This article has been written by Buddhisagar Kulkarni pursuing the Diploma in Business Laws for In-House Counsels from LawSikho. This article has been edited by Ruchika Mohapatra (Associate, Lawsikho) and Prashant Baviskar (Associate, Lawsikho). 

Introduction

The popularity of the internet has brought into question the very concept of privacy. When compared to pre-internet and social media times, privacy is extremely difficult to implement. As a result, the argument over the (RTBF) right to be forgotten has raged on for a very long time, with numerous landmark decisions and legislations in many parts of the globe.

In the age of data-driven surveillance, the target frequently emerges from data obtained, saved, or preserved against a person or group of people. The capacity or competency of individuals to restrict, de-link, remove, or amend the publication of private information on the internet that is deceptive, humiliating, irrelevant, or outdated is referred to as the right to be forgotten. 

In the absence of a data protection regulation that restricts the fundamental right to delete useless and defamatory private data from the online space, the right to be forgotten has attracted significant attention in India.

Right to be forgotten in the Indian setting

There is no formal provision in the existing Indian data protection law, the Information Technology Act, 2000, or its provisions, that grants an individual the right to be forgotten. The Right to Be Forgotten is part of an individual’s right to privacy, which is governed by the Personal Data Protection Bill (“the PDP Bill”), which Parliament has yet to pass.

The Supreme Court declared the right to privacy a fundamental right in its landmark decision in Justice K.S. Puttaswamy v. Union of India in 2017. According to the court at the time, the right to privacy is protected as an inherent part of the right to life and personal liberty under Article 21 and as part of the freedoms assured by Part III of the Constitution. The latest draft of the PDP Bill, as noted by the Orissa High Court in Subhranshu Rout Gugul v. State of Odisha, acknowledges the RTBF and provides the power to limit or avert the continued disclosure of their private information when:

1. information has served the purpose for which it was accumulated or is no longer required for the said purpose; 
2. it was made with the permission of the person, whose permission was then withdrawn; or 
3. it was made in violation of other provisions of the PDP Bill or other law in force.

Personal Data Protection Bill and right to be forgotten

The Personal Data Protection Bill was introduced in Lok Sabha on December 11, 2019. Its goal is to establish provisions for the safeguarding of individuals’ data.

The “Right to be Forgotten” is mentioned in Clause 20 of Chapter V of the draft bill captioned “Rights of Data Principal”. It states that in certain circumstances, a ‘data principal’ — or the person who produces the information or to whom the information pertains — has the right to ask a ‘data fiduciary’, which is any unit that holds or processes such information, to “limit or prevent the persisting disclosure of his data”.

In general, users can de-link, restrict, remove, or rectify the disclosure of their personal data collected by data fiduciaries under the Right to be Forgotten. A data fiduciary is defined as any person, including the State, a corporation, any legal entity, or any person, who specifies the intent and means of processing personal data alone or in collaboration with others. Nonetheless, the susceptivity of personal information cannot be treated separately by the person in question but will be monitored by the Data Protection Authority (DPA). This implies that, while the proposed bill contains provisions allowing a data owner to request the removal of his or her data, such requests must be approved by the DPA’s Adjudicating Officer.

The DPA’s Adjudicating Officer will need to consider the susceptivity of the personal data, the scope of the divulgence, the extent of accessibility sought to be constrained, the involvement of the data principal in public life, and the nature of the divulgence, among other things, when evaluating the data principal’s request.

Jorawer Singh Mundy v. Union of India & Ors.

Justice Pratibha M. Singh addressed the subject of one’s Right to Privacy and Right to be Forgotten, as well as the general public’s Right to Transparency of Judicial Records, in the case named Jorawer Singh Mundy vs. Union of India & Ors.

Facts of the case in a nutshell

• The Petitioner contention is that he is an American citizen of Indian descent who handles assets and real estate portfolios, among other things.
• When he visited India in 2009, he was charged under the Narcotics Drugs and Psychotropic Substances Act (NDPS). 
• However, in a decision dated April 30, 2011, the trial court cleared him of all allegations.
• Following that, an appeal was filed disputing the trial court’s verdict, and on January 29, 2013, a Single Judge of the Delhi High Court sustained his release in Crl. A. No. 14/2013 named Custom v. Jorawer Singh Mundy.
• When the Petitioner returned to his native country, he encountered considerable challenges in his professional life because the High Court’s decision on appeal was available on Google for any possible employer who wished to run background checks before hiring him.
• Due to the aforementioned issue, the Petitioner at first requested that the said decision be removed from Google India (Respondent No. 2), Google LLC (Respondent No. 3), Indian Kanoon (Respondent No. 4), and vLex.in (Respondent No. 5). Nevertheless, except Respondent No. 5, none of the other Respondents complied with the Petitioner’s request.
• As a result, the current Writ petition was filed, requesting that instructions be made to the Respondents to remove the said judgement from all of the Respondents’ respective platforms, respecting the Petitioner’s Right to Privacy under Article 21 of the Constitution of India.
• The legal question that the Hon’ble Court had to decide in this case was how to reconcile the Petitioner’s Right to Privacy with the Right to Information of the Public and the preservation of openness in judicial records if a Court order is withdrawn from internet platforms.
• The Hon’ble Single Bench, relying on an interim order issued by the same Judge in an earlier civil suit, Zulfiqar Ahman Khan vs M/S Quintillion Business Media Pvt. Ltd. & Ors., and an order issued by the Orissa High Court in the case of Subhranshu Rout v. State of Odisha, BLAPL No.4592/2020, was of the prima facie view that while the legal problems are being decided by the Court, the Petitioner is allowed to some interim relief.
• As a result, Google India and Google LLC were ordered to delete the ruling in Custom v. Jorawer Singh Mundy, dated January 29, 2013, from its search results.
• Additionally, Indian Kanoon was ordered to prevent the stated judgement from being viewed by search engines such as Google/Yahoo, etc., until the next hearing date.
• The Union of India was asked to ensure that the Court’s directives in the aforementioned order were followed.

Other case laws on right to be forgotten

In 2016, the Kerala High Court issued an interim order compelling Indian Kanoon to erase the name of a rape victim, which was disclosed on its website alongside two judgements obtained by the Kerala High Court in Writ petitions filed by her, in Civil Writ Petition No. 9478 of 2016. The court acknowledged the Petitioner’s right to privacy and reputation without using the phrase “right to be forgotten.”

In the matter of Dharamraj Bhanushankar Dave vs State of Gujarat, Special Civil Application No. 1854/2015, however, in 2017 the Gujarat High Court set aside a plea seeking “permanent restraint on a public exhibition of judgement and order” on an online catalogue of decisions and indexing by Google. The Petitioner’s case was that he had been cleared of many offences by the Sessions Court and High Court, and the judgement in question was labelled as ‘unreportable’. The petition was set aside by the Court because the petitioner was unable to identify any legal provisions that threatened his right to life and liberty, and that publication on a website did not constitute ‘reporting’ of a judgement because it was not a law report.

Nevertheless, in the Zulfiqar case, the Delhi High Court supported an individual’s right to be forgotten. In that instance, Plaintiff petitioned the Hon’ble Court for a permanent injunction against the Defendants, who had authored two articles against Plaintiff based on harassment accusations they claimed to have received, as part of the #MeToo campaign. Even though the Defendants agreed to remove the news stories, they were reprinted by other websites in the meantime. The Court noted the Plaintiff’s right to privacy, of which the ‘Right to be Forgotten’ and the ‘Right to be Left Alone’ are inbuilt aspects, and guided that any republishing of the content of the originally disputed articles, or any abstract therefrom, as well as altered forms thereof, on any print or digital/electronic platform be held back during the pendency of the current suit.

In 2020, the Orissa High Court, in the Subhranshu Rout case, as previously indicated, conducted a thorough review of the right to be forgotten in any setting. In the aforementioned instance, the Hon’ble High Court was hearing a bail application under section 439 of the Code of Criminal Procedure, in which the Petitioner, who was the accused in the FIR, had posted some unpleasant photographs of the complainant on Facebook against her consent. The Court questioned why, even though the fact that the Act provides for criminal penalties for individuals who commit such offences, the victim’s rights, particularly her right to privacy, which is inextricably related to her right to have those objectionable images removed, remained unresolved.

To consider the problem of the right to be forgotten, the Court depended on cases decided in the European Union. The right to be forgotten is mentioned in the General Data Protection Regulation (GDPR), which controls how personal data can be acquired, processed, and destroyed. Recitals 65 and 66, as well as Article-17 of the GDPR, give the victim the right to have such material erased swiftly after the controller has used due diligence. Furthermore, Article 5 of the GDPR requires data controllers to take all appropriate efforts to ensure that erroneous data is destroyed or corrected as soon as possible. Notably, the Court stated that the victim cannot be anticipated to go to court every time false data or information is discovered, particularly when the data is within the authority of data controllers such as Facebook, Twitter, or other social networking sites.

Information Technology Rules, 2021

The above-stated observation of the Hon’ble Court is consistent with the Government of India’s notification of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, on February 25, 2021. 

It also makes the creation and upkeep of grievance redressal mechanisms by an intermediary operating (or planning to operate) in India necessary.

According to Rule 3(2) of the 2021 Rules, an intermediary must designate a Grievance Officer to handle concerns and issues submitted by Indian customers (if such a mechanism is not already in place). This includes clearly posting the name and contact information of the Grievance Officer on its website or mobile application, as well as noting the mechanism by which the victim may make a complaint to them.

The said sub-rule also states that the Grievance Officer’s responsibility is to:

• Recognize received complaints within 24 hours and resolve them within 15 days;
• Recognize any court or government agency’s order, notice, or direction.

Moreover, if the content is considered to be revealing the complainant without his/her consent, it must be removed within 24 hours of receipt of the complaint.

It also requires the setting up of a system for processing such complaints, which will allow the individual or person to offer data about the content or share the link of the content.

This system ensures that complaints are resolved quickly; particularly those filed by a specific individual accusing the dissemination of his/her non-consensual photographs by a user of the intermediary.

Is the right to be forgotten acknowledged in other countries?

According to the Center for Internet and Society, RTBF gained traction after a Spanish court sent the case to the Court of Justice of the European Union (CJEC) in 2014.

In this instance, Mario Costeja González contested the fact that Google search results for his name continued to link to an auction notice for his foreclosed home. Given that the dispute was resolved, González claimed that Google’s continuous display of these in search results connected to him was a violation of his privacy, according to the centre.

Individuals in the European Union (EU) have the right to be forgotten, which allows them to request that their personal data be deleted from corporations. The EU’s General Data Protection Regulation (GDPR), which was passed by the 28-member union in 2018, makes this possible.

As per the EU GDPR website, the right to be forgotten is mentioned in Recitals 65 and 66, as well as Article 17 of the regulation, which indicates that the data subject has the right to receive from the controller the removal of personal data regarding him or her without unreasonable delay, and the controller has the responsibility to remove personal data without unreasonable delay (if one of several conditions applies).

The EU’s highest court concluded in 2019 in a landmark decision that the ‘right to be forgotten’ under European law does not extend beyond the boundaries of EU member states. The European Court of Justice (ECJ) ruled in favour of Google, which was fighting a French regulatory authority’s decision to erase site addresses from its global database.

This judgment was regarded as a significant victory for Google, as it established that the online privacy law cannot be used to regulate the internet in nations outside the EU, such as India.

Conclusion

Individuals may attempt deletion of their data from the public domain under other statutory provisions such as defamation (libel), indecency and obscenity, child pornography, outraging women’s modesty, and intellectual property law violations, among others, even if they do not have a clear and specific RTBF under existing legislation.

As previously stated, there has been a trend of court rulings emphasising the necessity of prohibiting the publication, or continuous exposure, of private details to prevent injury to the individual and especially acknowledging the presence of the RTBF.

While the PDP Bill was introduced in the Indian Parliament about two years ago, there have been significant delays in its passage into law as of December 2019. It will be fascinating to watch how the Government of India considers such an idea along with the award of RTBF to citizens under the PDP Bill.

References

1. https://indianexpress.com/article/explained/the-right-to-be-forgotten-india-explained-7418661/#:~:text=The%20Right%20to%20be%20 Forgotten%20falls%20under%20the%20purview%20of,Court%20in%20its%20 landmark%20verdict.
2. https://www.mondaq.com/india/privacy-protection/1103662/the-right-to-be-forgotten
3. https://www.news18.com/news/explainers/explained-how-big-b-found-out-and-what-you-should-know-about-surrogate-advertising-4314734.html.

---

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.