Constitutional Law

Recognition of the Right to be forgotten in India

By Arya Gupta

Introduction

In the new age of the Internet, the World Wide Web has eased the process of gathering and sharing information with just a single click. With loads of data scattered around online platforms, websites, and databases, the information spreads at an unimaginable speed. This, in turn, gives fodder to problems like the procurement of personal information of an individual, data infringement, and matters of its privacy. The Supreme Court, in its landmark judgment of K.S. Puttaswamy v. Union of India held that the right to privacy is a fundamental right under Article 21 of the Indian Constitution.”

The data available online is prone to misuse, mishandling and could be subjected to a violation of one’s privacy. The Delhi High Court remarked, Information in the public domain is like toothpaste, once it is out of the tube one can’t get it back in and once the information is in the public domain it will never go away”. In the global arena, there’s an increasing demand for bringing in the ‘Right to be Forgotten’ or ‘Right to erasure’, which lacks a legislative sanction in India. This right can empower people to control their existing personal information online, and remove previous irrelevant records surfacing on the Internet. The need for this right was drawn back from the French Jurisprudence of ‘Right to Oblivion’.

Regulation in European Countries

In 1995, for the very first time, European Union Data Protection Directives brought into consideration the acknowledgment of the right to be forgotten. All the EU Countries will be guaranteed the ‘right to obtain’ by the entity which processes the personal data, and the rectification or blocking of the same. In the case of Google Spain SL & Agencia Espanola de protection de Datos (AEPD)the plaintiff demanded the withdrawal of certain links from Google searches that mentioned records of bankruptcy proceedings against him. He argued that the data available against him hampers his future business endeavors, and is unviable to be kept in the public eye. Eventually, the European Union Court of Justice ordered Google to delink those search results and stated that the fundamental right to privacy shall always prevail over the economic interest of commercial firms.

The EU complies with the General Data Protection Regulation (GDPR) which follows the conditions for the application of the right to be forgotten and requires entities, processing personal data, to inform third parties regarding requests for erasure of links to any personal information. GDPR legislates on various aspects of data privacy and its intrinsic feature of the Right to be forgotten, as the lawfulness, fairness, and transparency of the data with legitimate purpose and its accuracy for storage limitation and minimization and the data controller handling confidentiality and managing accountability.

Need for Legislative Sanction for Personal Data Protection Bill, 2018 

India has one of the largest IT sector industries with numerous data sciences and blockchain technologies at work; still, it lacks legislative provisions to secure data and protect its privacy. Right to privacy ensures that data is not circulated in the public domain and ensures secrecy to an individual. Whereas, the Right to be forgotten gives an individual the right to request the removal of personal information that is publicly known, and restrict its access to third parties on the Internet. Also, when the data becomes irrelevant and inadequate to be kept for too long, it becomes pertinent that the original source has the choice to get it removed.

The B.N. Srikrishna Committee Report has considered Personal Data Protection Bill to be of great relevance & emphasized the urgency of the said bill. “Section 20 of the Bill speaks about the right of an individual to prevent the disclosure of the personal information after the purpose is served for which it was given or after the withdrawal of consent or after it was made contrary to the PDB Bill or any other law in force.” It is to be noted that only when an order is passed by the adjudicating officer, who is appointed as per the provisions of the bill, the said right granted under Section 20 is enforceable. While passing such orders, the officer is supposed to consider the sensitivity of personal data, the scale of disclosure, and the degree of its accessibility to the public. Besides these considerations, the relevance of personal data to the public, and the nature of disclosure, and the previous records of the individual are also the factors at play while enforcing Section 20.

Unfortunately, many cases of data theft, revenge porn, fake information, fake cases, and defamation/slandering, floats on online databases. The strong legislative provisions of the Personal Data Protection Bill must be employed to put a decisive end to these problems.

The Stance of Indian Judiciary on Right to be Forgotten

In India, the matter of the right to be forgotten was brought before the Gujarat High Court in the case of Dharamraj Bhanushankar Dave v. State of Gujarat & Ors., where the petitioner pleaded the Court to remove his name from the acquittal order of a 2001 murder and criminal conspiracy case from a law portal, while he was migrating to Australia. But his petition was turned down by Justice RM Chhaya on the grounds of the absence of certain legal provisions of the right to be forgotten in India. 

If we look into the case of Jorawar Singh Mundy v. Union of IndiaMundy, an American citizen approached Delhi High Court claiming that his previous acquittal case under NDPS Act, 1985 & its judgment appears on ‘Google’, ‘Indian Kanoon’, and ‘vLex.in’, and when he traveled back to his native country, he was unable to get a job, and all his efforts were sullied as his name appeared on the Google searches. While delivering the verdict, Justice Pratibha M. Singh remarked that irreparable prejudice has been caused to the social life and career prospects of the petitioner, despite his acquittal in the 2013 Custom v. Jorawar Singh Mundy case. The Delhi High Court granted him interim relief by asking Google to remove the judgment from its search results and Indian Kanoon to block the judgment. 

In a case with identical facts, the Madras High Court has remarked that “There is no doubt concerning the fact that the moment Judge records an order of acquittal, the identity of a person as an accused is completely wiped out”. This judgment paved a way for the acknowledgment of the right to be forgotten in India.

Following the timeline, the recent case of Zulfiqar Ahman Khan v. MS Quntillion Business Media Pvt. Ltd where the petitioner demanded the removal of two articles on ‘Quint.com’ that alleged him for sexual harassment under the #MeToo Movement. The petitioner claimed that he is a well-known personality and the published article had tarnished his image and harmed his repute in the market. In its judgment, Delhi High Court provided the petitioner with some interim relief and followed further that the Right to be Left Alone and the Right to be forgotten are inherent aspects of the right to privacy. 

In the case of Subhranshu Rout v. the State of Odishathe accused and the petitioner belonged to the same village and were classmates. The accused raped her (the petitioner) when nobody was in the house and recorded objectionable photos and videos of her. In addition, he threatened to kill her if she discloses the incident to anyone. When the petitioner confronted her parents, the accused circulated her objectionable images on the social media platform to cause her more harm, and taint her reputation in public. When the court intervened, the objectionable images/videos were removed from the online platform. Further, the court recognized that due to the absence of any legislation, it is difficult to operate on the practicalities and technological mechanism, where the photos cannot be deleted permanently from the server. This incident demands the Right to get deleted.

In a recent similar case in December 2020, there was a case reported by a Bengali Actress whose inappropriate video from a web series shoot was leaked and circulated on YouTube and other online websites. Upon further requests from the director, the video was taken down but within no time the video circulated like a wildfire. It may still be surfacing on some URLs because there is no method to check its presence over the Internet. This resulted in a traumatic experience for the actress, loss of reputation, being subjected to insults and humiliation, and loss in professional endeavors. This incident shows a dire need for legal provisions related to the Right to Control existence on the internet. 

In the Puttaswamy judgment of 2017, Justice Sanjay Kishan Kaul observed that the “Right of an Individual to exercise control over his data and to be able to control his/her own life would also encompass his right to control his existence on the Internet.”   

Conclusion

“There’s a fine line that separates judicial transparency and the right to be forgotten.” The cases mentioned on different occasions in the blog underline the need for recognition of the Right to be forgotten in the Indian Judicial System, as an intrinsic part of the Right to Privacy. The legislature, if enforces the right to be forgotten as the only judicial recourse, must follow a check and balance mechanism between the right to get deleted and the Right to information in the public interest. The Indian lawmakers must follow a checklist of data subjects’ privacy rights such as the right to be informed about the processing of data and its reach; the right of access to data to the public eye or not; the right to rectification of personal data; the right to the erasure of data that is no longer relevant or appropriate; the right to restrict processing of data; the right to object the visibility, reach and withdrawal of data, the right to data portability; The rights concerning automated decision making and data profiling.

In a nutshell, the Personal Data Protection Bill, 2018 must be enforced by the lawmakers, while recognizing the Right to be forgotten in India, which can be in conformity with the rules and functions of the General Data Protection Regulation of the EU.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s