Google recently emerged victorious when the Court of Justice of the European Union ruled that EU regulations on the right to be forgotten do not apply beyond its boundaries. India is not ready for the legal ramifications of it: The country still has no personal data protection law, let alone the right to be forgotten.
Data Protection Bill, 2018 –
- The matters of individual data protection are currently seen through the lens of the right to privacy under Article 21 of the Constitution.
- The Personal Data Protection (Draft) Bill, 2018, presented to the IT ministry by the Justice B N Srikrishna panel, has a section on the right to be forgotten, even as it does not provide the right to erasure.
- Section 27 of the draft Bill talks about the right of the individual to restrict or prevent continuing disclosure of personal data. This Section presents three scenarios under which this right may be exercised:
- If data disclosure is not necessary;
- consent has been withdrawn;
- data used contrary to provisions of law.
Legal precedents on ‘right to be forgotten’ –
- First, the Karnataka High Court ordered the removal of personal details from the judgment, while referring to the “right to be forgotten” in sensitive cases involving women in general.
- Second, the Gujarat High Court rejected the request for “permanent restraint (on) free public exhibition of the judgment and order”.
Limitations on ‘right to be forgotten’ –
- These two cases present a glimpse into the legal challenges the proposed law may face, in case it clears parliamentary procedure. Experts said the biggest challenge in implementing this right is the tradeoff between defamation and freedom of expression.
- The right to be forgotten cannot be an absolute right and would be subjected to reasonable restrictions. “The right to be forgotten comes within the purview of the right to privacy, which would be at odds with Article 19(1)(a) — freedom of speech and expression.
- There will be red lines such as – Information about known terrorists cannot be forgotten, but what about those who may have breached a simple traffic law?
Way forward –
- For such situations, Section 27 of the draft Bill offers for an adjudicator to accept applications and make a decision, but experts said the process would be cumbersome and time-consuming. According to experts, the data protection authority would need a big workforce, and it must be ensured this agency receives sufficient resources.
- Also, specific data protection rights must be provided to people. “These must include the provision of know what data is stored about you, the right to update or delete out-of-date information, and the right to delete your private information,” said Chima.
- The concept of the right to be forgotten is still evolving worldwide and mostly applies to data accessible on the internet. Despite many difficulties, experts think such a provision in India would make companies that use personal data accountable and they may need to review how they gather, use, and share such information. They will be accountable to people whose information they collect. It will be implemented by an independent regulator and the courts.
Any such measure would not be simple. Digital giants like Google and Facebook are already promoting the free flow of information in the context of the data localisation debate. The answers may lie in how governments and courts around the globe embrace and apply this European notion of the right to be forgotten.
Source – Business Standard
Also read: 30th September – Explained – Ranitidine
QUESTION – Right to privacy is incomplete without ‘right to be forgotten’. Examine the feasibility of ‘right to be forgotten’ in the Indian context.