Access to information in this digital age is unparalleled and it has transformed the way we communicate, share and store data. However, this era has raised critical enigma of privacy, digital autonomy and a person’s control over their digital footprint. The world today is at the pedestal of social media where one’s presence on the same determines their foundation and standing in the society.
Personal information of an individual, nowadays, is not limited to physical files, papers and official government records, the same can now be extracted through the web around the globe. The exceptional growth of technology has made us acquainted to such information in form of digital data and made us privy to the most intricate and personal details of people. This has made the boundary of right to information and right to privacy really blurry. Clay Shirky, a Professor at NYU has rightly stated that “It used to be expensive to make things public and cheap to make them private. Now it’s expensive to make things private and cheap to make them public.”. The concept of “Media Gossip” has always been popular but has gained a significant momentum because of social media. Media Gossip is basically a part of news wherein one would find stories about the social and private lives of famous people. Some contemporary examples of the same is the ‘Hardik Pandya’s Divorce’ or all the gossips from the Anant Ambani and Radhika Merchant’s wedding that was flashed on social media. These kinds of news may or may not be true, but what is for sure is the effect these kinds of news have on these famous people. Being on the other side of the table we enjoy these kinds of gossips with a cup of tea, but one can only imagine being in the shoes of these people having their lives and private information being publicly displayed and such information being on these digital platforms like fossils on earth.
The concept of “Right to be forgotten” has become significant in light of this development. This allows individuals to request the removal of personal information from the internet under certain circumstances, in simple words, ‘being forgotten from the internet’. While this right has been recognized and implemented in various forms across the European Union and other jurisdictions, India is still grappling with its implications and the necessity of its adoption.
This concept has been in place and in discussion since the pre-digital era and has been considered as a broader concept. However, with the advent of the internet, the nature of privacy concerns shifted towards digital information and online data. With the rapid expansion of digital infrastructure and the increasing penetration of the internet, the need to balance the free flow of information with the protection of personal privacy has never been more critical. The current legal framework in India offers limited recourse for individuals seeking to erase their digital past, highlighting an urgent need for comprehensive legislation that addresses the nuances of the Right to be Forgotten.
This right’s origin can be found in French jurisprudence through the “right to oblivion”, which was designed to facilitate the social reintegration of convicted criminals by disclosing their crimes to the public. A member state must grant individuals the ability to control, ratify, erase, or block data pertaining to them, as stated in Article 12 of the European Union Data Protection Directive, 1995, which was based on French jurisprudence. A landmark judgement in this regard is the case of Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014). This was the first time when the Right to be Forgotten was recognised and codified and found in the General Data Protection Regulation (GDPR). Along with this the right to erasure was also recognised. According to this right, a personal data of a person must be immediately erased from places where such is no longer required or where its original purpose is exhausted, or when the person to whom such data belongs, no longer consents for it to be present.
India currently lacks a statutory provision for the right to be forgotten (RTBF). The introduction of the new Personal Data Protection Bill (PDP Bill) in 2018 has brought significant changes in data handling and security rights. The PDP Bill aims to introduce the right to be forgotten, which is not covered under the existing Information Technology Act, 2000, and related rules from 2011. The right to be forgotten allows individuals to have their personal information removed from public platforms when it is no longer necessary or relevant.
Justice B.N. Srikrishna Committee’s draft Personal Data Protection Bill, 2018 has introduced the Right to be Forgotten in India. This right gives a person the ability of an individual to limit, delink, delete, or correct the disclosure of the personal information on the internet that is misleading, embarrassing, or irrelevant. Section 27 of the Bill states that a data principal has a right to prevent the data fiduciary from using such data or information if data disclosure is no longer necessary, the consent to use data has been withdrawn or if data is being used contrary to the provisions of the law. Further, section 27(2) says the adjudicating officer (Data Protection Authority) can decide on the question of disclosure, and the circumstances in which he thinks such disclosure can override the freedom of speech and the citizen’s right to information.
It is pertinent to keep in mind that the Right to be Forgotten is in sync with the Right to Privacy, which is an integral part of Article 21 of the Indian Constitution, which is the Right to Life, as clearly expressed by the Supreme Court in the Puttaswamy Judgement.
Under Section 20 of the PDP Bill, this right can only be granted by an adjudicating officer after an application by the data principal. The decision will consider the right to freedom of speech and expression and the right to information of others. The EU’s General Data Protection Regulation (GDPR) allows individuals to request the deletion of personal data but notes that organizations do not always have to comply. The GDPR serves as a model for the Indian PDP Bill, allowing data deletion when there are serious inaccuracies or if the data is retained unnecessarily. However, the right to be forgotten is not absolute. Requests may be denied if the data is used for exercising freedom of expression, complying with legal obligations, or if public interest or organizational needs are involved.
In the digital age, escaping one’s past is difficult due to the permanence of online information. For those wishing to start anew, the right to be forgotten is crucial. The fundamental question remains: should we have the right to be forgotten?