Right To Be Forgotten
AUTHOR: VAISHNAVI VATS, BANASTHALI VIDYAPEETH, JAMNALAL BAJAJ SCHOOL OF LEGAL STUDIES
INTRODUCTION
The concept of the Right to be forgotten refers to one’s right to have his/her personal information removed from every “public source”, like websites, internet search engines, and other similar platforms, once such information renders irrelevant or unnecessary. The origin of the right to be forgotten took place in the year 1995, by European Union’s first legislation enactment on “Personal Data Protection” also called as Directives, however, the legislation did not directly address the right, reading Article 12 and 6(1)(e) together gave an interpretation to Right to be Forgotten.
After being indirectly recognized in this legislation, while addressing the question related to Data Protection Directives’ application to activities of search engines and its interpretation, it was found in the case of Google Spain v. AEPD & Mario Costeja Gonzalez[1] by the European Court of Justice that:
- “The court discovered that in respect of their search results, search engines were data controller;
- The data protection law of Europe does apply to the data processing of European Union’s citizens, even in a case where the relevant data is being processed outside of the European Union;
- Further, the court explained that this right to be forgotten applies to irrelevant data as well as outdated data available online, in the search results, with the only exception when such data is required to remain for the public interest.”
However, this decision given by the Court of Justice received high criticism, as people were perceiving it as a blow to their right to freedom of speech. As a consequence of this case, European Union continued to work and provided with new legislation on protection of data namely General Data Protection Regulation (GDPR), repealing the old directives, GDPR came into force in the year 2018, the data protection law’s territorial application has been expanded by this legislation, and unlike the directives it directly included right to be forgotten in it, under Article 17 which states that, “the data subject has a right against the controller to get his data erased on followings grounds:
- Such data is no longer needed to be stored,
- The Data is processed unlawfully,
- The data subject has withdrawn his consent etc.
WHAT IS THE POSITION OF THE RIGHT TO BE FORGOTTEN IN INDIA?
The founders of the Indian Constitution did not recognize the right to be forgotten in India, and they’re also doesn’t exist legislation that properly recognizes the same. To consider the position of this right there is a requirement to look over the position the right to privacy hold in the country, as the right to be forgotten is a facet of citizens’ right to privacy.
Although the citizens’ right to privacy was also originally not included in the Constitution the recent landmark judgment in the case of Justice K. S Pettaswamy (Retd.) and Anr. V. Union of India and Ors[2] has held that the right to privacy is a fundamental right protected under Articles 14, 19, 21 of the Constitution of India. The mention of the right to be forgotten can only be found under section 228A of Indian Penal Code, Section 20 of Protection of Child from Sexual Offences Act, these sections prohibit rights’ applicability in the cases of sexual offenses against children and women, apart from these sections the current data protection law that is Information technology Act of 2000, section 43A of the same provides an obligation on the corporate body to perform such reasonable actions which are necessary for the protection of the personal information, but it fails to recognize an individual’s right to be forgotten.
However, after a long debate a bill was drafted namely: The Personal Data Protection Bill 2018, it was presented by the Ministry of Electronics and Information Technology for the first time before Parliament on 11th December 2019, however it was sent back for conducting a detailed analysis by consulting experts as well to the Joint Parliamentary Committee, however, the Bill is still pending for the assent of Parliament due to the intervention of the pandemic: COVID-19. Section 27 of this bill explains the right to be forgotten, under which a right to restrict the disclosure of one’s personal data is given to that person i.e., “data principal” only by the virtue of “data fiduciary”.
However recent developments through decisions of Indian Courts have specifically raised the question relating to the right’s recognition based on foreign decisions.
THE ROLE OF THE INDIAN JUDICIARY
The right to be forgotten has been discussed in several cases by the Indian judiciary, which is as follows:
In the case of K.S. Puttaswamy v. Union of India[3] the Supreme Court of India while holding that right to privacy or to be left alone is an integral part of an individual’s autonomy also recognized the importance of the right to be forgotten in the same way it has been described in the General Data Protection Regulation (GDPR) i.e. “it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/information is no longer necessary, relevant, or is incorrect and serves no legitimate interest.”
While stating its judgment the Supreme Court of India has also described the limitations that apply to this right: like the right to be forgotten cannot be exercised where such information in issue is required to exercise the right to information and freedom of speech and expression, where to comply with a certain legal obligation such information is required, where for the public health or public interest a task requires the use of such information, in case of historical research, or scientific research if such information is required then can be used without worrying the interruption of right to be forgotten, or in a case where such information is required for defense or exercise of legal claims.
The High Court of Gujarat and Karnataka on the other hand has given an opposite view on the concept of the Right to be forgotten. The Gujarat High Court in the case of Dharamraj Bhanushankar Dave v. State of Gujarat & Ors[4] the high court did not recognize the right to be forgotten per se, in this case, a petition was filed to remove a judgment in which he had been acquitted, though the judgment was a non-reportable one, then also it was published by the respondent on the internet, hence hindering his professional and personal life. Court held that as per its rule judgment’s copy can be given to any party by Assistant Registrar’s order and because the petitioner has failed to prove a violation of his right under Article 21 of the Constitution, hence did not grant the removal of judgment and did not recognize the right to be forgotten as well.
However, in the case of Sri Vasunathan v. The Registrar General[5], a petition was filed for the removal of only the petitioner’s daughter’s name from cause title because it is easily accessible on a simple search and hence would result in causing harm to the reputation of the daughter. Court decided on the favor of the Petitioner and ordered for the removal of the same while recognizing the right to be forgotten.
In a judgment[6] given by the Delhi High Court on 25th May 2021, the court ordered that “The question as to whether a Court order can be removed from online platforms is an issue which requires examination of both right to information as well as right to privacy and right to maintenance of transparency in judicial records, such issue can be adjudicated by this Court.”
The court gave the judgment by relying on the case of K.S. Puttaswamy, and Subhranshu Rout v. The State of Odisha[7] where the court examined applicability and aspect of this right to be forgotten with the right to privacy and international law, the court observed that “petitioner is entitled to interim protection.”
WHAT CONFLICT CAN ARISE BETWEEN THE RIGHT TO PRIVACY AND INFORMATION REGARDING PERSONAL DATA?
The Right to Information Act of the country states that the citizen of India can access the information which is under public authorities control, however, this right has some exceptions given under section 8 of the said Act, and out of those exceptions, as per S.8(1)(j) of the RTI Act “no citizen will be given any access about personal information, there should be no disclosure of that personal information does not relate with the public interest, or if by giving access of such information would result in causing invasion of privacy of the person with whom the information is related, unless Central or State Public Information Officer or appellate authority, thinks that such information’s disclosure is necessary for the larger public interest.
However, the Personal Data Protection Bill,2018 has proposed an amendment to this subsection of the RTI Act in its second schedule, by stating, “personal data need not be disclosed under the RTI Act if such disclosure is likely to cause ‘harm’ to a data principal, where such ‘harm’ outweighs the public interest in accessing such information having due regard to the common good of promoting transparency and accountability in the functioning of the public authority. The proposed amendment to the RTI Act also states that terms such as ‘personal data, ‘data principal’, and ‘harm’ shall have the meaning assigned to such terms in the bill”[8]
CONCLUSION
In this digital world, there is a huge amount of information that is available on different platforms of the internet, hence that makes it possible to get access of personal information of any person only by typing his/her name in the search engines, which threatens their reputation at the same time. The pendency of the Personal Data Protection Bill at this time, only makes the right to be forgotten unstable and to be the cherry on the cake the high court of the country are issuing statements that contradict each other. This shows that granting this right to be forgotten will hinder other fundamental rights of people in the process like the right to freedom of speech, information, press. Despite all these issues, the bill is still required to be passed, in order to address the disputes of ownership on personal data, therefore, the bill is the need of the hour, and should be passed by the Parliament as soon as possible.
[1] ECLI:EU:C: 2014:317
[2]AIR 2017 SC 4161
[3] AIR 2017 SC 4161
[4] Special Civil Application No. 1854 of 2015
[5] Writ Petition No. 62038 of 2016
[6] Jorawer Singh Mundy v. Union of India & Ors. W.P.(C) 3918/2021
[7] BLAPL NO. 4592 OF 2020
[8] https://www.mondaq.com/india/privacy-protection/860598/the-right-to-be-forgotten–under-the-personal-data-protection-bill-2018