Ghibli Under Scrutiny: State Cyber Cells Warns Data Privacy Threats

Introduction

The Ghibli Trend involves using Artificial Intelligence (hereinafter referred to as "AI") tools and heavy filters to alter images and videos, making them look like they belong in a Studio Ghibli film¹. The trend has gained popularity across social media platforms. It was recorded that Chatgpt's usage surged after it introduced image generation capabilities. Compared to Late March Global app downloads and weekly active users on the ChatGPT app grew 11% and 5%, respectively, from the prior week, while in-app purchase revenue increased 6%². Seeing this surge, even the CEO requested users to limit usage due to the strain on platform's servers.³

Artificial Intelligence and Personal Data

In the present scenario, users are becoming part of active data collection practices by explicitly presenting their personal images to AI platforms without knowing the consequences of the same. A study by Pew Research Center indicates that 56% of users do not read privacy policies before using online services or applications⁴. This widespread lack of engagement with privacy policies means that many users are unaware of how their data is collected, used and potentially shared Looking at the privacy policies of AI platforms, it can be analyzed that personal information can be processed to train AI models or develop new programme unless the user opt-outs.

For instance, Open AI's Privacy Policy states that, "Content provided by the user to improve services can be used to train models that power ChatGPT. Users can opt-out of this training, once opt-out, new conversations will not be used to train AI models⁵." Similarly, Grok's (Twitter's AI tool) privacy policy states that, "publicly available information is used to train AI models. Users can opt-out from this training, however, feedback which is voluntarily provided subsequent to such opt-out, shall still be used for training purposes"⁶.

The above usage has sparked several privacy concerns as users increasingly share personal photos and engage with AI-powered platforms:

• Irreversible Nature of Biometrics Data: Unlike passwords, facial data cannot be changed once compromised. This can lead to the creation of deepfakes or may lead to identity frauds. For instance, in the data breach of BioStar 2, a company which uses facial recognition and fingerprinting technology to identify users, massive amount of biometric data was breached leading to criminal frauds.⁷
• Account Compromise Risks: If a user's device or login credentials are compromised, attackers can gain access to entire accounts further demonstrating the misuse of stored personal information. A report shows that use of stolen credentials was involved in 77% of breaches within the basic web application attacks pattern.⁸
• Web Scraping: It is the automated process of extracting information from websites including text, images, videos and metadata, which is then analyzed or stored for various uses. As Open AI collects information which is publicly available on the internet to develop the AI models that power their services⁹, the Studio Ghibli trend, can scrape social media platforms, art-sharing sites, and AI-generated content repositories to collect user photos, facial data and personal Metadata without consent.
• For instance, The French Data Protection Authority (CNIL) fined Clearview AI, a facial recognition company which collected metadata and information from the photos that are publicly available on the internet and social media platforms and used them without informing the users as part of their normal business operations (stated in their privacy policy).¹⁰To know more about web scraping, read our article at: https://ssrana.in/articles/web-scraping-and-personal-data-legal-and-ethical-boundaries-in-ai/
• Uninformed Consent: There is a risk that Ghibli could be used to infer implied consent when users upload photographs featuring individuals who have not provided explicit permission or are unaware of their image being shared.
• Identity Thefts and Deepfakes: Deepfake technology powered by AI filters poses direct risks of identity theft. Fraudsters can craft realistic synthetic images or videos to impersonate victims, bypassing-facial recognition systems to commit financial or reputational fraud.¹¹
• Forced consent: Users can only opt-out from AI training by visiting the Open AI Privacy Portal. This means that users who are unware of these policies or never read such policies may give forced consent to training.¹²
• Children's Data: The Digital Personal Data Protection Act, 2023 (hereinafter referred to as "DPDP") defines child as an individual below 18 years of age and thus processing of children's data can only be done with verifiable parental consent. ChatGPT though requires parental consent, it fails to ensure that the consent should be verifiable which may lead to processing of children's data who may not fully understand the implications of uploading images.¹³

Steps taken by Authorities to Protect Data

Considering rising cyber-frauds and data privacy risks, the authorities have warned about the rising Studio Ghibli frauds. Fake e-commerce sites, deceptive emails, and bogus social media profiles are being used to steal personal and financial data. Additionally, Artificial Intelligence (hereinafter referred to as "AI") platforms collecting biometric data could enable deepfakes if breached. The police has urged the residents to stay alert and vigilant by verifying the authenticity of social media profiles and websites, avoiding freebie, using trusted platforms and reporting suspicious activities on national cybercrime portal or on its helpline number 1930.¹⁴

Soon after, the Maharashtra Cyber Cell also issued a Public Advisory dated April 11, 2025¹⁵ to warn citizens about the usage of Ghibli art. The advisory stated that AI applications could allow foreign entities to misuse sensitive data as Ghibli art requires permission to the user's photo gallery to convert images and the same can be used to train AI models.¹⁶

Beyond these scams, the legal experts caution that AI tools trained on or producing Ghibli-like visuals without authorization may infringe international copyright protections, since any reproduction, adaptation or transformation of a copyright work requires the copyright holder's permission under the copyright laws of different jurisdictions¹⁷. In light of the same, Asian News International (ANI) Media, has filed a copyright infringement suit against Open AI claiming that Open AI is illegally scraping freely available information from its website without authorization. The case is currently being heard by the Hon'ble Delhi High Court.¹⁸

Conclusion

Such developments directly impact the rights of Data Principals (users) under the newly enacted Digital Personal Data Protection Act, 2023 which mandates the right to access personal data being processed, the right to correction and erasure of personal data and the right to withdraw consent at any time by ensuring that the opt-out options are provided transparently, instead of just a mention in the policies.

Footnotes

1. https://deepsense.in/ghibli-trend-risks-explained-in-detail/

2. https://www.reuters.com/technology/artificial-intelligence/ghibli-effect-chatgpt-usage-hits-record-after-rollout-viral-feature-2025-04-01/

3. https://economictimes.indiatimes.com/tech/artificial-intelligence/our-team-needs-sleep-openai-ceo-sam-altman-urges-users-to-slow-down-ghibli-style-image-requests/articleshow/119749783.cms?from=mdr

4. https://www.pewresearch.org/short-reads/2023/10/18/key-findings-about-americans-and-data-privacy/

5. https://openai.com/policies/row-privacy-policy/

6. https://x.ai/legal/privacy-policy

7. https://www.vpnmentor.com/blog/report-biostar2-leak/

8. https://aembit.io/blog/credential-and-secrets-theft-insights-from-the-2024-verizon-data-breach-report/

9. https://openai.com/policies/row-privacy-policy/

10. https://www.edpb.europa.eu/news/national-news/2022/french-sa-fines-clearview-ai-eur-20-million_en Clearview AI Privacy Policy available at: https://www.clearview.ai/privacy-policy

11. https://www.thomsonreuters.com/en-us/posts/government/identity-theft-drivers/

12. https://privacy.openai.com/policies

13. https://openai.com/policies/row-privacy-policy/

14. https://www.tribuneindia.com/news/chandigarh/ghibli-art-cops-warn-of-data-privacy-threat/

15. Maharashtra Ghibli Art Advisory available at: https://mhcyber.gov.in/documents/20117/719335/Ghibli+Art+-+Advisory.pdf/8e721476-b1f8-ceab-25de-1d35defa138d?t=1745389819547

16. https://www.news18.com/india/ghibli-trend-risks-data-privacy-concerns-cyber-fraud-maharashtra-cyber-cell-warning-9299302.html

17. https://www.theippress.com/2025/03/31/ghibli-ai-art-and-copyright-the-copyright-dilemma-of-ghibli-style-creations-and-the-looming-legal-battles-ahead/

18. CS(COMM) 1028/2024

For further information please contact at S.S Rana & Co. email: info@ssrana.in or call at (+91- 11 4012 3000). Our website can be accessed at www.ssrana.in

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.