Today, the world is plainly under the grasps of social media. The foundation of an individual is evaluated on the anvil of his/her presence at the virtual world. Google has become synonymous to “search” and it is perhaps the virtual world that decides the credibility of an individual or an institution alike.
The unparalleled growth of information and technology had made us privy to the most intricate details of human lives – both good and bad. The boundaries of privacy are blurring more than ever. We enjoy the latest controversies with a cup of tea but have we ever thought what would things be like if we were placed in their shoes? Think of the most embarrassing thing you have ever done, now conjure a reality where everybody in the world knows about it, it is tough, right?
At a point in time, where artificial intelligence has advanced to the point of retaining and interpreting data, study behavioural patterns and automate human responses, we need to think about the kind of huge impact our digital footprint has on the web.
The personal information of an individual at this point not confined to just papers, official and government records. It can now be easily assessed by an individual from anywhere around the world through web or search engines. This incomparable change in both the nature and the expanse of personal information accessible online is an underlining issue. An individual need not be grounded or an overachiever to be in the list items of Google or any other search engine for that matter.
In 1998, Mario Costeja González, a Spaniard, had run into financial difficulties and was in severe need of funds. As a result, he advertised a property for auction in the newspaper, and the advertisement ended up on the internet by chance. Mr Gonzáles, unfortunately, was not forgotten by the internet. As a result, news about the sale was searchable on Google long after he had fixed his financial issue, and everyone looking him up assumed he was bankrupt. Understandably, this resulted in severe damage to his reputation, prompting him to take up the matter to the court. Ultimately, this case gave birth to the concept of the “right to be forgotten”.
The European Court of Justice ruled against the search engine giant Google, declaring that under certain circumstances, European Union residents could have personal information removed or deleted from search results and public records databases.
However, in 2019 the EU Court restricted the ruling only to the European Union, saying Google does not have to apply the “right to be forgotten outside Europe”.
The concept of the right to be forgotten, also known as the right to erasure, is that individuals have a civil right to have their personal information removed from the internet. Likewise, a traceable procedure must be in place to ensure that removed data is also erased from backup storage media.
India, at present does not have any statutory provision that provides for right to be forgotten (RTBF). The Indian security system has seen an alternate wave with the presentation of the new Personal Data Protection Bill (PDP Bill) in 2018. The Bill envisage many changes with respect to data handling and security privileges of an individual.
However, the Bill guises to fetch in the right to be forgotten which is not accessible in the current legitimate system under the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
In simple terms, the “right to be forgotten” is the right to have publicly available personal information removed from the internet, search, databases, websites or any other public platforms, once the personal information in question is no longer necessary, or relevant.
However, there is an intricate system envisaged under the Section 20 of PDP Bill for setting off the right to be forgotten. The Bill articulates that the right can be sanctioned only on the order of an adjudicating officer after an application recorded by the data principal. Whereas, the choice on whether the right to be forgotten can be granted with respect to any information will rely upon “the right to the right to freedom of speech and expression and the right to information of some other citizen”.
Keeping in view the laws of other countries, the European Union’s (EU) General Data Protection Regulation (GDPR) permit individuals to have their personal data erased, but the authorities noted that “organisations do not always have to do it”.
The GDPR provisions read like a master for the Indian PDP Bill and it further expresses that an individual can look for the eradication of their information when “there are serious inaccuracies in the data or they believe information is being retained unnecessarily, they no longer consent to processing”.
Furthermore, EU noticed that the right to be forgotten is “not an absolute right”. Consequently, in situations where the information is being utilised to practise the right to freedom and expression or for consenting to a lawful decision or commitment, an appeal for eradication may not be engaged. Additionally, where public interest is included or when an association is utilising information while practicing its authority, it can refuse to delete any information that it considers to be significant for its purposes.
Today, at this point it is not simple to get away from one’s past when one’s personal information can be easily circulated around the web or stay on the internet endlessly, accessible through speedy search results. For people who wish to start afresh, the right to be forgotten remains essentially important and all the more necessary given the expand of our digital footprint. The essential query that encompasses the commencement and nature of the right to be forgotten is: would it be a good idea for us to reserve the right to be forgotten?
In India, the first question previously came up before the judiciary in Dharamraj Bhanushankar Dave v. State of Gujarat, before the Gujarat High Court. In its judgment the court did not acknowledge the so-called “right to be forgotten”. Here, in this case the petitioner had been charged with criminal conspiracy, murder, and kidnapping, among others and was acquitted by the Sessions Court, which was further supported by a Division Bench of the Gujarat High Court. The petitioner had claimed that since the judgment was non-reportable, respondent should be banned from publishing it on the internet because it would jeopardise the petitioner’s personal and professional life. The High Court, on the other hand, found that such publication did not violate Article 21 of the Indian Constitution, and that the petitioner had presented no legal basis to prevent the respondents from publishing the judgment.
Subsequently, In V. v. High Court of Karnataka, , the Karnataka High Court recognised right to be forgotten. The purpose of this case was to remove the name of the petitioner’s daughter from the cause title since it was easily accessible and defame her reputation. The court held in favour of the petitioner and ordered that the name of the petitioner’s daughter to be removed from the cause title and the orders. The court held that “this would be consistent with the trend in western countries, where the ‘right to be forgotten’ is applied as a rule in sensitive cases concerning women in general, as well as particularly sensitive cases involving rape or harming the modesty and reputation of the individual concerned”.
Noticeably, the right to be forgotten has now been perceived as a basic face of the right to privacy.
Furthermore, in the landmark case of K.S. Puttaswamy v. Union of India, the Supreme Court recognised the right to be forgotten as part of the right to life under Article 21.
The Supreme Court had stated that the right to be forgotten was subject to certain restrictions, and that it could not be used if the material in question was required for the—
- exercise of the right to freedom of expression and information;
- fulfilment of legal responsibilities;
- execution of a duty in the public interest or public health;
- protection of information in the public interest;
- for the purpose of scientific or historical study, or for statistical purposes; or
- the establishment, executing, or defending of legal claims.
Recently, a Single Judge Bench of the Madras High Court headed by Mr Justice N. Anand Venkatesh, had given an important order regarding “right to be forgotten” (RTBF) or right to erasure as a facet of the fundamental “right to privacy”.
In this case, the petitioner’s name continued to appear in the High Court’s verdict and was freely available to anyone who would type their name into Google search. Despite the fact that the petitioner was acquitted, they were named as an accused throughout the preceding judgment. Therefore, the petitioner contends that this has a negative influence on his public image. As a result, the petitioner requests the High Court to issue an order redacting their name from the verdict.
The Madras High Court ruled that the “right to be forgotten” cannot exist in the administration of justice, especially when it comes to court judgments.
“Right to be forgotten does not exist in case of court judgments, rules Madras HC”
It is innocuous to conclude that RTBF is still in its preliminary stage in India. To effectively enforce this right in India, the following should be proposed:
- A robust data protection law would go a long way in effectively imbibing this right in every citizen. RTBF can be restructured to further help in protecting the privacy of individuals.
The current events show just how much this Bill needs to be enacted into an act. The need of the hour is to protect people against attacks through digital platforms. Additionally, a clause that clarifies different situations with certain outcomes is also essential, so as not to give rise to any potential conflict between the two fundamental rights.
- Even though the PDP Bill has not been implemented, several courts have recognised the RTBF in their judgments, keeping international jurisprudence in mind. Whilst the Delhi and Karnataka High Court have recognised the right and judicially enforced it, there is still a long way for a systematic method which effectively safeguards RTBF in a way that right to information and right to freedom of speech and expression are not violated. Filing a petition for defamation to invoke their fundamental right to privacy can be used in the meantime.
- Lastly, search engines and major digital platforms can alter their policies and determine the eradication of personal data through de linking. However, big giants like Google have continued to retain certain information even when taken to court by a petitioner in Kerala HC. This goes to show that this method is the least effective way to enforce the right.
However, applying the three cumulatively and in a systemic manner could help to properly establish and implement RTBF in India.
Lastly, it would be interesting to note the development of right to be forgotten in other jurisdictions.
Comparative analysis of the concept of right to be forgotten
European Union (EU)
The concept of the right to be forgotten has elicited conflicting reactions from various jurisdictions around the globe. The EU, in particular, has seen rapid development. The European Union (EU) – several maneuvers have been made in the European Union to consolidate the right to be forgotten. The Data Protection Directive was a European Union directive passed in 1995 to govern the exemption of personal data within the EU. It is a crucial part of EU privacy and human rights law. Following that, in April 2016, the General Data Protection Regulation (GDPR) was enacted, superseding the Data Protection Directive, 1995.
In accordance with Article 17 which states that the data subject has the right to request the erasure of personal data relating to them on a variety of grounds, including non-conformity with Article 6(1) (lawfulness), which includes a case if the controller’s sincere interests are overshadowed by the data subject’s interests or fundamental rights and freedoms, which require the protection of personal data. As a result, GDPR Article 17 has defined the situations in which European Union citizens can exercise their right to be forgotten or erasure.
The article gives citizens of the European Union the right to have their personal data erased under six conditions, including the withdrawal of consent to use data or the data no longer being relevant for the purpose for which it was gathered. However, the request may be denied in certain circumstances, such as when it contradicts the right to free expression and information, or when it is conflicting to public interest in the areas of public health, scientific or historical research, or statistical drives. As a result, Article 17 of the GDPR of 2016 includes a specific protection in the right to be forgotten.
When a member of the public requests for the erasure of the information, the European Court of Justice in Google Spain SL v. Agencia Española de Protección de Datos ordered Google to delete “inadequate, irrelevant, or no longer relevant” material from its search results. The judgment, dubbed the “right to be forgotten” by the public, was crucial in enforcing the EU’s data protection laws and regulations, particularly the EU’s General Data Protection Regulation.
Mario Costeja González, a Spaniard, was dissatisfied when a Google search for his name turned up a newspaper article from 1998. Gonzalez approached the newspaper in 2009 to have the article removed, but the newspaper refused, so González went to Google to have the article removed when his name is searched.
To exercise one’s right to be forgotten and have one’s information removed from a search engine, fill out a form on the search engine’s website.
Google’s removal request process requires the applicant to identify their country of residence, provide personal information, provide a list of URLs to be removed along with a brief description of each one, and attach legal identification. The form allows users to enter the name for which they want search results to be removed. If a search engine refuses to delink material, EU citizens can file an appeal with their local data protection agency.
Google may face legal action if it objects to a data protection agency decision. The European Union has requested that Google implement delinking requests from EU citizens across all international domains.
United States (US)
The United States of America has an evolved general set of laws that defends its residents’ protection. The State of New York was quick to acquaint a draft “right to be forgotten” Bill A05323 in its State Assembly, named “An act to amend the civil rights law and the civil practice law and rules, in relation to creating the right to be forgotten act.” Moreover, in March 2017, New York State representative Tony Avella and assemblyman David Weprin introduced legislation that would permit people to require web search tools and online speakers to eliminate data that is “inaccurate,” “irrelevant,” “inadequate,” or “excessive,” that is “no longer material to current public debate or discourse,” and that is causing evident harm to the subject.
The Bill was written mainly along the lines of the European Court of Justice’s decision in Google Spain SL v. Agencia Española de Protección de Datos.
Two significant cases to be specific Melvin v. Reid and Sidis v. FR Publishing Corpn. are somewhat pertinent. The court contemplated, “Any individual who leads a moral life has the option to joy, which remembers the independence from unmerited assaults for his character, social standing, or notoriety.” While the plaintiff in the case, William James Sidis, was a former child prodigy who wish to spend his adult life discreetly and undetected, subsequently, an article in The New Yorker disrupted this. In this case, the court resolute that the option to control one’s own life and realities about oneself has limits, that there is social worth in distributed realities, and that an individual cannot overlook their celebrity status basically in light of the fact that they need to.” Despite these slow developments, the prospects of a federal law or a constitutional amendment providing for a standalone. Right to be forgotten in the United States are very faint, particularly regardless of the solid resistance in light of the fact that it is conflicting with the first amendment to the United States Constitution, which ensures freedom of speech and expression. Thus, it is contended, the right will viably bring about another type of restriction.
These criticisms, however, are consistent with the proposal that the only information that can be removed at the user’s request is content that the user has uploaded.
† Sanjay Vashishtha is a practicing counsel at the Supreme Court of India, LLM in Comparative Criminal Law from McGill University, Canada and MSc, Criminology and Criminal Justice from University of Oxford. He is serving as a counsel/special counsel and consultant for several law enforcement and public sector institutions.
 C-507/17, Google LLC, successor in law to Google Inc., v Commission nationale de l’informatique et des libertés (CNIL) can be accessed HERE
 Personal Data Protection Bill accessible Here
 Case C‑131/12, decided on 13-5-2014.
 Case C‑131/12, decided on 13-5-2014.
 112 Cal App 285: 297 P 91 (1931).
 85 L Ed 462 : 61 S Ct 393 : 311 US 711 (1940).