#FactCheck - Digitally Altered Video of Olympic Medalist, Arshad Nadeem’s Independence Day Message

Introduction

The nation got its first consolidated data protection regulation in the form of the Digital Personal Data Protection Act, 2023, in the month of August, and the Indian netizens got their independence in terms of data protection and privacy. The act lays heavy penalties for non-compliance with the provisions, and the same is under the jurisdiction of a Data Protection Board set up by the Central Government, which enjoys powers equivalent to a civil court. The act upholds the right to data privacy as the fundamental right under Article 19 (1)(A) and 21 of the Constitution of India. The same has been judicially supported in the form of the landmark judgement,  Jus. K.S Puttawamy vs. Union of India of 2018. Let us take a look at the impact the act will make on the Indian netizens. 

‍

What is Personal Data? 

Personal Data refers to any form of digitised data which can be directly replicated by any person. This includes email IDs, mobile numbers, health data, banking data, photos, etc. A person to whom the personal data belongs is called the Data Principle. A Data principle is anyone who is above the age of 18 years and consents to the data of children/minors. In the case of children/minors, it is mandatory for the parents or guardians to provide their express consent for the processing of personal data for all or any purposes. Any individual who is processing personal data is known as the Data Fiduciry, and individuals registered under the act may act as consent managers to make the consent transparent.  When it comes to the rights of the netizens, it is seen that the act is created with an aspect of  “Safety by Design” to secure the rights and responsibilities of the netizens. 

‍

Rights secured under the DPDP Act 2023

• Right to Grievance Redressal: The Data fiduciary and the consent manager are required to respond to the grievances of the Data Principal within a time period, which is soon to be prescribed, thus creating a blanket of responsibility for the data fiduciary and consent manager. 
• Right to Nominate: Data Principals have the right to nominate any other individual who shall, in the event of death or incapacity of the data principal, exercise his/her rights.  
• Right to access to information: The Data principal has the right to seek confirmation from Data fiduciaries regarding the processing of their personal data and the summary of the processed data as well. 
• Right to Erasure and Correction: Data principals can reach out to the data fiduciaries in order to exercise their right to correct, complete, update and erasure of their personal data.  
• Territorial Rights: The data is to be processed within India, and processing outside India should be in regard to the services provided in India. 
• Material Rights: The rights are applicable to any personal data collected in digitised form and also for the data collected in a non-digital form but subsequently digitised. 

Obligations for Data Fiduciaries 

The data fiduciaries are mandated to oblige with the following provisions in order to maintain compliance with the laws of the land and by securing the Digital rights of the netizens. 

These are the obligations of the data fiduciaries: 

• Implement technical and organisational measures to safeguard Personal Data. 
• Determine the legal grounds for processing and obtaining consent from Data principals where required. 
• Provide a privacy notice while obtaining consent from Data principals. 
• Implement a mechanism for data principals to exercise their rights.
• Implement a grievance redressal mechanism for handling the queries from Data principals. 
• Irrecoverably delete personal data after the purpose for which it was collected has expired or when the consent has been withdrawn. 
• Have a breach management policy to notify the data protection board and the data principals in accordance with prescribed timelines. 
• Sign a valid contract with Data processors to ensure key obligations are abided by them, including timely deletion of data. 

Conclusion 

As the world steps into the digital age, it is pertinent for the governments of the world to come up with efficient and effective legislation to protect cyber rights and responsibilities, but as cyberspace has no boundaries, nations need to work in synergy to protect their cyber interests and netizens. This can only begin once all nations have indigenous Cyber laws and rights to protect netizens, and the same has been addressed by the Indian Government in the form of the Digital Perosnl Data Protection Act, 2023. The future is full of emerging technologies and the evolution of cyber laws; hence, consolidating a basic legal structure now is of utmost importance and the same is expected to be strengthened in India by the soon-to-be-released Draft Digital India Bill.  

‍

Executive Summary:

Social media is buzzing with a link  that claims to offer an iPhone 15 as a gift from LuLu Hype­rmarket, presente­d as part of Holi celebrations. This article e­xamines the deceptive tactics behind this fraudulent offe­r and provides guidance on recognizing and avoiding such scams.

False Claim:

The link be­ing shared is misleading and falsely claims that LuLu Hype­rmarket is giving away free iPhone­ 15 phones. This is taking advantage of the Holi fe­stival to trick unsuspecting people. Whe­n users click on the link, they are­ redirected multiple­ times and end up on a page with LuLu Hype­rmarket's photo and some simple que­stions. Fake comments are also use­d to make the offer se­em genuine, but it is all a de­ception.

The Deceptive Scheme:

The plan uses psychological tricks by linking the offe­r to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and fe­el like they ne­ed to act fast, so they'll join the scam.

The Fraudulent Campaign Analysed:

The­ scammers are using psychological tactics to manipulate pe­ople. They're e­xploiting the trust people have­ in LuLu Hypermarket and the e­xcitement around the ne­w iPhone 15 during the Holi festival. The­ fake questionnaire se­rves no real purpose, but it's a way to e­ngage users and make the­ scam seem legitimate­. Testimonials claiming people have­ successfully receive­d the iPhone 15 are also fake­, designed to create­ a false sense of cre­dibility. Users are prompted to se­lect a "gift box," which adds an interactive e­lement to draw them in furthe­r. When a user sele­cts a box, they're falsely congratulate­d on winning the iPhone 15, giving them a se­nse of accomplishment. Finally, users are­ urged to share the link via WhatsApp to "claim" the­ gift, spreading the scam to more pote­ntial victims.

What do we Analyse? :

• We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.

Link : (https://sophisticate­ddistort[.]top/nTiwpTTTT526?llue1696559991144)

• It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
• The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

‍

• Domain Name: sophisticateddistort.top
• Registry Domain ID: D20230629G10001G_04181852-top
• Registrar WHOIS Server: whois.west263.com
• Registrar URL: www.west263.com
• Updated Date: 2023-07-01T02:55:34Z
• Creation Date: 2023-06-29T06:05:00Z
• Registry Expiry Date: 2024-06-29T06:05:00Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Shan Xi
• Registrant Country: CN (China)
• Name Server: curt.ns.cloudflare.com
• Name Server: harlee.ns.cloudflare.com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

‍

‍

‍

Introduction

In July 2025, the Digital Trust & Safety Partnership (DTSP) achieved a significant milestone with the formal acceptance of its Safe Framework Specification as an international standard, ISO/IEC 25389. This is the first globally recognised standard that is exclusively concerned with guaranteeing a secure online experience for the general public's use of digital goods and services.

Significance of the New Framework

Fundamentally, ISO/IEC 25389 provides organisations with an organised framework for recognising, controlling, and reducing risks associated with conduct or content. This standard, which was created under the direction of ISO/IEC's Joint Technical Committee 1 (JTC 1), integrates the best practices of DTSP and offers a precise way to evaluate organisational maturity in terms of safety and trust.  Crucially, it offers the first unified international benchmark, allowing organisations globally to coordinate on common safety pledges and regularly assess progress.

Other Noteworthy Standards and Frameworks

While ISO/IEC 25389 is pioneering, it’s not the only framework shaping digital trust and safety:

• One of the main outcomes of the United Nations’ 2024 Summit for the Future was the UN's Global Digital Compact, which describes cross-border cooperation on secure and reliable digital environments with an emphasis on countering harmful content, upholding online human rights, and creating accountability standards. 
• The World Economic Forum’s Digital Trust Framework defines the goals and values, such as cybersecurity, privacy, transparency, redressability, auditability, fairness, interoperability and safety, implicit to the concept of digital trust. It also provides a roadmap to digital trustworthiness that imbibes these dimensions. 
• The Framework for Integrity, Security and Trust (FIST) launched at the Cybereace Summit 2023 at USI of India in New Delhi, calls for a multistakeholder approach to co-create solutions and best practices for digital trust and safety.
• While still in the finalisation stage for implementation rollout, India's Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules (2025) aim to strike a balance between individual rights and data processing needs by establishing a groundwork for data security and privacy.
• India is developing frameworks in cutting-edge technologies like artificial intelligence. Using a hub-and-spoke model under the IndiaAI Mission, the AI Safety Institute was established in early 2025 with the goal of creating standards for trustworthy, moral, and safe AI systems. Furthermore, AI standards with an emphasis on safety and dependability are being drafted by the Bureau of Indian Standards (BIS). 
• Google's DigiKavach program (2023) and Google Safety Engineering Centre (GSEC) in Hyderabad are concrete efforts to support digital safety and fraud prevention in India's tech sector.

What It Means for India

India is already claiming its place in discussions about safety and trust around the world. Google's June 2025 safety charter for India, for example, highlights how India's distinct digital scale, diversity, and vast threat landscape provide insights that inform global cybersecurity strategies. 

For India's digital ecosystem, ISO/IEC 25389 comes at a critical juncture. Global best practices in safety and trust are desperately needed as a result of the rapid adoption of digital technologies, including the growth of digital payments, e-governance, and artificial intelligence and a concomitant rise in instances of digital harms. Through its guidelines, ISO/IEC 25389 provides a reference benchmark that Indian startups, government agencies, and tech companies can use to improve their safety standards.

Conclusion 

A global trust-and-safety standard like ISO/IEC 25389 is essential for making technology safer for people, even as we discuss the broader adoption of security and safety-by-design principles integrated into the processes of technological product development. India can improve user protection, build its reputation globally, and solidify its position as a key player in the creation of a safer, more resilient digital future by implementing this framework in tandem with its growing domestic regulatory framework (such as the DPDP Act and AI Safety policies).

References 

• https://dtspartnership.org/the-safe-framework-specification/
• https://dtspartnership.org/press-releases/dtsps-safe-framework-published-as-an-international-standard/?
• https://www.weforum.org/stories/2024/04/united-nations-global-digital-compact-trust-security/?
• https://economictimes.indiatimes.com/tech/technology/google-releases-safety-charter-for-india-senior-exec-details-top-cyber-threat-actors-in-the-country/articleshow/121903651.cms? 
• https://initiatives.weforum.org/digital-trust/framework 
• https://government.economictimes.indiatimes.com/news/secure-india/the-launch-of-fist-framework-for-integrity-security-and-trust/103302090 

‍