Found your selfie on a weight-loss ad you never endorsed, or your wedding portrait on a stranger's matrimonial profile? This is image misuse, and Indian law treats it as a stack of cyber offences. You can demand a 24-hour takedown under IT Rules 2021 Rule 3(2)(b), file a free complaint at cybercrime.gov.in, and recover your reputation without hiring a lawyer in most cases.
Quick answer. Capture screenshots with the URL and timestamp visible, file a Rule 3(2)(b) takedown email to the platform's Grievance Officer, register a National Cyber Crime Reporting Portal (NCRP) complaint at cybercrime.gov.in, and call 1930 if money was involved. For deepfakes or sexualised images, the Information Technology Act 2000 §66E and §67A plus the Bharatiya Nyaya Sanhita 2023 §336 and §351 apply. Most platforms remove infringing images inside 36 hours when the notice cites the right rule.
Image misuse is the unauthorised use of your photograph or face on a profile, advertisement, product label, dating app, or social post that you did not consent to. It covers fake testimonial ads, stolen wedding portraits on matrimonial sites, recycled selfies on fake Instagram profiles, doctored deepfakes, and recycled photos on Telegram groups. The Information Technology Act 2000, the Bharatiya Nyaya Sanhita 2023, the Copyright Act 1957, and the Digital Personal Data Protection Act 2023 each grant a separate remedy.
Several overlapping statutes apply, and your complaint should cite the strongest combination.
The Ministry of Electronics and Information Technology Grievance Appellate Committee (GAC) at gac.gov.in is the appeal route if a platform refuses or ignores your takedown notice.
Follow this order; jumping steps weakens the chain of evidence.
If money has changed hands (a fake-testimonial ad sold a fraud product to a relative, for example), dial 1930 immediately; the golden hour rule lets the bank reverse credits before they exit.
Without evidence your complaint dies at the first hearing. Build the file before you confront anyone.
You have five parallel doors. File on all five for serious misuse; the platform route is fastest, the cybercrime route carries criminal weight.
Every major platform has a built-in report flow. Pick the most specific reason - “Pretending to be me”, “Intellectual property violation”, “Non-consensual intimate imagery”, or “Scam or fraud” - not the generic “I don't like this”. Specific reasons hit the Trust and Safety queue, not the bulk-moderation queue. Save the report reference number; you will need it for the email follow-up.
Every significant social media intermediary publishes a Grievance Officer name, email, and Indian postal address on its website. Email the takedown notice (template below) to that address with the screenshots attached. Mark a copy to the platform's Resident Grievance Officer if it qualifies as a Significant Social Media Intermediary. The 24-hour clock for intimate or morphed content and the 72-hour clock for other content starts at your timestamp.
Open cybercrime.gov.in, choose “Report Other Cybercrime” (or “Report Women and Child Related Crime” if the image is sexualised or you are female). Fill the form, upload the evidence ZIP, and note the acknowledgement number. The portal forwards the complaint to your jurisdiction's cyber cell, which is bound to respond. Track the status using the same number.
If the platform refuses or ignores your takedown after 24 to 72 hours, file an appeal at gac.gov.in within 30 days. The GAC is a statutory body under IT Rules 2021 Rule 3A and can order removal. Upload the takedown email, the platform's reply (or proof of silence), and the evidence.
If your face is on a product ad you never endorsed, file at the Central Consumer Protection Authority via the e-Daakhil portal or send the complaint to the ASCI Consumer Complaints Council at ascionline.in. The CCPA Guidelines on Endorsements (2022), under the “Know Your Endorser” duty, hold the advertiser and the platform jointly liable for a falsely-attributed endorsement.
Some misuse demands an FIR, not just a portal complaint.
Walk into the nearest cyber police station with a printed copy of the NCRP acknowledgement, the evidence pen drive, and a one-page complaint letter. Ask for a Zero FIR if the misuser's location is unknown; any station must accept it under the Bharatiya Nagarik Suraksha Sanhita 2023 §173. If the station officer refuses, escalate the same day to the Deputy Commissioner of Police (Cyber) via email; quote BNSS §173(4) which permits a written complaint to the Magistrate.
Send this to the platform's Grievance Officer. Replace bracketed fields. Keep it under one A4 page. Attach the evidence ZIP under 10 MB.
Subject: Takedown notice under IT Rules 2021 Rule 3(2)(b) - unauthorised use of my photograph at [URL] To, The Grievance Officer, [Platform Name], [Registered Indian address] Sir or Madam, 1. I am [Full name], an Indian citizen residing at [city, state], holder of Aadhaar masked as XXXX-XXXX-1234 (or any government ID). 2. On [date], I discovered that my photograph has been used without my consent at the following location on your platform: URL: [full URL] Handle: [username] Upload timestamp: [as shown on platform] 3. The photograph in question was taken by me (or commissioned by me) on [date] and is my personal data and copyrighted work. I have never granted permission, license, or assignment to the account holder above, to your platform, or to any third party for this use. 4. The above use violates: a. Information Technology Act 2000, §66C (identity theft) and §66D (cheating by personation); b. Information Technology Rules 2021, Rule 3(1)(b)(ii) and Rule 3(2)(b); c. Copyright Act 1957, §51; d. Digital Personal Data Protection Act 2023, §12 (right to erasure); e. My right to publicity, recognised as an aspect of privacy in K S Puttaswamy v Union of India (2017) 10 SCC 1. 5. I hereby formally request your good office to: a. Remove the above content within 24 hours under Rule 3(2)(b); b. Suspend the offending account pending investigation; c. Preserve all server logs, IP addresses, and account metadata of the misuser for 180 days under IT Rules 2021 Rule 3(1)(j) for production to law enforcement; d. Send a written confirmation of action to this email. 6. Annexures: A1. Screenshots of the offending post (4 pages). A2. Screen recording (MP4, 32 seconds). A3. Wayback Machine archive URL. A4. Original photograph file with EXIF metadata. A5. Government ID for identity verification (masked). 7. In default, I shall escalate to the MeitY Grievance Appellate Committee under Rule 3A and to the National Cyber Crime Reporting Portal, and reserve the right to pursue criminal and civil remedies under the laws cited above. Signed, [Full name] [Email] [Mobile] [Date]
A takedown is only half the job. The cached copies, screenshots saved by strangers, and search-engine snippets keep circulating for weeks.
A 28-year-old graphic designer in Pune discovered her engagement photo on a stranger's matrimonial profile in Hyderabad. She filed the in-app report on the matrimonial site at 10 a.m., sent the Rule 3(2)(b) email at 10:30 a.m., filed the NCRP complaint at 11 a.m., and called 1930. The site removed the profile at 4 p.m. the same day. The cyber cell traced the IP to a Hyderabad cyber cafe and registered an FIR under IT Act §66C and BNS §336. Total spend: zero. Total time: 18 days from discovery to FIR.
A 41-year-old yoga teacher in Bengaluru found his face on a Telegram channel selling a weight-loss powder, with a fake testimonial in Hindi he had never given. He filed the Telegram in-app report, sent the takedown email, and filed an ASCI complaint plus an e-Daakhil case naming the brand under the Consumer Protection Act 2019 §21 and the CCPA Endorsement Guidelines. The Telegram channel went down in five days, ASCI upheld the complaint in 21 days, and e-Daakhil awarded ₹75,000 compensation in eight months.
Yes, but be careful. Under the Copyright Act 1957 §17, the photographer is the first owner of a commissioned photograph unless your contract assigns the copyright to you. For the takedown, you can sue on your right to publicity and right to privacy (Puttaswamy 2017), and you can also ask the photographer to sign a one-line co-complainant letter so the copyright limb is locked. If the photographer is unresponsive, file on the privacy and IT Act grounds alone; that is enough for a Rule 3(2)(b) takedown.
Yes. Information Technology Act 2000 §66C and §66D do not require the misuser to use your legal name; misusing your “unique identification feature” (which includes your face) is enough. The platform reporting flow lists this exact scenario under “Pretending to be someone else” on Instagram and “Impersonation” on Facebook and X. Cite the section number in the email for a faster queue.
Information Technology Rules 2021 Rule 3(2)(b) gives 24 hours for content depicting an individual in a sexual act, in nudity (full or partial), or in any morphed image. Other categories (impersonation, copyright, scam) fall under Rule 3(1)(d) with a 36-hour acknowledgement and 72-hour action window. If the platform misses the clock, escalate to the MeitY Grievance Appellate Committee.
Yes. You have three routes. (i) File a civil suit for damages under tort for breach of privacy and right to publicity, citing Puttaswamy 2017; (ii) file at the District Consumer Commission via e-Daakhil if a brand profited from the false endorsement, citing Consumer Protection Act 2019 §21 and the CCPA Endorsement Guidelines; (iii) ask the Magistrate to compound the offence on the criminal side with a compensation order under the Bharatiya Nagarik Suraksha Sanhita 2023 §395. The civil route is slowest but pays the most; the consumer route is fastest.
The platform will only share the IP and account metadata in response to a court order or a Section 91 BNSS notice from the investigating officer. File the NCRP complaint first; once the cyber cell registers the case, the officer can serve the notice. Until then, your job is to keep the evidence preserved and the platform's logs alive. The Rule 3(1)(j) preservation request in your takedown email gives the platform 180 days to keep the logs.
Use the National Cyber Crime Reporting Portal “Report Women and Child Related Crime” category, which routes to a fast-track cyber cell. Cite IT Act §66E, §67, and §67A; Bharatiya Nyaya Sanhita 2023 §79 and §336; and IT Rules 2021 Rule 3(2)(b). The 24-hour clock is mandatory. Also use the StopNCII.org hash-matching tool which prevents re-upload of the same file across Meta, TikTok, Bumble, and OnlyFans. Read the sibling guide on deepfake blackmail recovery for the medical and counselling layer.
Three parties are jointly liable. (i) The advertiser, under Consumer Protection Act 2019 §21 and the CCPA Endorsement Guidelines, for a misleading advertisement; (ii) the endorser - but here the misuser pretended to be the endorser, so the misuser is criminally liable under IT Act §66D; (iii) the platform, under IT Rules 2021 Rule 3(1)(b)(ii), if it does not remove the ad on notice. File one CCPA complaint naming all three.
Yes, and many lawyers recommend it. A legal notice via registered post or email under the Indian Contract Act 1872 §63 and the Code of Civil Procedure 1908 §80 (if a government body is involved) gives the misuser 15 days to remove and apologise. If they comply, you save the litigation cost. If they ignore, the notice becomes Annexure A in your suit and helps prove malice for higher damages. The notice does not stop you from filing the parallel NCRP and platform routes.
Cite Digital Personal Data Protection Act 2023 §12 (right to erasure) and IT Rules 2021 Rule 3(1)(b)(ii). The DPDP Act applies to any data fiduciary processing your personal data, regardless of whether you are their user. Send the takedown to the app's Data Protection Officer (mandatory contact under DPDP §10 for significant fiduciaries) and copy the Data Protection Board of India. If the app still refuses, file at gac.gov.in and at the Data Protection Board once it becomes operational.
Yes. It is copyright infringement under Copyright Act 1957 §51 (if you or your photographer hold the rights), passing-off under common law, and unfair trade practice under Consumer Protection Act 2019 §2(47). Send a cease-and-desist legal notice citing all three, file a police complaint for forgery under Bharatiya Nyaya Sanhita 2023 §336, and write to the municipal commissioner to remove the hoarding under the local advertising bylaw. Carry photos of the hoarding and a copy of your own original.
Six habits cut the risk by 80 per cent. (i) Keep your Instagram, Facebook, and matrimonial profiles set to followers-only or private. (ii) Watermark public photos with a low-opacity name in the corner. (iii) Add a “Do not use without permission” line to your bio. (iv) Use reverse-image search (Google Images, TinEye, Yandex) on your own face once a month. (v) Do not give the full-resolution photo to a photographer without a written assignment of rights. (vi) Sign up at StopNCII.org if you have ever shared intimate images with a partner; the hash database blocks re-upload.
The 10 question blocks above use `==== Q? ====` H3 syntax which the sitewide schema-auto.js script parses into a FAQPage JSON-LD block at render time. Do not add an inline `<script type=“application/ld+json”>` block; it renders as visible code.
Editorial illustration, 1200 by 630, soft glassmorphic style. A young Indian woman in a teal kurta sits at a marble table holding a phone that shows a billboard-style fake advertisement of her own face captioned “Miracle Cure”. On the table, a printed checklist titled “Takedown in 30 minutes” with boxes for “Screenshot”, “Wayback”, “Rule 3(2)(b) email”, “cybercrime.gov.in”, “1930”. Background shows a pastel city skyline with a faint sketch of the Indian flag and a small icon of a Supreme Court pillar. Mood: calm, determined, citizen-empowerment. No real human faces, no logos, no text errors. Aspect 1.91:1.