#FactCheck -Old Karnataka Video Falsely Linked to Holi Celebrations on Eid in Delhi

Modern international trade heavily relies on data transfers for the exchange of digital goods and services. User data travels across multiple jurisdictions and legal regimes, each with different rules for processing it. Since international treaties and standards for data protection are inadequate, states, in an effort to protect their citizens' data, have begun extending their domestic privacy laws beyond their borders. However, this opens a Pandora's box of legal and administrative complexities for both, the data protection authorities and data processors. The former must balance the harmonization of domestic data protection laws with their extraterritorial enforcement, without overreaching into the sovereignty of other states. The latter must comply with the data privacy laws in all states where it collects, stores, and processes data. While the international legal community continues to grapple with these challenges, India can draw valuable lessons to refine the Digital Personal Data Protection Act, 2023 (DPDP) in a way that effectively addresses these complexities.

Why Extraterritorial Application? 

Since data moves freely across borders and entities collecting such data from users in multiple states can misuse it or use it to gain an unfair competitive advantage in local markets, data privacy laws carry a clause on their extraterritorial application. Thus, this principle is utilized by states to frame laws that can ensure comprehensive data protection for their citizens, irrespective of the data’s location.  The foremost example of this is the European Union’s (EU) General Data Protection Regulation (GDPR), 2016,  which applies to any entity that processes the personal data of its citizens, regardless of its location. Recently, India has enacted the DPDP Act of 2023, which includes a clause on extraterritorial application.

The Extraterritorial Approach: GDPR and DPDP Act

The GDPR is considered the toughest data privacy law in the world and sets a global standard in data protection. According to Article 3, its provisions apply not only to data processors within the EU but also to those established outside its territory, if they offer goods and services to and conduct behavioural monitoring of data subjects within the EU. The enforcement of this regulation relies on heavy penalties for non-compliance in the form of fines up to €20 million or 4% of the company’s global turnover, whichever is higher, in case of severe violations. As a result, corporations based in the USA, like Meta and Clearview AI, have been fined over  €1.5 billion and €5.5 million respectively, under the GDPR. 

Like the GDPR, the DPDP Act extends its jurisdiction to foreign companies dealing with personal data of data principles within Indian territory under section 3(b). It has a similar extraterritorial reach and prescribes a penalty of up to Rs 250 crores in case of breaches. However, the Act or DPDP Rules, 2025, which are currently under deliberation, do not elaborate on an enforcement mechanism through which foreign companies can be held accountable. 

Lessons for India’s DPDP on Managing Extraterritorial Application 

1. Clarity in Definitions: GDPR clearly defines ‘personal data’, covering direct information such as name and identification number,  indirect identifiers like location data, and, online identifiers that can be used to identify the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person. It also prohibits revealing special categories of personal data like religious beliefs and biometric data to protect the fundamental rights and freedoms of the subjects. On the other hand, the DPDP Act/ Rules define ‘personal data’ vaguely, leaving a broad scope for Big Tech and ad-tech firms to bypass obligations. 
2. International Cooperation: Compliance is complex for companies due to varying data protection laws in different countries. The success of regulatory measures in such a scenario depends on international cooperation for governing cross-border data flows and enforcement. For DPDP to be effective, India will have to foster cooperation frameworks with other nations. 
3. Adequate Safeguards for Data Transfers: The GDPR regulates data transfers outside the EU via pre-approved legal mechanisms such as standard contractual clauses or binding corporate rules to ensure that the same level of protection applies to EU citizens’ data even when it is processed outside the EU. The DPDP should adopt similar safeguards to ensure that Indian citizens’ data is protected when processed abroad.
4. Revised Penalty Structure: The GDPR mandates a penalty structure that must be effective, proportionate, and dissuasive. The supervisory authority in each member state has the power to impose administrative fines as per these principles, up to an upper limit set by the GDPR. On the other hand, the DPDP’s penalty structure is simplistic and will disproportionately impact smaller businesses. It must take into regard factors such as nature, gravity, and duration of the infringement, its consequences, compliance measures taken, etc.
5. Governance Structure: The GDPR envisages a multi-tiered governance structure comprising of   

• National-level Data Protection Authorities (DPAs) for enforcing national data protection laws and the GDPR, 
• European Data Protection Supervisor (EDPS) for monitoring the processing of personal data by EU institutions and bodies,  
• European Commission (EC) for developing GDPR legislation
• European Data Protection Board (EDPB) for enabling coordination between the EC, EDPS, and DPAs

In contrast, the Data Protection Board (DPB) under DPDP will be a single, centralized body overseeing compliance and enforcement. Since its members are to be appointed by the Central Government, it raises questions about the Board’s autonomy and ability to apply regulations consistently. Further, its investigative and enforcement capabilities are not well defined.

Conclusion 

The protection of the human right to privacy ( under the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights) in today’s increasingly interconnected digital economy warrants international standard-setting on cross-border data protection. In the meantime, States relying on the extraterritorial application of domestic laws is unavoidable. While India’s DPDP takes measures towards this, they must be refined to ensure clarity regarding implementation mechanisms. They should push for alignment with data protection laws of other States, and account for the complexity of enforcement in cases involving extraterritorial jurisdiction. As India sets out to position itself as a global digital leader, a well-crafted extraterritorial framework under the DPDP Act will be essential to promote international trust in India’s data governance regime.

Sources

• https://gdpr-info.eu/art-83-gdpr/ 
• https://gdpr-info.eu/recitals/no-150/ 
• https://gdpr-info.eu/recitals/no-51/ 
• https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf 
• https://www.eqs.com/compliance-blog/biggest-gdpr-fines/#:~:text=ease%20the%20burden.-,At%20a%20glance,In%20summary 
• https://gdpr-info.eu/art-3-gdpr/ 
• https://www.legal500.com/developments/thought-leadership/gdpr-v-indias-dpdpa-key-differences-and-compliance-implications/#:~:text=Both%20laws%20cover%20'personal%20data,of%20personal%20data%20as%20sensitive. 

‍

Executive Summary
‍

A video of Prime Minister Narendra Modi is being widely shared on social media with the claim that he is being “made up” or styled by a team, with users attempting to mock him using the footage. The clip is being circulated with misleading captions suggesting it shows the Prime Minister undergoing makeup and grooming by a dedicated team. CyberPeace Foundation Research Wing, in its research, found that the viral claim is false. In fact, the viral video is not recent, but from 2016. At that time, a statue of PM Modi was to be installed at Madame Tussauds Museum. A team of artists and experts visited the Prime Minister's residence to take measurements for the statue. This misleading claim has been circulating on social media for several years. We have previously fact-checked this claim and exposed the truth.

‍

Claim

‍

An X user named “Adv Shubham” shared the viral video on May 27, 2026, with the caption:“This is how Modi Ji is styled…”The post also claims that the Prime Minister is regularly “made up” by a team.

• https://x.com/AdvShubhamllb/status/2059682034289946746
• https://perma.cc/FVM9-PQBP

‍

‍

‍

Fact Check

‍

The viral video is not recent. It dates back to 2016 and is related to a completely different context. During the investigation, we found the same footage on the official YouTube channel of Madame Tussauds London, uploaded on March 16, 2016.

• https://youtu.be/l5uLM76OFVU?si=H1iq_tkybwzd44jL

‍

‍

According to the video details, it shows the process of taking measurements for a wax statue of Prime Minister Narendra Modi for installation at Madame Tussauds. A team of artists and experts had visited the Prime Minister’s residence in Delhi for this purpose.

‍

Conclusion
‍

The viral claim that Prime Minister Narendra Modi is being “made up” by a team is false. The footage is from 2016 and shows a measurement session conducted for his wax statue at Madame Tussauds Museum.

‍

Introduction
‍

The rise of artificial intelligence has transformed how individuals search for information, buy and compare products online. Unlike the traditional search engines like Google  that presents the user with a set of links and directs users to websites, AI-powered systems provide synthesised answers and recommendations which means we don't have to click through every link to find what we are looking for, we simply have to ask an LLM and it provides recommendations based on our needs expressed through prompt. This development has raised important legal and commercial questions, one such question was addressed in the judgement of Indiamart Inter Mesh Limited v. Open AI Inc. and Others (2026 SCC OnLine Cal 5738) decided by HMJ Ravi Krishan Kapur of Calcutta High court on 20 May 2026. If an AI platform becomes a primary source of information, can a business demand inclusion in its responses? Is it a legal injury if the LLM omits a business? More fundamentally, how do the existing laws classify technologies that not only process information, but also generate new content? These were the questions that came before Calcutta High Court. Although the dispute arose from Indiamart’s complaint regarding visibility on ChatGPT search, the judgement explored beyond the disagreement between two private entities.

‍

The Dispute
‍

IndiaMart is one of India’s largest electronic business-to-business marketplaces since 1996, serving millions of buyers and sellers across India. They also have registered trademarks and their entire business depends on visibility on the internet considering the digitalisation of the market. Open AI launched ChatGPT search in October 2024, which is a feature that supplements AI responses with links to relevant web sources. Indiamart alleged that ChatGPT was not displaying links to their online platform in the same way that it displayed links to other competing services or individual sellers. A major grievance raised by Indiamart was that ChatGPT allegedly bypassed IndiaMart market listings by directing users to sellers’ individual websites while continuing to provide platform level links for other competing platforms. Hence, they contended that this practice diverted users away from their platform and negatively affected their business interests. The company argued that such exclusion amounted to discriminatory treatment and resulted in economic harm, diluted its trademarks and amounted to disparagement. They alleged that it violated their rights under article 14, 19, 21 under the constitution and rights under IT Act and IT Rules also. When IndiaMart sought an explanation from OpenAI, the company stated that its decision was influenced by the inclusion of IndiaMart in the United States Trade Representative (USTR) Review of Notorious Markets for Counterfeiting and Piracy 2024, a U.S. government report that identifies online and physical marketplaces alleged to facilitate intellectual property infringements. IndiaMart challenged this justification, arguing that the USTR report has no statutory or binding force in India. It further alleged selective discrimination, pointing out that several other platforms featured on the same USTR list including DHGate, Pinduoduo, Shopee, and Taobao continued to remain accessible through ChatGPT-generated responses. Consequently, IndiaMart approached the Calcutta High Court seeking interim relief directing ChatGPT to display and provide access to IndiaMart links in its responses.

‍

ARGUMENTS BEFORE THE COURT

‍

IndiaMart's contentions: They argued that ChatGPT, because its search feature, performs the role of an "intermediary" within the meaning of Section 2(1)(w) of the IT Act and is therefore required to comply with the obligations imposed under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Relying on Rule 3(1)(n), IndiaMart argued that an intermediary cannot engage in discriminatory treatment of platforms or selectively restrict access to information. IndiaMart further maintained that users have a right to access information relating to its platform and that the omission of IndiaMart links from ChatGPT's responses violated this interest. They alleged violation of Articles 14, 19, and 21 of the Constitution, along with the broader principle of a user's "right to know", to argue that OpenAI owed an obligation to display IndiaMart listings in response to relevant queries. In addition, IndiaMart alleged that the exclusion of its links caused commercial harm, diluted its trademarks, amounted to disparagement, and constituted an unfair trade practice that adversely affected its business and reputation.

OpenAI's contentions: OpenAI asserted that IndiaMart had no legally enforceable ‘Right to visibility’ on ChatGPT. They argued that neither contract, statute, nor constitutional law imposed any obligation on OpenAI to display, prioritise, or recommend IndiaMart links in response to user queries. In the absence of any recognised legal right, there could be no actionable injury and therefore no valid cause of action. OpenAI also challenged the classification of ChatGPT as an "intermediary" under the Information Technology Act, 2000. According to OpenAI, ChatGPT does not merely host, transmit, or facilitate access to third-party content but also generates responses through its large language model (LLM) and therefore functions more closely as an "originator" than an intermediary. Consequently, the obligations applicable to intermediaries under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including those relied upon by IndiaMart, were inapplicable. With respect to the USTR Notorious Markets List, OpenAI submitted that its reliance on the report formed part of its internal risk-management and business policies. Such decisions, it argued, were matters of private commercial judgment and not ordinarily subject to judicial review. OpenAI further pointed out that IndiaMart had also previously blocked ChatGPT from accessing and crawling its website that weakened the company's demand for greater visibility within ChatGPT-generated responses.

Court’s decision: The court rejected Indiamart's claim that they were entitled to be displayed in ChatGPT searches. The court emphasised the autonomy of private businesses, the court held that the right to carry on trade and business is "inviolable" and that no law can compel one private entity to operate their platform for the benefit of another, which is based on foundational economic philosophy of laissez faire. Unless there is a contractual, statutory or constitutional obligation, a platform has no duty to the other platform to promote or advance their economic interest. Applying this principle, the court found no such duty or “vested legal right” that entitled IndiaMart’s visibility on ChatGPT. The court reasoned that even if users possess the ‘right to know’, Indiamart could not convert that interest into an enforceable claim under article 19(1)(g) or other legal provision. The court looked at the dispute as one arising from commercial disadvantage rather than violation of any legally protected right. Although the reduced visibility may have had economic consequences, economic harm does not by itself create a cause of action.

The court also took into consideration whether ChatGPT should be classified as an intermediary under Section 2(1)(w) of the Information Technology Act, 2000 or as an originator under Section 2(1)(za). This was an important distinction, because the intermediaries can claim safe harbour protection under section 79 of the IT act, but the originators cannot. The court expressed a preliminary view that ChatGPT is generative capabilities, place it closer to an originator than an intermediary because, unlike conventional search engines, which identify and rank existing information, Generative AI systems, analyse the data and produce new output based on algorithms, which is in response to the user’s prompt. The Court also referenced the NITI Aayog National Strategy for Artificial Intelligence (pages 7 to 12) to support its observations that ChatGPT does not merely store, host or transmit information, it can produce essays, research material, code, creative writing, and other forms of content that did not previously exist in that exact form, hence extending beyond the conventional understanding of an intermediary. The court also recognised that it is a vexed issue and remains unsettled because AI systems operate in response to users instructions and do not function independently, which is why the court refrained from providing a definitive classification and acknowledged that the question may ultimately require legislative clarification as well.

In addition to this, the Court took the view that the IndiaMart’s grievances did not amount to an Intellectual property dispute, as they found no trademark infringement or dilution because any reference to the "IndiaMart" mark was merely descriptive and did not constitute commercial use "in the course of trade" under Section 29(4) of the Trade Marks Act. IndiaMart also hadn’t demonstrated any false or misleading use of its trademark.

Similarly, the Court found that claims of disparagement, trade libel, and injurious falsehood were unsustainable because such claims require the publication of a false statement that harms reputation and since ChatGPT had not published any derogatory statement about IndiaMart, the mere omission of links could not amount to disparagement or libel. The Court relied on Tech Plus Media v. Jyoti Janda, that allegations of unfairness or copyright infringement must be supported by specific pleadings and evidence.

Beyond the immediate dispute, the judgment shed light on the growing difficulty of applying legal categories created for an earlier internet era to generative AI systems. The Information Technology Act was enacted at a time when internet regulation focused primarily on websites, service providers, and electronic communications and therefore existing classifications may not adequately address the hybrid nature of contemporary AI technologies. The Court acknowledged OpenAI's concern that granting IndiaMart's request could trigger floodgates of litigation on similar claims from businesses dissatisfied with AI-generated visibility, however, it clarified that such concerns cannot outweigh genuine legal claims or fundamental rights. The Court suggested that legislative intervention may eventually be necessary.

‍

Conclusion
‍

This judgement not only addressed the visibility issue in AI generated responses, but also whether visibility itself can become a legally protected interest in AI-driven searches? As more and more users rely on AI generated output for their preference rather than traditional search engine output, the power to decide what information is displayed and what is not will eventually become economically significant. The Calcutta High Court through this judgement declined to create any such right through judicial interventions and also highlighted that the existing legal framework is not adequately equipped to address the novel challenges posed by generative AI.

‍(This blog is based on the judgment in Indiamart Inter Mesh Limited v. Open AI Inc. and Others, 2026 SCC OnLine Cal 5738, decided on May 20, 2026 by the Calcutta High Court, and related reporting by LiveLaw and SCC Times.)

‍

References
‍

• https://www.livelaw.in/high-court/calcutta-high-court/no-right-to-visibility-exists-on-private-ai-platforms-calcutta-high-court-refuses-to-direct-chatgpt-to-display-indiamart-links-536891
• https://www.scconline.com/blog/post/2026/06/03/chatgpt-intermediary-originator-it-act-calcutta-high-court/
• https://indiankanoon.org/doc/198449710/

‍