Unlike the previous eras, where one’s past could be referred from the old photographs and fading memories, the digital world creates immortality within the internet. The world of the internet makes it impossible to thoroughly forget any information posted on it. Even a dead person can now stay alive in the digital sphere. While the internet data is of great use many times, but it can be harmful when such data causes detriment to the reputation of the data subject. Such information portrays a negative image and passes a wrong message to the viewers. This can cause adverse effects on the data subject such as mental trauma, social harassment, depression etc.
A person enjoys the Right to Privacy and therefore has a right to get such information erased from the perpetuity of the internet.
Table of Content:
- Initiation of the Right to Be Forgotten
- Google Spain SL, Google Inc. Agencia Espanola de Proteccion de Datos
- Facts of the Case
- Ruling of the European Court of Justice
- Right to Be Forgotten Under the Indian Scheme
- Right to Privacy
- Personal Data Protection Bill, 2018
- Right to Erasure and Right to be Forgotten under Personal Data Protection Bill, 2019
- Criticisms of the 2019 Bill
- Ashutosh Kaushik’s Right to Be Forgotten Case
- Contentions of the Counsels
- Suggestions and Conclusion
Initiation of the Right to Be Forgotten
“Right to Be Forgotten” (hereafter referred to as RTBF) introduced in 2014 by the European Court of Justice in the Google Spain case, provides the right to the data subjects to get their personal information removed from the online databases. In the European Union, RTBF is being recognized as a statutory right under the General Data Protection Regulation (hereafter referred to as GDPR). The GDPR contains an explicit RTBF.
According to the European Union GDPR’s website, the right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the regulation, which states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”.
Google Spain SL, Google Inc. v. Agencia Espanola de Proteccion de Datos
Facts of the Case
In 2010, Mr. Costeja Gonzalez, a national resident of Spain, complained with the Spanish Data Protection Authority, AEPD against a daily newspaper publisher (La Vanguardia Ediciones SL), Google Spain and Google Inc.
Gonzalez, the complainant, contended that as he searched for his name in Google’s search engine, two results appeared that displayed links of two pages of the La Vanguardia’s newspaper. The pages in particular contained an announcement where name of Mr. Gonzalez appeared for a real-estate auction connected with the attachment proceedings for the recovery of social security debts.
Thus, Mr. Gonzalez requested: –
-
- La Vanguardia to remove or alter those pages so that the personal data relating to him no longer appeared or to use certain tools made available by search engines to protect the data; or
- Second, he requested that Google Spain or Google Inc. be required to remove or conceal the personal data relating to him so that these were no longer included in the search results and no longer appeared in the links to La Vanguardia.
Complainant Gonzalez contended that the attachment proceedings had been long resolved and thus reference to them are now irrelevant.
The AEPD rejected the complaint stating that the information’s publication in question is justified as it was done on the order of Ministry of Labour and Social Affairs and it was intended to give maximum publicity to an auction to secure as many bidders as possible. However, the complaint was upheld in so far as it was directed against Google Spain and Google Inc. The AEPD considered operators of search engines are subject to data protection legislation given that they carry out data processing for which they are responsible and also act as intermediaries in the information society.
Consequently, two actions were brought by the Google Spain and Google Inc. before the Spanish High Court, claiming that the decision of AEPD should be annulled.
Ruling of the European Court of Justice
The European Court of Justice upheld the complaint of Mr. Gonzalez and ordered for removal of the published information when it is “inadequate, irrelevant or no longer relevant or excessive. The ruling came to be known as the “right to be forgotten”
Right to Be Forgotten under the Indian Scheme
Right to Privacy
In a landmark judgement, in the case of Puttaswamy v. Union of India, the Supreme Court interpreted ‘informational privacy’ as a fundamental right derived from Articles 14, 19 and 21 of the Constitution of India. Hence, the Indian Constitution guarantees the protection of one’s personal data.
In the instant case, the nine Judge Bench unanimously held that the Right to Privacy was a constitutionally protected right in India. The Court reasoned that privacy is an incident of fundamental freedom or liberty guaranteed under Article 21 which provides that: “No person shall be deprived of his life or personal liberty except according to procedure established by law”.
Personal Data Protection Bill, 2018
In order to deliberate on the topic of data protection, the Union Government constituted a Committee in 2017, headed by the retired Supreme Court Judge Justice BN Srikrishna. Thus, the Committee in 2018 proposed a draft Personal Data Protection Bill (hereafter referred as 2018 Bill).
The move to bring a new legislation in the country for ‘data protection’ came after Privacy was declared as a fundamental right by the Supreme Court in the Puttaswamy case.
The Bill also introduced RTBF. It refers to the ability of an individual to limit, delink, delete, or correct the disclosure of personal information on the internet that is misleading, embarrassing, or irrelevant.
Right to Erasure and Right to be Forgotten under Personal Data Protection Bill, 2019
Taking inspiration from the 2018 Bill, the Personal Data Protection Bill, 2019 (hereafter referred to as 2019 Bill) was introduced. However, the 2019 Bill differs from what was recommended by the Srikrishna Committee. The 2019 Bill was introduced in the Lok Sabha by the Minister of Electronics and Information Technology, Mr Ravi Shankar Prasad.
The 2019 Bill specifically recognizes the Right to be Forgotten.
Section 18 of the 2019 Bill, provides the following rights of correction and erasure, namely the right to-
- get corrected inaccurate or misleading personal data,
- get completed any incomplete personal data,
- get updated personal data that is out-of-date, and
- get erased personal data which is no longer necessary for the purpose for which it was processed.
Though the first three rights were also provided by the 2018 Bill, the fourth right of erasure of personal data belonging to the data principal held by the data fiduciary if it is no longer necessary for the purpose for which it was processed, has been introduced for the first time in the 2019 Bill.
Section 20 of the 2019 Bill gave an individual the right to restrict or prevent the continuing disclosure of their personal data when such data-
(1) has served the purpose for which it was collected, or is no longer necessary for said purpose;
(2) was made with the consent of the individual, which consent has since been withdrawn; or
(3) was made contrary to the Bill or any law in force.
However, this right is enforceable only on an order passed by the Adjudicating Officer appointed under the Bill. While passing such an order, the said officer is required to take several things into account, including-
(1) the sensitivity of the personal data;
(2) the scale of disclosure and degree of accessibility that sought to be restricted or prevented;
(3) the role of the individual in public life;
(4) the relevance of the personal data to the public, and
(5) the nature of the disclosure and of the activities of the individual.
Criticisms of the 2019 Bill
- Forcible sharing of the non-personal information
The 2019 Bill mandates the companies to share non-personal data (it includes aggregated data through which individuals cannot be identified) with the government on the grounds of public good and planning purposes. This can cause privacy concerns for the companies which store their trade secrets in the form of non-personal information.
- Major Exception to the Central Government
After having provided privacy safeguards, Section 35 of the 2019 Bill empowers any agency of the Government to bypass any of the provisions of this Act, in respect of the processing of such personal data in the following circumstances-
-
- in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order; or
- for preventing incitement to the commission of any cognizable offence relating to sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order.
According to the recommendations of the Srikrishna Committee, surveillance should be done firstly, by an authority authorised by law and then secondly, in accordance with the procedure established by the law. Such recommendations are in line with the judgement in the case of Puttaswamy.
But, the 2019 Bill disregards such recommendation by laying all the powers in the hands of the Central Government. This raises serious issues of transparency and accountability.
Ashutosh Kaushik’s Right to Be Forgotten Case
Ashutosh Kaushik, the winner of the MTV Hero Honda Roadies 5.0 in 2007 and the Big Boss second season in 2008 has moved Delhi High Court with a plea of issuance of orders to Google and other relevant entities to remove the posts, images, videos and anything related to the incident in which he was involved a long time back. The actor contended that the presence of the incidents on the internet has become a source of pain for him.
The incident referred by him was of his altercation in a cafe situated in Mumbai and the second incident was related to a drunken driving case.
He contended the Court that the images, videos and the information relating to the incidents should be removed from the internet as the RTBF entitles the individual to get the unnecessary personal information erased.
Contentions of the Counsels
The counsel representing google contended that India lacks a law on the RTBF.
Whereas, the counsel representing Ashutosh Kaushik contended that though India lacks a definite law on RTBF, it is contended by the Supreme Court that ‘Right to Privacy’ is an integral part ‘Right to Life’ under Article 21 of the Indian Constitution.
While the case is still going on, Ashutosh Kaushik has stated that the court has also accepted that the videos related to this case are harming his personal life.
Suggestions and Conclusion
Protecting one’s personal data has become the need of the hour, as its misuse can lead to heavy losses. The 2019 Bill is a great initiative by the government towards the protection of data provided its lacunas are filled as they can hamper its effectiveness.
The Government must inform the companies in advance about the information from the non-personal data needed by them. Further, it is also necessary for the government to decentralize the power given to it under Section 35 of the 2019 Bill.