built them in 1994 to make web surfing more efficient. 

Cookies exist in various types. Session cookies are volatile and are deleted when the browser is shut down, whereas persistent cookies are stored on the device to monitor users over a period of time. First-party cookies are made by the site one is visiting, while third-party cookies are from other domains, usually utilised for advertisements or analytics. Special cookies, such as secure cookies, zombie cookies and tracking cookies, differ in intent and danger. They gather information such as IP addresses, device IDs and browsing history information associated with a person, thus making it personal data per the majority of data protection regulations.

‍

A Brief Overview of the GDPR and Cookie Policy

The GDPR regulates how personal data can be processed in general. However, if a cookie collects personal data (like IP addresses or identifiers that can track a person), then GDPR applies as well, because it sets the rules on how that personal data may be processed, what lawful bases are required, and what rights the user has.

The ePrivacy Directive (also called the “Cookie Law”) specifically regulates how cookies and similar technologies can be used. Article 5(3) of the ePrivacy Directive says that storing or accessing information (such as cookies) on a user’s device requires prior, informed consent, unless the cookie is strictly necessary for providing the service requested by the user.

In the seminal Planet49 decision, the Court of Justice of the European Union held that pre-ticked boxes do not represent valid consent. Another prominent enforcement saw Amazon fined €35 million by France's CNIL for using tracking cookies without user consent.

‍

Cookies and India’s Digital Personal Data Protection Act (DPDP), 2023

India's Digital Personal Data Protection Act, 2023 does not refer to cookies specifically but its provisions necessarily come into play when cookies harvest personal data like user activity, IP addresses, or device data. According to DPDP, personal data is to be processed for legitimate purposes with the individual's consent. The consent has to be free, informed, clear and unambiguous. The individuals have to be informed of what data is collected, how it will be processed.. The Act also forbids behavioural monitoring and targeted advertising in the case of children.

The Ministry of Electronics and IT released the Business Requirements Document for Consent Management Systems (BRDCMS) in June 2025. Although it is not binding by law, it provides operational advice on cookie consent. It recommends that websites use cookie banners with "Accept," "Reject," and "Customize" choices. Users must be able to withdraw or change their consent at any moment. Multi-language handling and automatic expiry of cookie preferences are also suggested to suit accessibility and privacy requirements.

The DPDP Act and the BRDCMS together create a robust user-rights model, even in the absence of a special cookie law.

What Should Indian Websites Do?

For the purposes of staying compliant, Indian websites and online platforms need to act promptly to harmonise their use of cookies with DPDP principles. This begins with a transparent and simple cookie banner providing users with an opportunity to accept or decline non-essential cookies. Consent needs to be meaningful; coercive tactics such as cookie walls must not be employed. Websites need to classify cookies (e.g., necessary, analytics and ads) and describe each category's function in plain terms under the privacy policy. Users must be given the option to modify cookie settings anytime using a Consent Management Platform (CMP). Monitoring children or their behavioural information must be strictly off-limits.

These are not only about being compliant with the law, they're about adhering to ethical data stewardship and user trust building.

What Should Users Do?

Cookies need to be understood and controlled by users to maintain online personal privacy. Begin by reading cookie notices thoroughly and declining unnecessary cookies, particularly those associated with tracking or advertising. The majority of browsers today support blocking third-party cookies altogether or deleting them periodically.

It is also recommended to check and modify privacy settings on websites and mobile applications. It is possible to minimise surveillance with the use of browser add-ons such as ad blockers or privacy extensions. Users are also recommended not to blindly accept "accept all" in cookie notices and instead choose "customise" or "reject" where not necessary for their use.

Finally, keeping abreast of data rights under Indian law, such as the right to withdraw consent or to have data deleted, will enable people to reclaim control over their online presence.

‍

Conclusion

Cookies are a fundamental component of the modern web, but they raise significant concerns about individual privacy. India's DPDP Act, 2023, though not explicitly referring to cookies, contains an effective legal framework that regulates any data collection activity involving personal data, including those facilitated by cookies.

As India continues to make progress towards comprehensive rulemaking and regulation, companies need to implement privacy-first practices today. And so must the users, in an active role in their own digital lives. Collectively, compliance, transparency and awareness can build a more secure and ethical internet ecosystem where privacy is prioritised by design.

‍

References

• https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023
• https://gdpr-info.eu/
• https://d38ibwa0xdgwxx.cloudfront.net/create-edition/7c2e2271-6ddd-4161-a46c-c53b8609c09d.pdf
• https://oag.ca.gov/privacy/ccpa
• https://www.barandbench.com/columns/cookie-management-under-the-digital-personal-data-protection-act-2023#:~:text=The%20Business%20Requirements%20Document%20for,the%20DPDP%20Act%20and%20Rules.
• https://samistilegal.in/cookies-meaning-legal-regulations-and-implications/#
• https://secureprivacy.ai/blog/india-digital-personal-data-protection-act-dpdpa-cookie-consent-requirements
• https://law.asia/cookie-use-india/‍
• https://www.cookielawinfo.com/major-gdpr-fines-2020-2021/#:~:text=4.,French%20websites%20could%20refuse%20cookies.

Introduction

An age of unprecedented problems has been brought about by the constantly changing technological world, and misuse of deepfake technology has become a reason for concern which has also been discussed by the Indian Judiciary. Supreme Court has expressed concerns about the consequences of this quickly developing technology, citing a variety of issues from security hazards to privacy violations to the spread of disinformation. In general, misuse of deepfake technology is particularly dangerous since it may fool even the sharpest eye because they are almost identical to the actual thing.

SC judge expressed Concerns: A Complex Issue

During a recent speech, Supreme Court Justice Hima Kohli emphasized the various issues that deepfakes present. She conveyed grave concerns about the possibility of invasions of privacy, the dissemination of false information, and the emergence of security threats. The ability of deepfakes to be created so convincingly that they seem to come from reliable sources is especially concerning as it increases the potential harm that may be done by misleading information.

Gender-Based Harassment Enhanced

In this internet era, there is a concerning chance that harassment based on gender will become more severe, as Justice Kohli noted. She pointed out that internet platforms may develop into epicentres for the quick spread of false information by anonymous offenders who act worrisomely and freely. The fact that virtual harassment is invisible may make it difficult to lessen the negative effects of toxic online postings. In response, It is advocated that we can develop a comprehensive policy framework that modifies current legal frameworks—such as laws prohibiting sexual harassment online —to adequately handle the issues brought on by technology breakthroughs.

Judicial Stance on Regulating Deepfake Content

In a different move, the Delhi High Court voiced concerns about the misuse of deepfake and exercised judicial intervention to limit the use of artificial intelligence (AI)-generated deepfake content. The intricacy of the matter was highlighted by a division bench. The bench proposed that the government, with its wider outlook, could be more qualified to handle the situation and come up with a fair resolution. This position highlights the necessity for an all-encompassing strategy by reflecting the court's acknowledgement of the technology's global and borderless character.

PIL on Deepfake 

In light of these worries, an Advocate from Delhi has taken it upon himself to address the unchecked use of AI, with a particular emphasis on deepfake material. In the event that regulatory measures are not taken, his Public Interest Litigation (PIL), which is filed at the Delhi High Court, emphasises the necessity of either strict limits on AI or an outright prohibition. The necessity to discern between real and fake information is at the center of this case. Advocate suggests using distinguishable indicators, such as watermarks, to identify AI-generated work, reiterating the demand for openness and responsibility in the digital sphere.

The Way Ahead: 

Finding a Balance

• The authorities must strike a careful balance between protecting privacy, promoting innovation, and safeguarding individual rights as they negotiate the complex world of deepfakes. The Delhi High Court's cautious stance and Justice Kohli's concerns highlight the necessity for a nuanced response that takes into account the complexity of deepfake technology.
• Because of the increased complexity with which the information may be manipulated in this digital era, the court plays a critical role in preserving the integrity of the truth and shielding people from the possible dangers of misleading technology. The legal actions will surely influence how the Indian judiciary and legislature respond to deepfakes and establish guidelines for the regulation of AI in the nation. The legal environment needs to change as technology does in order to allow innovation and accountability to live together.

Collaborative Frameworks: 

• Misuse of deepfake technology poses an international problem that cuts beyond national boundaries. International collaborative frameworks might make it easier to share technical innovations, legal insights, and best practices. A coordinated response to this digital threat may be ensured by starting a worldwide conversation on deepfake regulation.

Legislative Flexibility: 

• Given the speed at which technology is advancing, the legislative system must continue to adapt. It will be required to introduce new legislation expressly addressing developing technology and to regularly evaluate and update current laws. This guarantees that the judicial system can adapt to the changing difficulties brought forth by the misuse of deepfakes.

AI Development Ethics: 

• Promoting moral behaviour in AI development is crucial. Tech businesses should abide by moral or ethical standards that place a premium on user privacy, responsibility, and openness. As a preventive strategy, ethical AI practices can lessen the possibility that AI technology will be misused for malevolent purposes.

Government-Industry Cooperation: 

• It is essential that the public and commercial sectors work closely together. Governments and IT corporations should collaborate to develop and implement legislation. A thorough and equitable approach to the regulation of deepfakes may be ensured by establishing regulatory organizations with representation from both sectors.

Conclusion

A comprehensive strategy integrating technical, legal, and social interventions is necessary to navigate the path ahead. Governments, IT corporations, the courts, and the general public must all actively participate in the collective effort to combat the misuse of deepfakes, which goes beyond only legal measures. We can create a future where the digital ecosystem is safe and inventive by encouraging a shared commitment to tackling the issues raised by deepfakes. The Government is on its way to come up with dedicated legislation to tackle the issue of deepfakes. Followed by the recently issued government advisory on misinformation and deepfake.

References:

• https://www.medianama.com/2023/12/223-chaitanya-rohilla-petition-deepfakes-delhi-hc/
• https://legal.economictimes.indiatimes.com/news/litigation/sc-judge-voices-concern-over-online-harassment-says-deepfake-tech-raises-privacy-invasion-alarms/105872768

Executive Summary:

‍

Our team has come across a recent social media post highlighting a report on fraudulent activities involving deceptive websites and emails impersonating India’s Oil Marketing Companies (OMCs). These phishing scams falsely promise LPG distributorships and retail outlet dealerships, aiming to extract money and personal information from unsuspecting individuals. We strongly urge the public to exercise caution and verify all information exclusively through official OMC channels to avoid falling victim to such fraudulent schemes.

‍

‍

‍

Claim:

‍

It has been reported that fraudsters are impersonating Indian Oil, Bharat Petroleum, and Hindustan Petroleum through fake websites and emails, promising LPG distributorships and seeking money from victims.

‍

‍

‍

‍

Fact Check:

‍

‍

After our research, we came upon more information about this topic and found out that the Press Information Bureau (PIB) has released an official notice confirming that fraudulent websites and emails are impersonating India's Oil Marketing Companies (OMCs), which include Indian Oil Corporation Ltd., Bharat Petroleum Corporation Ltd., and Hindustan Petroleum Corporation Ltd. The scams falsely promise LPG distributorships and retail outlet dealerships while demanding large sums of money from unsuspecting individuals. On June 19, 2019, this was confirmed. The PIB highlighted that OMCs have not allowed any person or organization to charge a fee for dealership selection. All authentic information on these offers is available at the websites of the OMCs: www.iocl.com, www.bharatpetroleum.com, and www.hindustanpetroleum.com. The general public is cautioned to rely only on these sources and report suspicious approaches to the offices of concerned OMCs. If someone finds such an approach, he should immediately contact the cybercrime branch. HPCL has issued alerts on fake websites and emails that promise LPG distributorships and jobs, mimicking official HPCL sites to deceive people.

‍

‍

‍

On the official website of HPCL list down the malicious URLs. They are mentioned below:

• https://kskdealerchayan.com/
• bajajgas.com/index
• hindustanbiofuel.in
• petrolpumpchayanonline.com
• dealerchayanpetrolpump.in
• petrolpumpdealarchayan.com
• petrolpumpsdealerchayan.co.in
• petrolpumpdealershipchayan.org.in
• petrolpumpdealerchayangov.in
• petrolpumpdealership.info
• petrolpumpsdealershipchayan.in
• allindiagasdealership.com
• hindustanpetroleum.online
• hindustanpetroleumcorp.com
• hpcldelership.com
• ujjwalalpgvitarak.org
• ujjwaladealership.com
• lpgvitrakkendra.com
• kissansevakendra.org
• lpgvitarakchayanltd.org
• petrolpumpdelerchayan.in
• petrolpumpdealerschayan.in
• petrolepumpsdelearchayan.in
• kissansevakendra.org
• petrolpumpdealerchayanpro.com
• petrolpumchayanweb.com
• onlinepetrolpumpdealerchayan.com/

‍

HPCL also shared an advisory for their applicants regarding Beware Of Fraudsters.

‍

‍

Conclusion:

‍

It has been proven that fraud offers for LPG distributorships and retail outlet dealerships are being made through fake websites and emails. To avoid such scams, people are advised to be more vigilant, verify all information through official OMC platforms, and immediately report any suspicious activities to the concerned authorities. Being alert and informed is the key to preventing financial loss and protecting personal data from exploitation.

• Claim: Is this HPCL approval letter for an LPG agency dealership legit?
• Claimed On: Social Media 
• Fact Check: False and Misleading