In News
Recently, a plea has been filed in Delhi High Court to exercise the Right of Being Forgotten.
Demands of Plea
- The plea maintains that the Right to be Forgotten goes in sync with the Right to Privacy, which is an integral part of Article 21 of the Constitution, which concerns the Right to Life.
- It also mentions that the posts and videos on internet related to the petitioner have caused them psychological pain for his diminutive acts, which were erroneously committed a decade ago as the recorded videos, photos, articles of the same are available on various search engines/online platforms.
- It also states that the petitioner’s mistakes in his personal life become and remain in public knowledge for generations to come.
- Consequently, the values enshrined under Article 21 of the Indian Constitution and the emergent jurisprudential concept of the Right to be Forgotten becomes extremely relevant in the present case.
Right to be Forgotten in India
- It is the right to have personal information removed from publicly available sources, including the internet and search engines, databases, websites etc. once the personal information in question is no longer necessary, or relevant
- The Right to be Forgotten falls under the purview of an individual’s right to privacy, which is governed by the Personal Data Protection Bill that is yet to be passed by Parliament.
- In 2017, the Right to Privacy was declared a Fundamental Right by the Supreme Court in its landmark verdict.
- At that time, the court held that the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.
Personal Data Protection Bill
- It was introduced in Lok Sabha on 11th December 2019.
- Its aim is to set out provisions meant for the protection of the personal data of individuals.
- Clause 20 under Chapter V of this draft bill titled “Rights of Data Principal” mentions the “Right to be Forgotten.”
- It states that the data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary.
- It gives an individual the right to restrict or prevent the continuing disclosure of their personal data when such data
- Has served the purpose for which It was collected, or is no longer necessary for said purpose.
- Was made with the consent of an individual, whose consent has since been withdrawn.
- Was made contrary to the PDP Bill or any law in force.
- While assessing the data principal’s request, this officer will need to examine the:
- Sensitivity of the personal data.
- Scale of disclosure.
- Degree of accessibility sought to be restricted.
- Role of the data principal in public life.
- Nature of the disclosure among some other variables.
- Therefore, broadly, under the Right to be Forgotten, users can de-link, limit, delete or correct the disclosure of their personal information held by data fiduciaries.
- A data fiduciary means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.
- Even so, the sensitivity of the personal data and information cannot be determined independently by the person concerned, but will be overseen by the Data Protection Authority (DPA).
- This means that while the draft bill gives some provisions under which a data principal can seek that his data be removed, his or her rights are subject to authorisation by the Adjudicating Officer who works for the DPA.
- In the meantime, the Information Technology Rules, 2011, which is the current regime governing digital data, does not have any provisions relating to the right to be forgotten.
Global Scenario
- European Union
- The Center for Internet and Society notes that the Right to be Forgotten gained prominence when the matter was referred to the Court of Justice of European Union (CJEC) in 2014 by a Spanish Court.
- It was a case between search engine Google and a person whose data was shown in the search engine.
- This ruling was considered an important victory for Google and laid down that the online privacy law cannot be used to regulate the internet in countries such as India, which are outside the European Union (EU).
- In the EU, the right to be forgotten empowers individuals to ask organisations to delete their personal data.
- It is provided by the EU’s General Data Protection Regulation (GDPR), a law passed by the 28-member bloc in 2018.
- GDPR is the toughest privacy and security law in the world.
- Though it was drafted and passed by the EU, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.
- In its landmark ruling, the EU’s highest court ruled in 2019 that the ‘Right to be Forgotten’ under European law would not apply beyond the borders of EU member states.
(Image Courtesy: BS)
Challenges
- Enforcement Challenge
- There are many legal and technical challenges in the enforcement of the right to be forgotten.
- The success rate of governments across the world in banning or removing pornographic websites or torrent sites from the Internet has not been great, since there are various ways of circumventing such bans.
- Further, the blocking or delinking of URLs by search engines does not guarantee that such information has been blocked or deleted from the Internet.
- There is also no way to ensure that such information is not uploaded again.
- Right to Privacy v/s Information of Public Interest
- Google has created a mechanism through which an individual can make a request for taking down or delinking a specific search result bearing an individual’s name.
- Google evaluates such requests on various parameters like whether these results are an infringement on his right to privacy or whether such information is of public interest.
- In the case of the former, the individual’s right to be forgotten trumps the public’s right to access information.
- However, if the information is of public interest, the right to information of the public prevails over privacy rights.
- This squarely makes Google the decision maker of the relevance, adequacy, and need for data to be available online for public access or not.
- Scrutinization of Requests
- With the growing recognition of the right to be forgotten, the number of requests that search engines receive for taking down or delinking is only likely to increase, making it extremely difficult and cumbersome to scrutinize such requests manually.
- According to Google’s Transparency Report, as in 2016, Google had received 565,412 requests for the removal of URLs. The Report further states that it has already evaluated 1,717,714 URLs since May, 2014. The Report shows that Google has removed 56.8% of the URLs from the requests received.
- With a substantial increase in the number of requests, search engines may even consider using algorithms to deal with such requests instead of manually evaluating the privacy rights vis-à-vis public interest.
- Misuse of Right by Individuals
- This right may be misused by individuals as it will lead to artificial alteration of the content available online which may result in the delinking of pertinent information.
- No Turning Back for Information in Public Domain
- Information in the public domain is like toothpaste, once it is out of the tube one cannot get it back in and once the information is in the public domain it will never go away.
Way Forward
- The Right to be Forgotten needs to be established statutorily in Indian jurisprudence and must extend to cover private persons as well as the State, as proposed in the Personal Data Protection Bill, 2019.
- The Right is necessary to enable individuals to have more and better control of their personal information online.
- The countries need to think in terms of designing the right constitutive rules of the logical space of online information.
- The Right to be Forgotten could be a remedy for victims of sexually explicit videos/pictures often posted on social media platforms by culprits to intimidate and harass women.
Source: IE
Previous article
Cloud Seeding
Next article
Facts in News