This Article is written by Shambhavi Singh of Symbiosis Law School, Hyderabad
Introduction
The increasing usage of the internet has called into question the basic concept of privacy. Privacy is exceedingly difficult to control in the post-internet and media platforms world. As a corollary, the debate over the right to be forgotten has gone on for a longer period, with numerous landmark decisions and legislations in various parts of the world. The Delhi High Court has recently heard a case involving a variation of the privacy rights known as the right to be forgotten. 'Right to be forgotten' mentions the ability to include public details, personal information erased out of all online resource, records, webpages, and other public platforms once it is no longer relevant. In 2014, the first documented implementation of the Right to Be Forgotten occurred. In Spain, an individual requested Google to delete links which have an old newspaper story about his previous bankruptcy case[1]. That story no longer mattered because his debts had been paid in full. As a consequence, it was decided in the European Court of Justice against Google, stating that a European Union individual might also have his confidential info removed from a searchable database under specific situations. Of course, this decision is not applicable outside of the EU's borders. The PDP Bill, which establishes standards for the protection of persons' data, includes a section on the right to be forgotten. The Bill, however, has yet to become law, and the JPC that is reviewing it has allegedly requested time until the Winter Session of Parliament later this year to give its findings on it. Meanwhile, the current regime governing digital data, the Information Technology Rules, 2011, contains no provisions relating to the right to be forgotten. According to the PDP Bill, "the right to privacy is a basic right, and it is vital to preserving personal data as an essential element of informational privacy," and "personal data" is defined as "data about or pertaining to a natural person who is directly or indirectly identifiable[2]." Despite the lack of rules on the right to be forgotten, the Delhi High Court allegedly compelled Google and an Indian legal website earlier this year to remove material about an American citizen of Indian heritage[3]. Data fiduciaries are expected to conduct periodic evaluations to evaluate if the personal data in their control needs to be retained. In contrast to the right to deletion, Bill 2019, Clause 9 does not give data subjects the right to dispute whether personal data is being retained for longer than needed to ensure that the objective for which it is handled or to request removal of private data at the end of processing.
Nevertheless, as earlier mentioned, the data principal has a basic rule under Clauses 53 and 54 to make a lawsuit with the Administration if it feels the data fiduciary's actions are unjust, as well as a right under Clause 72 to challenge the Authority's judgment to the Appellate Tribunal. Clause 10 of the 2018 Bill imposed a limit on user information preservation, allowing data trustees to keep personal data only for as much as was objectively reasonable to satisfy the purposes for which it was collected. Through the complete analysis of the topic the author will try to communicate the requirement of this right to be forgotten under our constitution.
Background
The right to be forgotten is not the same as the protection of privacy. The right to confidentiality protects data that is not in the public sphere, but the right to be forgotten safeguards widely known information in public by making it impossible for third parties to access it. The inability to compel the removal of information stored by firms outside the jurisdiction is one of the limitations of applicability in a jurisdiction. Although the right to be forgotten is an inherent right that preserves an individual's reputation, supporters of free speech believe that if it is applied outside of the European Union, it may be used as a weapon for censorship. Authoritarian regimes can utilize this to delete material that casts them in a negative light or to publish information that they would not otherwise publish in the public domain[4]. The Personal Data Protection Bill was tabled in Lok Sabha on December 11, 2019, to establish laws for the prevention of misuse of personal data. "Right to be Forgotten" is detailed in Chapter V, chapter 20 of this draught bill with the heading "Rights of Data Principal." It focuses that "data principal (the person to whom the data is connected) should have the right to restrict or prevent a data fiduciary from continuing to disclose his data." Under the Right to be Forgotten, users can de-link, restrict, remove, or correct the release of their information that is held by data controllers. A data fiduciary is any individual, whether the sovereign, a company, a legal entity or an individual, who decides the goal and methods of personal data processing alone or in partnership with others. Nonetheless, the vulnerability of private information cannot be chosen independently by the party involved; instead, the Data Protection Authority will be in charge of monitoring it. This means that, while the draft law allows a data principal to demand that his or her material be removed, such petitions must be authorised by the DPA's Adjudicatory Officer. While evaluating the data principal's demand, this officer will have to consider the vulnerability of the personal data, the scale of the exposure, the amount of availability sought to be reduced, the significance of the data principal in mainstream society, and the kind of disclaimer, among other factors.
In general, the right to be forgotten is based on larger principles than data privacy. The danger to individuals' privacy posed by mass scrutiny and big data collection and rectification by both citizens and commercial actors have emerged as the most pressing issues of the day. In response to algorithmic governance, RTBF may provide the optimum answer by granting a restricted power to remove.[5] The main goal of such given rights is not to interfere with the remembrance; rather, it’s to restrict the impact of discovering knowledge and analysis of the collected data and to restore balance in the power relationship between people and surveillance and other marketing information systems. Moreover, issues extend beyond double options between releasing and erasing data, and even far off the formal existant of a lawful right. We can consider the overall topic of information self-supervision as a possible technological problem in this media-dependent world, where each human is provided with the ability to govern various degrees of exposure using technological methods. As a result, we will see several rings of disclosure: family, job, and medical services.
Judicial Precedents
There have been certain instances when the Right to be Forgotten has been invoked to some extent:
· In the case of Manjit Singh vs State of Delhi[6]the issue was heard in April 2016 by the Delhi High Court after a Delhi financier sought that information about his marital dispute be deleted. He stated that this is because the matter was already resolved, it was unnecessary to make it public. The High Court has requested responses from Google and other web search providers by September 19, whereupon the bench will continue to investigate the subject.
· In January 2017, the Karnataka High Court affirmed the RTFB of a woman who went to court to annul a marriage. She said she had never married the man whose name appeared on the certificate. After the matter was concluded, the woman's father requested that her identity be deleted from search engines since her name was still appearing in searches for criminal cases in the high court.
· The Delhi High Court heard a case in February 2017 in which a man requested that details about his wife and mother be removed from search rankings. The person thought that the search engine results for his name were limiting his future employment prospects.
· In his concurring opinion in Justice K.S. Puttaswamy (Retd.) & Anr. v/s Union of India & Ors[7]., Justice S. Kaul stated that "the right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet." This would be subject to exclusions in the interest of individual liberty and data adherence with legal duties, national good, and other similar considerations.
There is presently no legal norm for the right to be forgotten, but if this is accepted, people may no longer have to pursue legal action to have content on search engines removed. This lawsuit may well have far-reaching consequences for India's ability to be forgotten as well as search engines.
Conclusion
Whereas the right to be forgotten has now been viewed as a potential threat to individual liberty, the breadth of its planned application has been limited, at minimum according to the sparse information available through Google's public report[8]. The RTBF has been condemned in some quarters for abusing data protection at the cost of free speech, but those who make that case often miss the fact that we've had mechanisms in place to remove links to objectionable information online. Virtual mediators are already deleting occurrences on demand, particularly when it comes to regulatory structures such as the copyright claim and removal method. Notwithstanding, the execution of the General Data Protection Regulation should put much of the debate to settle, with outliers to the right to delete for freedom of expression and other contexts such as online document management and the interests of society making potential hazardous interruptions much more complicated. Future research in this area may go into wider issues.
[1] Vinod Joseph and Protiti Basu, India: Right Of Erasure - Under The Personal Data Protection Bill 2019, (23 December 2019),https://www.mondaq.com/india/data-protection/877732/right-of-erasure--under-the-personal-data-protection-bill-2019. [2]Kunal Garg, Right to be Forgotten in India: A Hustle over Protecting Personal Data, https://www.indialawjournal.org/a-hustle-over-protecting-personal-data.php. [3] Jithendra Palepu, The Personal Data Protection Bill 2019: Do you have the Right to be Forgotten from the Internet?, (18 September 2020), https://www.theleaflet.in/the-personal-data-protection-bill-2018-do-you-have-the-right-to-be-forgotten-from-the-internet/. [4] Radhika Iyer , Lakshmi Pradeep and Anshul Chopra, India: The Personal Data Protection Bill, 2019, (7 January 2020), https://www.mondaq.com/india/data-protection/880766/the-personal-data-protection-bill-2019?type=mondaqai&score=93. [5] Andres Guadamuz, Developing a Right to be Forgotten, Researchgate (October 11, 2021), https://www.researchgate.net/publication/320985071_Developing_a_Right_to_be_Forgotten. [6]Manjit Singh vs State of Delhi, 209 (2014) DLT 475 , 2 (2014), [7] K.S. Puttaswamy (Retd.) & Anr. v/s Union of India & Ors, (Civil) No. 494 of 2012. [8] Kunal Garg, Right to be Forgotten in India: A Hustle over Protecting Personal Data, https://www.indialawjournal.org/a-hustle-over-protecting-personal-data.php.
Comments