Right to Privacy is an essential fundamental right which has been enshrined in the Indian Constitution under Article 21 after the Justice K.S. Puttaswamy case. The right also covers the aspect of informational privacy and thus an invasion of the data privacy of an individual would lead to the infringement of the fundamental right to privacy.
Recently, the Orissa High Court in the case of Gugul v. State of Odisha emphasised the need for the Right to be Forgotten. The court stated that the pictures and videos of a rape victim on social media platforms is an infringement of their right to privacy and thus stressed upon the need of mechanism which could permanently delete the data from the internet and thus, the Right to be Forgotten came into picture.
Where did the Right to be Forgotten Originate?
The Right to be Forgotten came into existence in the year 2014, where the European Court of Justice (ECJ) gave a judgement in favour of a Spanish man who was unhappy that his name when searched on Google displayed a newspaper article from 1998. The man approached the newspaper office in 2009 and asked them to remove the article since it was not relevant now but they refused to do so. He, then, approached Google to do the same. Later, the ECJ gave an order directing Google to delete the irrelevant data from their search as requested by a public member.
The European Union (EU) has the Right to be Forgotten which is enshrined in Recitals 65 and 66 under Article 17 of the General Data Protection Regulation (GDPR). The Article states that it is the right of an individual to obtain the data from the controller and have it erased without any delay and the controller is obligated to erase that data without any delay. The Article 17 which contains the Right to be Forgotten is dovetails with the Article 15 which contains the people’s right to access their personal information.
Article 17 also provides guidelines pertaining to when the Right to be Forgotten will apply:
- The personal data collected by the organization is no longer required.
- The individual withdraws consent to use his or her personal data.
- The personal data of the individual is used by the organization for marketing purposes.
- The organization is processing the personal data for legitimate interests and the individual objects to such processing then the organization cannot process that data.
- Unlawful use of personal data.
- Erasure of personal data by the organization to comply with legal ruling, etc.
But there are also some instances where the Right to be Forgotten can be overridden by the organization’s right to process someone’s data. The GDPR has specified such instances and they are as follows:
- Data is used for exercising the right to freedom of speech and expression and information.
- Data is used for complying with legal ruling.
- Data used to carry out a task in public interest or when organization exercises official authority.
- Data used for public health purposes.
- Data used for performing preventive and occupational medicine
- Data used for exercising legal defense, etc.
Thus, Right to be Forgotten prevails in the EU but it too does have exceptions where it can be trumped by other rights. From this, we can conclude that the Right to be Forgotten is a human right which is not absolute.
What is the Status of the Right to be Forgotten in India?
In India, the Right to be Forgotten as of now has not been implemented. The B.N.Srikrishna Committee has laid down a report which emphasized on the need that the consent of an individual should be obtained to process their personal data. Also, the draft of the Personal Data Protection Bill, 2018 has a section of Right to be Forgotten but the bill does not provide for the right to erasure. Section 27 of the Personal Data Protection Bill 2018 has recognized three scenarios or instances where the Right to be Forgotten will be applicable if:
- The data of the individual is no longer necessary
- The individual withdraws his or her consent to use of personal data.
- The data is in contravention to the laws of the country.
An officer will be appointed to determine the applicability of the three scenarios and then he or she will have to determine whether the Right to be Forgotten overrides the right to freedom of speech and expression and information. The provision of right to erasure of data as prevailing in the EU is not applicable in India but it might be included later on as the bill is still in debate before the parliament and if approved then it will become a law.
Whether India can Implement the Right to be Forgotten?
The Right to be Forgotten is regarded as a Human Right but implementing it in India would be a Himalayan task since firstly the court in this regarded observed that there is no law in the country under which this right can be included and it was suggested that this right should be included in Article 21 and they also stated that many European countries have already recognized this right and the Orissa High Court became the first institution in the country who emphasized on the implementation of this right.
Also, as discussed above, there is a provision which allows for the appointment of an adjudicating officer. The flaw in this provision since, first, the individual still does not get the right to remove his personal data since it is upon the determination and discretion of the officer to determine whether to remove or not remove it. Second, India is a country where the problem of corruption is deep-rooted and there may be instances where the adjudicating officers can be bribed and thus the individual’s personal data might not be removed.
What is the Solution to the Proper Implementation of this Right?
One of the options which can be exercised for the proper implementation of the Right to be Forgotten is end-to-end encryption which is used by WhatsApp. But, what is end-to-end encryption? Before we discuss end-to-end encryption, let’s first learn about the term ‘encryption’. An encryption is an old technique which was used during the World Wars in which the message was converted into an indecipherable format. The encryption, in this modern era, is computer generated. In this, a normal encryption is generated in which the data by the sender is deciphered by middlemen and then is encrypted again for the receiver. In such a case, the deciphered data remains with the middlemen. Thus this encryption gave rise to a new technology called end-to-end encryption.
End-to-end encryption is a more secure form of encryption where the role of the middlemen is totally absent and thus the cipher remains undisturbed but like everything thing in this world has pros and cons, end-to-end encryption has the biggest con which that it will provide a safe space for the criminals to conduct illegal activities like transferring of illegal money, etc.
Another reason for which the encryption technology cannot be implemented in India is because encryption is not illegal in India. Thus, there is no bar on anyone for encrypting the messages and data and transferring it to anyone and would also prove to be a hindrance in the recently recognized right to privacy in the domain of economic activities in cyberspace.
The bottom line of the above discussion is that the Right to be Forgotten would be a highly beneficial legislation for India but such legislation would have to balance with other laws which might be a herculean task. If a balanced legislation is not achieved in respect to Right to be Forgotten then it would lead to a lot of troubles such as terror funding operations, drug cartels, etc. and thus in my opinion, some way or the other, it will also violate the right to privacy. So, the Orissa High Court has taken a commendable step but it will take a long time to implement such a right in India.
Libertatem.in is now on Telegram. Follow us for regular legal updates and judgments from the court. Follow us on Google News, Instagram, LinkedIn, Facebook & Twitter. You can also subscribe to our Weekly Email Updates. You can also contribute stories like this and help us spread awareness for a better society. Submit Your Post Now.