"Right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet".
- Justice S.K. Kaul, K.S. Puttaswamy v. UOI (2017)
We reside in a world where social media dictates one's reputation and dignity in the eyes of the public. The collection and records of an individual's history of all information has a bearing on the conduct of the person and the way others respond to them. Thus, cherishing and assuring the dignity of an individual by guaranteeing the right to personal liberty and privacy in a reasonable manner helps to bring full development and evolution of the individual.
Privacy allows an individual to maintain their autonomy from the regulation of their social existence by the society, at large. Protecting one's privacy and establishing a code of conduct to regulate online activity, therefore, becomes the need of the hour. The right to privacy, is intrinsically, an inalienable right guaranteed in the fundamental rights by the Constitution1 and therefore, is necessary to be safeguarded.
The object of national laws and fundamental rights, in the context of protecting an individual's privacy, extends to their right with respect to the processing of personal data. The right to be forgotten implies that personal data, which is no longer needed for the purpose that it was originally destined to fulfill, must be completely erased from the public record. Thus, information that is publicly available, would be removed from databases, web searches and other public platforms, when it is not relevant.
While the debate around data protection and privacy regulation is central to the right to information, a balance must be struck so that the State can protect the fundamental rights of the citizen, while not engaging in censorship and re-writing of facts and circumstances.
- 'Right to be forgotten' within the EU
The 'right to be forgotten' (RTBF) was first derived from the Google case2 wherein the European Union Court of Justice held that search engine providers, such as Google, have a responsibility for the checking the personal information that appears on web pages that are published by third parties. The Court orchestrated for the protection of personal data3 and respect for private and family life4. The 2014 ruling brought about the removal of 45% of the 3.3 million links that Google received about the "right to be forgotten" requests within the EU5.
After the Facebook-Cambridge Analytica data scandal, the violations of privacy and abuse of power became the hot topic for many parliamentarians across the world6. The General Data Protection Regulation (GDPR), which was in formation, took effect in 2018, with stringent laws being enforced so that the personal data of individuals, along with their right to privacy can be enforced.
With the codification of the 'right to be forgotten' in the GDPR7 in the European Union (EU) landscape, the right to erasure was guaranteed by the law. The GDPR regulates on how intermediaries (ISPs, social media content providers such as YouTube, Twitter, Facebook, etc.) should protect EU citizen's personal data.
- Implications on the indian landscape
After the formulation of the GDPR in the EU, the debate about privacy became central in the Indian context and the need to formulate a data protection framework was followed suit by legislators. While India currently does not have a framework for the same.
In Jorawer Singh Mundy v. UOI8, the Delhi High Court granted the right to an Indian-American citizen to have a judgement removed from the platforms of Google, Indian Kanoon and vLex.in, as he had been an accused in the case, but had been acquitted. The Court gave an interim relief and directed the said removal on the platforms by recognizing the individual's right to privacy under Article 21 as it was hampering with the professional life of the litigant.
In another case, when in 2019 the #MeToo movement gained traction in India, the petitioner, one Zulfiqar Ahman Khan9, had pleaded for the removal of two articles that were written against him on TheQuint, on the basis of anonymous harassment allegations against him. During the pendency of the case, the articles were taken down but the Delhi High Court prohibited the news company to reproduce the article again.
In Subhranshu Rout v. State of Odisha10, the Odisha High Court, while examining the 'right to be forgotten' as a remedy to be given to victims of sexually explicit pictures/pornography, stated that
"..information in the public domain is like toothpaste, once it is out of the tube one can't get it back in and once the information is in the public domain it will never go away". The Court recognized the right to be forgotten in such cases and recognized the emergence of such laws in the Indian landscape.
In another recent case, dated 23rd Aug, 2021, the Delhi High Court stated that a victim is entitled to the removal of content that infringes her right to privacy and has a 'right to be forgotten'.1 Hon'ble Justice Asha Menon of Delhi High Court stated that a woman has the unbridled right to be forgotten and she is fully entitled to protection of privacy from invasion by strangers.12
- Walking the pavement of RTBF
After the judgement by Delhi Hight Court, it is important to recognize that RTBF is essential in sensitive cases, for instance, those that involve offences against women. In a post Puttaswamy legal framework, it is essential to examine that right to information and right to privacy walk hand in hand. Therefore, it is essential to formulate laws and ethical code of conduct within the Information Technology for the regulation of the RTBF. In this regard, the GoI, on 25th Feb, 2021 had notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 which provides a redressal mechanism for reporting on any intermediary operations that tend to violate a person's right to privacy. This helps to maintain the dignity of an individual, something which drives the human civilization to struggle towards betterment.
Footnotes
1. Article 21, Constitution of India, 1950.
2. Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González, C-131/12.
3. Article 7, Charter of Fundamental Rights of the European Union, 2000.
4. Article 8, Charter of Fundamental Rights of the European Union, 2000.
5. Sarah Marsh, 'Right to be forgotten' on Google only applies in EU, court rules, THE GUARDIAN, https://www.theguardian.com/technology/2019/sep/24/victory-for-google-in-landmark-right-to-be-forgotten-case
6. Cambridge Analytica, GDPR - 1 year on - a lot of words and some action, PRIVACY INTERNATIONAL, https://privacyinternational.org/news-analysis/2857/cambridge-analytica-gdpr-1-year-lot-words-and-some-action
7. Article 17(2), GDPR, 2018.
8. W.P.(C) 3918/2021.
9. Zulfiqar Ahman Khan vs M/S Quintillion Business Media Pvt. Ltd. & Ors., CS(OS) 642/2018.
10. BLAPL No.4592/2020
11. X vs HTTPS://WWW.YOUTUBE.COM/WATCH?V=IQ6K5Z3ZYS0 & Ors., CS(OS) 392/2021
12. Sanjeev Sirohi, 'Entitled To Right To Be Forgotten & Protection From Invasion Of Privacy': Delhi HC Grants Interim Relief To Bengali Actress, LEGAL INDIA, https://www.legalindia.com/entitled-to-right-to-be-forgotten-protection-from-invasion-of-privacy-delhi-hc-grants-interim-relief-to-bengali-actress/
© 2020, Vaish Associates Advocates,
All rights reserved
Advocates, 1st & 11th Floors, Mohan Dev Building 13, Tolstoy
Marg New Delhi-110001 (India).
The content of this article is intended to provide a general guide to the subject matter. Specialist professional advice should be sought about your specific circumstances. The views expressed in this article are solely of the authors of this article.