Right to be forgotten

Ashutosh Kaushik (TV personality and MTV Roadies winner) has sought the erasure of his personal data that exists online by reasoning that this data is a source of agony for him as their availability on the internet is a source of “utmost psychological pain” to him.

• Ashutosh Kaushik moved Delhi High Court with the plea that orders be issued to internet (Google and relevant entities) to facilitate the removal of his data (posts, videos, articles and any information) related to incidents involving him.
• However, this is not the first time that someone has approached the court seeking right to be forgotten.
  • For example, Jorawar Singh Mundy (an American citizen of Indian origin), approached the Delhi HC saying that he was not getting a job because of an old case, details of which were available on Google.
• The Delhi HC allowed an interim right to be forgotten to the person.

What is ‘right to be forgotten’?

• As governments look to hand more control to people over information related to them, the ‘right to be forgotten’ or the ‘right to erasure’ is recognized as a necessary element of personal data protection laws.
• Simply put, it is the concept that individuals have the civil right to request that personal information be removed from the Internet.

 Is this right available in India?

• PDP Bill
• The Personal Data Protection (PDP) Bill lays down regulations for the protection of personal data of individuals.
• It also covers the ‘right to be forgotten’. However, the Bill has not become law yet.
• The Bill states that:
  • Fundamental Right: The right to privacy is a FR. It is necessary to protect personal data as an essential facet of informational privacy.
  • Defining personal data: Personal data is data about or relating to a natural person who is directly or indirectly identifiable.
  • Right to restrict or prevent data disclosure: Section 20 of the Bill says that a data principal can rightfully ask a data fiduciary to “restrict or prevent the continuing disclosure of his personal data” in specific circumstances.
    • Data principal is the person who generates the data or to whom the information pertains.
    • Data fiduciary is any entity that stores or processes data.

• In the meantime, the IT Rules, 2011— which is the current regime governing digital data — does not have any provisions relating to the ‘right to be forgotten’.

• The recognition of the right to privacy “does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification”.
• Right to privacy cannot be exercised where the information or data is necessary for the following:
  • exercising the ‘right of freedom of expression and information’
  • compliance with legal obligations
  • the performance of a task carried out in public interest, or public health
  • archiving purposes in the public interest
  • scientific or historical research purposes or statistical purposes
  • the establishment, exercise or defence of legal claims

• Privacy is a fundamental human right specifically recognized under:
  • Article 12 of the Universal Declaration of Human Rights
  • Article 17 of the International Covenant on Civil and Political Rights (ICCPR)  
• The Protection of Human Rights Act, 1993 has referred to the ICCPR as a human rights instrument and the latter makes it mandatory for states to take steps for realization of such right and ensure protection against interference by private parties. 

• European Union: The European Union (EU)’s General Data Protection Regulation(GDPR) allows individuals to have their personal data deleted, but the authorities note that “organisations don’t always have to do it”.
  • The GDPR provisions read like a template for the Indian PDP Bill.
  • It states that individuals can seek that their data be erased when “they no longer consent to processing, when there are significant errors within the data, or if they believe information is being stored unnecessarily”.
• California: the California Consumer Privacy Act (CCPA)
• South Africa: Protection of Personal Information Act (POPI Act)

During this ongoing pandemic, the world went more digital than ever before. One of the silver linings of this time is the spotlight on the importance of data and data flow.

The introduction of PDP bill is a step in the right direction. Until its approval, the focus should be on capacity and infrastructure building, data literacy, and understanding technological innovations better.