#FactCheck: Viral Video Claiming IAF Air Chief Marshal Acknowledged Loss of Jets Found Manipulated

Introduction

In today’s digital world, where everything is related to data, the more data you own, the more control and compliance you have over the market, which is why companies are looking for ways to use data to improve their business. But at the same time, they have to make sure they are protecting people’s privacy. It is very tricky to strike a balance between both of them. Imagine you are trying to bake a cake where you need to use all the ingredients to make it taste great, but you also have to make sure no one can tell what’s in it. That’s kind of what companies are dealing with when it comes to data. Here, ‘Pseudonymisation’ emerges as a critical technical and legal mechanism that offers a middle ground between data anonymisation and unrestricted data processing. 

Legal Framework and Regulatory Landscape 

Pseudonymisation, as defined by the General Data Protection Regulation (GDPR) in Article 4(5), refers to “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person”. This technique represents a paradigm shift in data protection strategy, enabling organisations to preserve data utility while significantly reducing privacy risks. The growing importance of this balance is evident in the proliferation of data protection laws worldwide, from GDPR in Europe to India’s Digital Personal Data Protection Act (DPDP) of 2023. 

Its legal treatment varies across jurisdictions, but a convergent approach is emerging that recognises its value as a data protection safeguard while maintaining that the pseudonymised data remains personal data. Article 25(1) of GDPR recognises it as “an appropriate technical and organisational measure” and emphasises its role in reducing risks to data subjects. It protects personal data by reducing the risk of identifying individuals during data processing. The European Data Protection Board’s (EDPB) 2025 Guidelines on Pseudonymisation provide detailed guidance emphasising the importance of defining the “pseudonymisation domain”. It defines who is prevented from attributing data to specific individuals and ensures that the technical and organised measures are in place to block unauthorised linkage of pseudonymised data to the original data subjects. In India, while the DPDP Act does not explicitly define pseudonymisation, legal scholars argue that such data would still fall under the definition of personal data, as it remains potentially identifiable. The Act defines personal data defined in section 2(t) broadly as “any data about an individual who is identifiable by or in relation to such data,” suggesting that the pseudonymised information, being reversible, would continue to require compliance with data protection obligations. 

Further, the DPDP  Act, 2023 also includes principles of data minimisation and purpose limitation. Section 8(4) says that a “Data Fiduciary shall implement appropriate technical and organisational measures to ensure effective observance of the provisions of this Act and the Rules made under it.” The concept of Pseudonymization fits here because it is a recognised technical safeguard, which means companies can use pseudonymization as one of the methods or part of their compliance toolkit under Section 8(4) of the DPDP Act. However, its use should be assessed on a case to case basis, since ‘encryption’ is also considered one of the strongest methods for protecting personal data. The suitability of pseudonymization depends on the nature of the processing activity, the type of data involved, and the level of risk that needs to be mitigated. In practice, organisations may use pseudonymization in combination with other safeguards to strengthen overall compliance and security.

The European Court of Justice’s recent jurisprudence has introduced nuanced considerations about when pseudonymised data might not constitute personal data for certain entities. In cases where only the original controller possesses the means to re-identify individuals, third parties processing such data may not be subject to the full scope of data protection obligations, provided they cannot reasonably identify the data subjects. The “means reasonably likely” assessment represents a significant development in understanding the boundaries of data protection law. 

Corporate Implementation Strategies 

Companies find that pseudonymisation is not just about following rules, but it also brings real benefits. By using this technique, businesses can keep their data more secure and reduce the damage in the event of a breach. Customers feel more confident knowing that their information is protected, which builds trust. Additionally, companies can utilise this data for their research or other important purposes without compromising user privacy. 

Key Benefits of Pseudonymisation:

1. Enhanced Privacy Protection: It hides personal details like names or IDs with fake ones (with artificial values or codes), making it harder for accidental privacy breaches.
2. Preserved Data Utility: Unlike completely anonymous data, pseudonymised data keeps its usefulness by maintaining important patterns and relationships within datasets.
3. Facilitate Data Sharing: It’s easier to share pseudonymised data with partners or researchers because it protects privacy while still being useful.

However, using pseudonymisation is not as easy as companies have to deal with tricky technical issues like choosing the right methods, such as encryption or tokenisation and managing security keys safely. They have to implement strong policies to stop anyone from figuring out who the data belongs to. This can get expensive and complicated, especially when dealing with a large amount of data, and it often requires expert help and regular upkeep. 

Balancing Privacy Rights and Data Utility

The primary challenge in pseudonymisation is striking the right balance between protecting individuals' privacy and maintaining the utility of the data. To get this right, companies need to consider several factors, such as why they are using the data, the potential hacker's level of skill, and the type of data being used.

Conclusion 

Pseudonymisation offers a practical middle ground between full anonymisation and restricted data use, enabling organisations to harness the value of data while protecting individual privacy. Legally, it is recognised as a safeguard but still treated as personal data, requiring compliance under frameworks like GDPR and India’s DPDP Act. For companies, it is not only regulatory adherence but also ensuring that it builds trust and enhances data security. However, its effectiveness depends on robust technical methods, governance, and vigilance. Striking the right balance between privacy and data utility is crucial for sustainable, ethical, and innovation-driven data practices.

References:

1. https://gdpr-info.eu/art-4-gdpr/
2. https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
3. https://gdpr-info.eu/art-25-gdpr/
4. https://www.edpb.europa.eu/system/files/2025-01/edpb_guidelines_202501_pseudonymisation_en.pdf
5. https://curia.europa.eu/juris/document/document.jsf?text=&docid=303863&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=16466915
6. https://curia.europa.eu/juris/document/document.jsf?text=&docid=303863&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=16466915

‍

Biological data includes biometric information such as fingerprints, facial recognition, DNA sequences, and behavioral traits. Genetic data can be extracted from an individual’s remains long after their death and can continue to identify both that individual and an expanding pool of their living relatives. This persistent identification can significantly reduce privacy over time, revealing genetic characteristics and familial relationships across successive generations.

Key Developments in Privacy Protection for Biological Data:

Legal texts have been created relating to personal data protection and privacy broadly, and can sometimes prove to be poor adaptations specifically for ‘biometric data’ and its safety. Some examples are mentioned below:

1. EU and UK- GDPR

GDPR focuses primarily on biometrics in Biological Data while deciphering the technology's immense potential. The EU describes “personal data” under the General Data Protection Regulation (GDPR) including any identifiable information about a particular person. For example, this can include names, identification numbers, location data, and other structured and unstructured data. In addition, the GDPR has more specific requirements around processing sensitive or “special categories of personal data.” These “special categories” include things like genetic and biometric data. For biometric security to work well, citizens' rights must be protected appropriately, and the data collected by private and public concerns must be managed carefully and sensibly. 

2. USA

California Consumer Privacy Act (CCPA) grants Californian consumers the right to protect their personal information and biometric data including the right to disclosure or access, the right to be forgotten, and data portability. The sale of personal information and the option of opt-out is also given to consumers. Additionally, it contains the right to take legal action, with penalties imposed for violations.

The California Privacy Rights Act was passed on November 3, 2020, and took effect on January 1, 2023, with a lookback period starting January 1, 2022. It introduces sensitive personal information which includes biometric data and other sensitive details. 

Virginia's Consumer Data Protection Act, effective from January 1, 2023, designates genetic and biometric data as sensitive data that must be protected.

Illinois' Biometric Information Privacy Act is recognised as the most robust biometric privacy law in the United States. The significance of the Rosenbach v. Six Flags case lies in the Illinois Supreme Court's ruling that a plaintiff does not need to demonstrate additional harm to impose penalties on a BIPA violator. A mere loss of statutory biometric privacy rights is sufficient to warrant penalties.

3. India

As per Rule 2(1)(b) of the SPDI Rules, Sensitive Personal Data or Information, including biometric data is included under its meaning. The term ‘biometric data’ has not been defined in the Digital Personal Data Protection Act, 2023. The need for data privacy under the DPDP Act emerges only if such data is subsequently digitised under extraction and manipulation, including notice and consent requirements and penalties. 

The Biotech-PRIDE (Promotion of Research and Innovation through Data Exchange) Guidelines of 2021 are aimed at fostering an exchange of information which would thereby enhance research and innovation among various research groups nationwide. These guidelines do not deal with the generation of biological data but are a mechanism to share and exchange information and knowledge generated according to existing laws, rules, regulations and norms of the country. They will ensure data-sharing benefits, maximise use, avoid duplication, maximise integration, ownership of information, better decision-making and equity of access

How is Biological Data vulnerable?

• Biological data is often immutable, meaning it cannot be altered once compromised. Unlike other authentications that can be changed, compromised biometric data poses a permanent risk, making its protection paramount.
• The use of facial recognition technology by law enforcement agencies and the creation of databases by the same also highlights the urgent need for stringent privacy protections.
• Advances in technology, particularly AI and ML, make it easier to collect, analyse, and utilise biometric data by manipulating biometric data. This in turn is leading to new forms of identity theft and fraud that make it necessary to enhance security measures and ethical considerations to prevent abuse.
• Cross-border data transfers raise serious privacy concerns, especially as countries have varying levels and standards of data protection. 
• Wearable health-related biometric devices lack the required privacy protections which ends up making the data they collect vulnerable to misuse and breaches.

Future Outlook

With the growing use of biological data, there is likely to be increased pressure on regulatory bodies to strengthen privacy protections. This necessitates a need for enhanced security measures to protect users' identities and further prevent any form of unauthorised access. Future developments should be aimed at including strict consent requirements, and enhanced data security measures, especially for wearable devices. A new legal framework specifically designed to address the challenges posed by biometric data would be welcome. Biological data protection is an emerging need in the digital environment that we live in today.

References

• https://www.cnbc.com/2024/08/17/new-privacy-battle-is-underway-as-tech-gadgets-capture-our-brain-waves.html 
• https://www.snrlaw.in/sense-and-sensitivity-sensitive-information-under-indias-new-data-regime/ 
• https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/biometrics/biometric-data‍
• https://www.business-standard.com/article/economy-policy/govt-releases-guideline-to-provide-framework-for-sharing-of-biological-data-121073001467_1.html

Introduction

In today's relentless current of information, where social media is oftentimes both the stage and the playwright, the line between reality and spectacle can become distressingly blurry. In such a virtual Pantheon, the conflation of truth and fiction has recently surfaced in a particularly contentious instance. The central figure is Poonam Pandey, an entertainment personality known for transgressing traditional contours of celebrity boldness. Pandey found herself ensnared in a narrative of her own orchestration—a grim hoax purporting she had succumbed to cervical cancer. This deceptive foray, rather than awakening public consciousness as intended, spiralled into an ominous fable about the malignant spread of misinformation and the profound moral dilemmas it engenders.

The Deception

The tapestry of this event was woven with threads of tragedy and deception, framing Pandey both as the tragic hero and the ill-fated architect of a spectacle that unfolded with a haunting familiarity evocative of ancient Greek dramas. The monumental pillar of social media, on what seemed to be an ordinary day, was shattered by the startling declaration of Pandey's untimely passing. The statement, as bereft of nuance as it was devastating, proclaimed: 'We are deeply grieved to announce the loss of our cherished Poonam to cervical cancer.' The emotional pulse of the Indian Film Industry was jolted; waves of homage inundated the digital space, each tribute a poignant echo of the shock that rippled through her fanbase. Yet the crux of the matter had yet to be unveiled.

As the world grappled with this news, the scenario took an unforeseen detour. Poonam Pandey made a re-entrance onto the world stage, alive, revealing her alleged demise to be nothing more than a macabre masquerade. The public's reaction to this revelation was a stratified symphony of emotions—indignation mingled with disbelief, with an underlying crescendo of betrayal. Pandey's defense postured her act as a last resort to draw attention to the silent yet pervasive threat of cervical cancer. In the ensuing mire of reactions, an inescapable quandary emerged: is it ever permissible to employ deceit for the sake of presumed publicity?

The Chaos 

Satyajeet Tambe, an esteemed Maharashtra legislator, emerged amidst the churning chaos as a paragon of principled reason. Advocating that such mendacious stunts, playing the chords of public emotion and adulterating truth, should be met with legal repercussions, Tambe called for judicious action against Pandey. His imploration resonated with the necessity of integrity in the public domain, stating, 'The announcement of an influencer/model succumbing to cervical cancer should not be wielded as a tool for awareness.' His pronouncement sent reverberations through the collective conscience, echoing the need for accountability in the face of such transgressions.

Repercussion 

The All Indian Cine Workers Association, a custodian of the film industry's values, also voiced its reproach. They urged for an FIR to be lodged against Poonam Pandey, underlining their sentiments with disappointment and a keen sense of betrayal. Within their condemnation lay a profound recognition of the elevated emotional investment inherent in their industry—an industry where the reverence for life and the abhorrence of deceit intertwine, making the cultivation of such lowly stunts anathema.

This spectacle, while unique in the temerity of its execution, mirrors the broader pathological wave of misinformation that corrodes the foundations of our digital era: the malady of fake news. When delineated, fake news finds its essence as information chiselled specifically to deceive, a form of communication that is not merely slanted but entirely devoid of authenticity, manufactured with nefarious intent. A protean adversary, fake news adeptly masquerades as trustworthy news, ensnaring the unsuspecting in its tendrils. Its purveyors span a spectrum—from shadowy figures to ostensibly benign social media accounts—all contributing to a dystopian fabric where truth is persistently imperilled.

The conjurers of these illusions are, in a sense, cunning illusionists ensconced behind curtains of anonymity or masquerading under a cloak of transparency. They craft elaborate illusions devoid of truth, but dripping with sufficient plausibility to ensnare those who yearn for simplicity in an increasingly complex world. Destabilizing forces, such as hyper partisan media outlets, regurgitate a concoction of concocted 'facts' and distortions, deliberately smudging the once-clear line between empirical truth and partisan fabrication.

The Aftermath 

The Poonam Pandey episode stands as a harrowing beacon of the ethical abyss we face. It compels us to confront the irony of utilising falsity to raise awareness for laudable causes and considers the ramifications for public figures influencing the dissemination of information. The tempest around this event demonstrates the potent gravitational pull of information and the overarching need for the conscientious stewardship of its power.

Yet, as we sail through the murky waters of the digital expanse, where the allure of sensationalism and clickbait headlines is ever-present, our vigilance must not wane. The imperative of truth cannot come at the altar of awareness or sensationalism. The sanctity of fact anchors our understanding of reality; devoid of it, we are adrift in an ocean of confusion and misinformation.

In the dust settled after the Poonam Pandey debacle, the contours of a new discourse have emerged, harboring vital interrogations. How do we balance the drive for poignant awareness initiatives against the cardinal principle of truth? What mechanisms can ensure that health campaigns and their noble aspirations are not tainted by the allure of deception? Addressing these queries is not a solitary task for policymakers or influencers but, indeed, a collective societal responsibility that will define our cultural ethics and the legacy we wish to preserve.

Conclusion 

As we contemplate the broader implications of this incident, let us not allow its sensational nature to eclipse the very real and pressing issue of cervical cancer—a condition that, beyond the glare of controversy, continues to shadow lives with its lethal silence. Instead, let our focus pivot towards tangible, truth-driven efforts aimed at education and empowerment. Truth, after all, is the beacon that dispels the murky shadows of ignorance and guides us toward enlightenment and healing.

References 

• https://www.hindustantimes.com/india-news/poonam-pandey-in-trouble-as-maharashtra-politician-seeks-case-for-faking-her-death-101707005742992.html
• https://www.nagpurtoday.in/state-mlc-tambe-demands-police-action-against-poonam-pandey-for-faking-her-death/02051417

‍