Current Affairs
Explained

Right to be forgotten

  • Posted By
    10Pointer
  • Categories
    Polity & Governance
  • Published
    26th Jul, 2021
  • Context

    Ashutosh Kaushik (TV personality and MTV Roadies winner) has sought the erasure of his personal data that exists online by reasoning that this data is a source of agony for him as their availability on the internet is a source of “utmost psychological pain” to him.

  • Background

    • Ashutosh Kaushik moved Delhi High Court with the plea that orders be issued to internet (Google and relevant entities) to facilitate the removal of his data (posts, videos, articles and any information) related to incidents involving him.
    • However, this is not the first time that someone has approached the court seeking right to be forgotten.
      • For example, Jorawar Singh Mundy (an American citizen of Indian origin), approached the Delhi HC saying that he was not getting a job because of an old case, details of which were available on Google.
    • The Delhi HC allowed an interim right to be forgotten to the person.
  • Analysis

    What is ‘right to be forgotten’?

    • As governments look to hand more control to people over information related to them, the ‘right to be forgotten’ or the ‘right to erasure’ is recognized as a necessary element of personal data protection laws.
    • Simply put, it is the concept that individuals have the civil right to request that personal information be removed from the Internet.

    Orissa HC on right to be forgotten

    • In 2020, the Orissa High Court (Subhranshu Rout @ Gugul v. State of Odisha) mentioned the issue of the right to be forgotten.
      • The observation was made in a case where the accused uploaded videos of his former partner that he surreptitiously recorded.
    • The court stated that in the absence of right to erase electronic data in specific cases, "any accused will surreptitiously outrage the modesty of a woman and misuse the same in cyberspace unhindered."

     Is this right available in India?

    • PDP Bill
    • The Personal Data Protection (PDP) Bill lays down regulations for the protection of personal data of individuals.
    • It also covers the ‘right to be forgotten’. However, the Bill has not become law yet.
    • The Bill states that:
      • Fundamental Right: The right to privacy is a FR. It is necessary to protect personal data as an essential facet of informational privacy.
      • Defining personal data: Personal data is data about or relating to a natural person who is directly or indirectly identifiable.
      • Right to restrict or prevent data disclosure: Section 20 of the Bill says that a data principal can rightfully ask a data fiduciary to “restrict or prevent the continuing disclosure of his personal data” in specific circumstances.
        • Data principal is the person who generates the data or to whom the information pertains.
        • Data fiduciary is any entity that stores or processes data.
  • What about Information Technology Rules, 2011 ?

    • In the meantime, the IT Rules, 2011— which is the current regime governing digital data — does not have any provisions relating to the ‘right to be forgotten’.

    Right to Privacy

    • In 207, in its landmark verdict, the Supreme Court declared the Right to Privacy as a fundamental right.
    • The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution”.
  • When can the ‘right to privacy’ be exercised?

    • The recognition of the right to privacy “does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification”.
    • Right to privacy cannot be exercised where the information or data is necessary for the following:
      • exercising the ‘right of freedom of expression and information’
      • compliance with legal obligations
      • the performance of a task carried out in public interest, or public health
      • archiving purposes in the public interest
      • scientific or historical research purposes or statistical purposes
      • the establishment, exercise or defence of legal claims
  • India's commitment under international law

    • Privacy is a fundamental human right specifically recognized under:
      • Article 12 of the Universal Declaration of Human Rights
      • Article 17 of the International Covenant on Civil and Political Rights (ICCPR)  
    • The Protection of Human Rights Act, 1993 has referred to the ICCPR as a human rights instrument and the latter makes it mandatory for states to take steps for realization of such right and ensure protection against interference by private parties. 

    Article 51 of the Indian Constitution (Directive Principles of State Policy), requires the state to endeavour to "foster respect for international law and treaty obligations in the dealings of organized people with one another".

  • How other countries handle its citizen’s personal data?

    • European Union: The European Union (EU)’s General Data Protection Regulation(GDPR) allows individuals to have their personal data deleted, but the authorities note that “organisations don’t always have to do it”.
      • The GDPR provisions read like a template for the Indian PDP Bill.
      • It states that individuals can seek that their data be erased when “they no longer consent to processing, when there are significant errors within the data, or if they believe information is being stored unnecessarily”.
    • California: the California Consumer Privacy Act (CCPA)
    • South Africa: Protection of Personal Information Act (POPI Act)

    Initiatives taken by Indian Government

    • DEPA: In August 2020, NITI Aayog released a draft framework on the Data Empowerment and Protection Architecture (“DEPA”) to institute a mechanism for secure consent-based data sharing in the fintech sector.
    • NDHM:  National Digital Health Mission (“NDHM”) was announced by the Central Government.
    • HDM Policy: In December, 2020 the government approved a Health Data Management Policy (HDM Policy) largely based on the PDP Bill to govern data in the Ecosystem.
  • Conclusion

    During this ongoing pandemic, the world went more digital than ever before. One of the silver linings of this time is the spotlight on the importance of data and data flow.

    The introduction of PDP bill is a step in the right direction. Until its approval, the focus should be on capacity and infrastructure building, data literacy, and understanding technological innovations better.