This article is authored by Akash Krishnan, a student from ICFAI Law School, Hyderabad. It discusses in detail the interplay between the right to privacy, the right to information and the right to be forgotten in both national and international contexts.
Table of Contents
Introduction
The concept of “Right to be Forgotten” actually originated with the case Google Spain vs. Maria Costa Gonzalez (2014) where Maria Costa argued that when Google search turned up an auction notice of his repossessed home from back in 1998, that somehow being out there was a violation of his right to privacy.
He complained that his data had been violated by the newspaper and Google. When the matter went to the Spanish Data Protection Authority, they held that the newspaper alters its news on a daily basis and is not obliged to revoke the publication whereas Google processes the personal data of its users, therefore, it was asked to delete the personal data of Maria Costa.
On 24 August 2017, India’s Supreme Court declared the Right to Privacy as a fundamental right, but it seems that it is just mentioned in the Constitution, which has not been practically followed by some entities. Data is like water, if not given proper direction it will overflow and cause an overwhelming effect on one’s life. Nevertheless, it is the government’s prime duty to protect the personal data of its citizens.
The Right to be Forgotten reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them. The Right to be Forgotten is different from the Right to Privacy. The Right to Privacy includes information that is not public whereas, the Right to be Forgotten involves removing information that was publicly known at a certain time and not allowing third parties to access the information anymore. This law has been under practice only in the EU and Argentina since 2006 and no other country recognizes such laws, as it contradicts the right to information. Even countries like the US never implemented such a law as it restricts the right to freedom of speech which strongly collides with the first amendment of the US Constitution.
Want to gather news Google it, want to buy some product Google it, want to search for restaurants Google it, want to find nearby hotels Google it; so every time we use these platforms to do our chores, these so-called digital apps steal and sell user data without permission. Stealing user data on a large scale reflects malicious intentions of maximum companies to know the market position of a country which is a clear violation of fundamental rights.
Personal Data Protection Bill, 2019
Subsequent violation of personal data by these entities pushed the Indian government to introduce this Bill. The Bill places additional responsibilities to data entities processing all the data fiduciaries are required to implement security safeguards such as data encryption and preventing misuse of data and they must set up a grievance mechanism to address the complaint of individuals. It also covers the institutional mechanism for age verification and parental consent while processing personal data for children. Further, social media intermediaries use users data above a certain limit and these actions can impact electoral democracy. However, critics of this Bill Justice B.N Srikrishna pointed out some loopholes and blamed the government for intruding on the private data of its citizens by revising this Bill.
Right to be forgotten
The government appointed a panel led by Justice B.N Srikrishna to make a law on data protection which suggested the need to have a balanced approach on the Right to be Forgotten in specific circumstances will require the Right to Privacy rebalanced with the Freedom of Speech.
The committee also stated that the right to confirmation, access and correction needs to be included in the data protection law. Right to be Forgotten refers to the ability of individuals to delete or correct the disclosure of personal information on the internet i.e. misleading and embarrassing. Also, information that is irrelevant or outdated, disclosure of such data may or may not be a consequence of unlawful processing. Therefore, the main question arises whether the Right to be Forgotten is feasible in the era of cloud computing where data is treated as a jewel.
Disagreement on the meaning of the right to be forgotten
Even before the Srikrishna committee recommendations, there was a dispute on the meaning of the term “Right To Be Forgotten”, because there is something called the Right to Erase which refers to deleting information from the very source itself. The Data Protection Authority and the adjudication wing of the data authority will make such assessments. There are some conflicting rights here, on one hand, we have individual rights with the principle to restrict disclosure of data; on the other hand, we have the right to information of other people, the right to freedom of speech and expression with continuing disclosure of information. Now, the problem arises when all of these rights come into conflict and become messy and difficult, but yet the committee has decided in this regard.
Background and history
Right to be Forgotten first came into the light in the European Court of Justice when it decided the case of Google Spain vs. Maria Costa Gonzalez and the question was that he wanted all the records of his past convictions to be removed. So, Google Spain then contended that the petitioner has no right to ask for the eraser. The Advocate General also said that the petitioner’s Right to Privacy could not replace the right for the public to know. However, the decision was in favour of the petition.
Need of the right to be forgotten
It is important in the age of the internet because there are all sorts of search engines that are popping up and when people surf through any content, then sometimes search results are manipulated and results that harm the reputation of a person. These days the perception created on the internet lingers much wider than the actual reality represents. Moreover, there have been cases where a person was accused of ‘n’ number of crimes and after a few years, it was found that the accused person has been pronounced not guilty, but whatever articles which were published about his crime and role that he may have played continued to haunt him forever and ever. The attribution of being a criminal without even committing an offence imposes a large impact on an individual’s life. There have been issues where people upload obscene or vulgar videos on the internet which emotionally hurt the sentiments of other people throughout his/her life; because they don’t have access to get that data deleted permanently. The concept of the Right to be Forgotten ultimately balances the favour of privacy with the right of individuals.
If a person has committed a crime and served his sentence, he/she doesn’t have a right to delete the entire history; of course, people have a right to know what he did in the past but at the same time a mechanism should exist where he doesn’t have to suffer throughout whole life reminding of the crime. In the cases of false accusations, there should not only be a Right to be Forgotten but also the right to get that data deleted.
Implementation mechanism of this law in India
Unlike the European situation, in India, we have established a Data Protection Authority, so any requests need to be decided first by the Data Protection Authority or adjudicating officer before a company or data fiduciary is obligated to take down the content. It is also necessary as companies often end up over complying because they would rather avoid any issues occurring than go with these above-mentioned authorities for the correction measures. Determinations about whether it is a public interest to retain that information, making it harder for the company and also difficult to comply.
It is to be noted that there is a quasi-judicial officer arbitrator of a public administrative agency who will be looking at this issue and decide whether it can be invoked or not.
The role of an adjudicating officer is to decide whether this information should be de-linked or taken down or shouldn’t be made available for disclosure anymore. These criteria include the sensitivity of the personal data, the scale of the disclosure, and the role of the data principal in public life.
Issues
There are different types of search engines; some are transparent in nature, simply giving the results of what has been searched; whereas some search engines keep collecting data from different websites without looking at individual details. They apply artificial intelligence to display search results. So, lawmakers need to ensure that the Right to be Forgotten should be balanced in favour of privacy but at the same time, it should not become a right to censorship for the government and people. It has been submitted to the government and public consultation will be held.
Till the Srikrishna committee recommendations were tabled, India didn’t have any framework regarding this law and in Puttaswamy judgment, Justice Sanjay Kishan Kaul had spoken about the Right to be Forgotten and identified that an individual’s life is subject to evolve and data should be protected.
Importance of data fiduciary
Data fiduciary process personal data, in this law there is a concept of fiduciary where a relationship of trust exists. In India, the relationship of the data controller and data subject has not been taken into consideration but it is there in the European Union General Data Protection Regulation, 2016 (EU GDPR).
In India, trust lies in the core of this relationship where an individual shares his data with an entity such as Facebook, Google or Amazon etc. He does so for a particular purpose so he should have control and autonomy over his data, and that is where the concept of data fiduciary comes in.
Balancing between the right to information and the Right to be Forgotten
The imposition of the Right to be Forgotten needs to be accompanied by a certain limit as the Right to Information is already there in the Constitution. There have been cases where some criminals have been relieved after completing the tenure of their punishment and have been given the chance to move on, the other question is what extent and type of offences are to be forgiven and what are the offences that cannot be forgotten or cannot be removed. Thus, the balance needs to be maintained.
Possibility to be completely forgotten
As technology gets more enhanced it is quite difficult to completely forget, the traces always remain. Moreover, if a data fiduciary or service provider wants to collect user data, they have to state the objective and purpose very carefully and when the objective and the purpose is served then technically data can be withdrawn. Furthermore, data entities can no longer use data without the consent of their users. So, the ownership of data and the informed consent for the purpose of data collection is now being settled in the favor of individuals and customers.
Important cases
In Karthick Theodore v. Madras High Court (2021), the Madras High Court observed that an accused person is entitled to have their name redacted from the judgments or orders and more particularly the ones that are available in the public domain and accessible through search engines. Coming to this conclusion the Court noted that it is the duty of the Court to protect the Right to Privacy and the Right to Reputation of individuals till the legislature enacts the Data Protection Act. It further stated that the legislature should include an objective criterion to deal with pleas of redaction of names of accused persons who are acquitted from criminal proceedings when it enacts the Data Protection Regime.
In Jorawer Singh Mundy vs. Union of India (2021), an American Citizen, namely Jorwar Singh Mundy sought a direction against Indian Kanoon for removal of the Delhi High Court’s verdict in an NDPS Act case against him, wherein he was acquitted of all charges. He claimed that the availability of the judgment online was a stain on his social image. The Delhi HIgh commenting on the Right to be Forgotten observed that the Right to be Forgotten entitles individuals to have information, videos or photographs about themselves deleted from certain internet records so that search engines cannot find them. It further noted that this right enables a person to silence the past events of his life that are no longer occurring.
In Dharamraj Bhanushankar Dave v. State of Gujarat (2017), the Gujarat High Court was dealing with a case wherein the accused was acquitted for the offences criminal conspiracy, murder and kidnapping. The petitioner contended that the judgment should not be published on the internet as it was detrimental to the reputation of his personal and professional life. However, the High Court held that such publication was not a violation of Article 21 of the Indian Constitution and that there was no legal provision that afforded such a right to the petitioner to bar the publication of a judgment in the public domain.
In {Name Redacted} vs The Registrar General (2017), the Karnataka High Court while upholding the Right to be Forgotten and observed that this would be in line with the trend in the western countries where they follow this as a matter of rule. Right to be Forgotten should be upheld in sensitive cases involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned.
Conclusion
The Supreme Court interpreted the Right to Privacy in its landmark case, which was a very expansive interpretation but also recognizes it as a matter of public interest. If this provision becomes law then there is a need for judicial determination, which should be made before the content is taken down. There is no private party that is going to make the decision but a quasi-judicial body that gives comfort as well as a sense of satisfaction to the people.
There are cases where the court would be condoling for example – in cases of sexual harassment or marital dispute, which is often displayed on the first search result. It is quite sensitive for judges to know the fact that this kind of information is public and cannot be deleted.
Lawmakers also need to take note of certain elements, for example, the law formulated must not collide with freedom of speech and expression as India doesn’t have statutory rights, so a holistic approach needs to be taken.
References
- https://www.hindustantimes.com/india-news/right-to-be-forgotten-left-alone-inherent-aspects-of-privacy-hc-101630000703655.html#:~:text=The%20Delhi%20high%20court%20has,of%20protection%20to%20their%20privacy.&text=It%20is%20also%20significant%20because,to%20Life%20and%20Personal%20Liberty.
- https://indianexpress.com/article/opinion/right-to-be-forgotten-privacy-vs-freedom-ashutosh-kaushik-7438554/
- https://www.mondaq.com/india/privacy-protection/1103662/the-right-to-be-forgotten
- https://thewire.in/law/right-to-privacy-a-glimpse-of-a-right-to-be-forgotten.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/L9vr7LmS9pJjYTQ9
Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.
