- Recently, a reality show contestant has approached the Delhi High Court with a plea seeking the removal of his videos, photographs and articles etc. from the internet citing his “Right to be Forgotten (RTBF)”
- In the plea, the petitioner also maintains that the “Right to be Forgotten” goes in sync with the “Right to Privacy”, which is an integral part of Article 21 of the Constitution (Right to Life).
- It is the right to have publicly available personal information removed from the internet, search, databases, websites or any other public platforms, once the personal information in question is no longer necessary, or relevant.
- The RTBF gained importance after the 2014 decision of the Court of Justice of the European Union (“CJEU”) in the Google Spain case.
- RTBF has been recognised as a statutory right in the European Union under the General Data Protection Regulation (GDPR)
- It has been upheld by a number of courts in the United Kingdom, and in Europe.
- In India, there is no law that specifically provides for the right to be forgotten. However, the Personal Data Protection Bill 2019 recognised this right.
- Information Technology Act, 2000 provides for safeguard against certain breaches in relation to data from computer systems.
- It contains provisions to prevent the unauthorized use of computers, computer systems and data stored therein.
Personal Data Protection Bill
- In December, 2019, the Personal Data Protection Bill was introduced in Lok Sabha. It aims to set out provisions meant for the protection of the personal data of individuals.
- Clause 20 under Chapter V of this draft bill titled “Rights of Data Principal” mentions the “Right to be Forgotten.”
- It states that the “data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary”.
- Therefore, broadly, under the Right to be forgotten, users can de-link, limit, delete or correct the disclosure of their personal information held by data fiduciaries.
- A data fiduciary means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.
- Even so, the sensitivity of the personal data and information cannot be determined independently by the person concerned, but will be overseen by the Data Protection Authority (DPA).
- This means that while the draft bill gives some provisions under which a data principal can seek that his data be removed, his or her rights are subject to authorisation by the Adjudicating Officer who works for the DPA.
- While assessing the data principal’s request, this officer will need to examine the sensitivity of the personal data, the scale of disclosure, degree of accessibility sought to be restricted, role of the data principal in public life and the nature of the disclosure among some other variables.
- Conflict with Public Record: Right to be forgotten may get into conflict with matters involving public records.
- For instance, judgments have always been treated as public records and fall within the definition of a public document according to Section 74 of the Indian Evidence Act, 1872.
- The RTBF cannot be extended to official public records, especially judicial records as that would undermine public faith in the judicial system in the long run.
- Individual vs Society: Right to be forgotten creates a dilemma between the right to privacy of individuals and the right to information of society and freedom of press.
- There must be a balance between the right to privacy and protection of personal data (Article 21) and the freedom of information of internet users (Article 19).
- A comprehensive data protection law must address these issues and minimize the conflict between the two fundamental rights that form the crucial part of the golden trinity (Articles 14,19 and 21) of the Indian constitution.
SOURCE: THE HINDU,THE ECONOMIC TIMES,MINT