- Is it legal in India to exercise the Right to Be Forgotten?
- While protecting RTBF in India, what aspects of freedom of speech and public interest should India pay attention to?
- Can we say that the Right to Be Forgotten concept is well-contained in India’s newly proposed Digital Personal Data Protection Act, 2023?
Abstract
Several countries across the globe have already recognised The Right To Be Forgotten (RTBF) in their data protection frameworks, however, one area in which India has been missing is that there exists no explicit statutory right of recognition. For instance, this issue should ideally be addressed by means of a comprehensive legislative provision instead of disconnected and developing judicial interpretations to handle cases involving the RTBF in India. It leads to gaps that would depend on the interpretation of courts, and this doesn’t provide predictability or uniformity when it comes to privacy protection.
In this regard, one of the first and foremost judicial recognitions to address the RTBF in India was passed by the Delhi High Court under the case styled as Sri Vasunathan v. The Registrar General (2017). The Karnataka High Court also responded to a plea which sought for the removal of name of an alleged woman accompnainting whitey reddy in his rooms from all online platforms and search engine results EXCEPT those referred by Honble Justice Kumaraswamy J. Her father, who is the petitioner in the case, claimed that continued access to judgment was stigmatising his daughter and trampling upon her liberty and future. In deciding that the appellant should remain anonymous forever, under conditions to be implemented by Google and any other search engines that might index her name, they recognized not merely a risk of further harm but an ongoing danger from continued easy access over the internet to their restored personal information (emphasis added).
It was an incremental judicial response in the right direction; a movement away from traditional Indian jurisprudence that always gave primacy to equitable justice and sympathy as opposed to enforced law imperatives, especially in cases of women or personal reputational interests. The ruling underscored the importance of weighing competing rights, like privacy and free expression, or open justice. But, the Court also emphasized that a demarcation has been maintained as only in certified physical copies of the judgment and on the official website of the High Court, her name shall still be found , which would maintain authenticity /integrity/judicial records.
However, given this realization, there is still no statutory way in India that translates into the missing policy letter or NOP from Google. Courts in India will remain the primary forum for allowing this right unless and until a specific legal provision is enacted (as part of the data protection regime). This could lead to ad hoc determinations on a case-by-case basis regarding what should necessarily qualify as an exception under ‘the right to be forgotten.
Keywords
Right to Be Forgotten, Data Protection Act, 2023, GDPR, Puttaswamy Judgment, Judicial Interpretation, Freedom of Expression, Informational Autonomy, Right to Privacy, Data Erasure, Online Reputation, Personal Data, Supreme Court of India, Legal Framework, Technology and Law, EU Data Protection Law, Constitutional Rights, Indian Jurisprudence, Privacy vs. Public Interest, Anonymity, Internet Regulation, Privacy Legislation in India, Consent and Data Sharing.
Introduction
We are in the modern world of digital technology, where the way we exist and what we identify with is digital. The rampant sharing of data not only limits our freedom to act on our own and makes it much easier but also has other negative consequences in that the information is more accessible. The trend in criminal activities regarding identity fraud, kidnapping of terrorists, ID theft, and theft of military intelligence is a clear demonstration of the fact that human privacy is being corrupted. It should be noted that, exactly knowing the new branch of memory privacy, most countries started to be more interested in the issue. The first attempt was the General Data Protection Regulation (GDPR) of Europe. India, inspired by the EU and other countries, also made significant changes to the data protection framework. The recognition of privacy as a part of an individual’s life took place when the Supreme Court declared that privacy is a fundamental right in Justice K.S. Puttaswamy v. Union of India. Afterward, the B.N. Srikrishna Committee came up with the draft of the Personal Data Protection Bill in 2018, which explicitly included the Right to Be Forgotten (RTBF) as one of the rights of data principals. But, the revised Bill introduced in 2019 was slammed as being full of inadequacies and over-complications, leading the government to pull it out for the consideration of 81 amendments from the public. The new acts of legislation imply not only the challenges that are faced in resolving conflicts between privacy rights and freedom of expression, national security, and technological innovation, but also reveal the provisions that are needed to represent the development of data governance in India in the coming years.
The main focal point of the article is the legislative patterns and ways to protect privacy rights by the Right to Be Forgotten (RTBF) and other subject rights to maintain a more rights-based data protection system in India.
Although the “right to be forgotten” or “Right to be erased” is recognised internationally, it lacks legal recognition within India’s data protection framework. This right allows an individual to have control over their data by allowing them to request its removal from websites or digital platforms where the information is no longer needed or where the consent is removed. It’s a digital privacy right that empowers an individual to get their content removed that may cause defamation or identity crises. The origin of the Right to be forgotten can be traced back to the “Right to Oblivion” From the French jurisprudence. This right is not new, it originates from the Landmark “Google Spain” case ruling of 2014 by the Court of Justice of the European Union (CJEU), which required Google to remove ‘inadequate, irrelevant, or no longer relevant’ data upon request. Since then, several countries—including Canada, the UK, and Japan—have developed similar legal protections. For the first time after this case, the right to be forgotten was codified and found in the General Data Protection Regulation (GDPR), the right to be forgotten is found in Art. 17(2) of the GDPR.
According to Article 17 of GDPR, the right to be forgotten means: Data Subjects have the right to obtain erasure from the data controller, without undue delay, if one of the following applies:
1. The controller doesn’t need the data anymore.
2. The subject withdraws consent for the processing with which they previously agreed to (and the controller doesn’t need to legally keep it [N.B. Many will, e.g., banks, for 7 years.])
3. The subject uses their right to object (Article 21) to the data processing.
4. The controller and/or its processor is processing the data unlawfully
5. There is a legal requirement for the data to be erased
6. The data subject was a child at the time of collection (See Article 8 for more details on a child’s ability to consent)
However, the Right to Be Forgotten does so with certain exceptions in cases involving freedom of expression, legal obligations, public health, public interest research, or the exercise or defence of legal claims.
While numerous countries legally recognise the Right to be forgotten, India currently lacks to give it explicit legal recognition, relying instead on fragmented judicial interpretations. India’s first judicial recognition of the Right to Be Forgotten came in Sri Vasunathan v. The Registrar General (2017), the Court directed that the name of the petitioner’s daughter be removed from public internet search results and anonymized in online versions of the judgment to safeguard her privacy and dignity. This would be in line with the trend in Western countries to apply the Right to Be Forgotten in sensitive cases, especially those involving women or issues affecting their reputation. Still, the Court maintained that her name would not be anonymous in certified copies or on the court’s official website.
In contrast with the above-mentioned opinion, Gujarat High Court Dharamraj Dave v. State of Gujarat pointed out that there is no attracted law to remove judgments from Google search or Indian Kanoon, and petitioner does not have sufficient arguments to prove “uploading judgment on the Internet is a violation of Article 21 of the Constitution.” These cases demonstrate the lack of a legal framework and the inability of the judiciary to interpret the right to be forgotten. So, India requires specific Data protection Laws to protect the right to be forgotten.
Following the EU’s 2016 precedent, in 2017, the Supreme Court in the Landmark case of Justice K.S. Puttaswamy v. Union of India recognised that the Right to be forgotten is an element of the right to Privacy under Article 21 of the Constitution, but clarified that it is not an absolute right. It can be limited in cases involving public interest, legal obligations, or freedom of expression.
After the Justice K.S. Puttaswamy judgment, the Government of India decided to constitute a committee of Experts to regulate Data Protection Laws in India. The Indian government formed a committee led by Justice B.N. Srikrishna, which released a 2017 white paper proposing a data protection framework. It emphasized valid consent, child protection, purpose limitation, data erasure post-fulfilment, and individual rights to confirm, access, and rectify personal data. It also discussed balancing the Right to Be Forgotten with free speech and determining liability for non-compliance.
Over time, the Indian Jurisprudence has started giving acknowledgement to the Right to be Forgotten, especially in sensitive cases involving women and reputationally harm.
Kerala High Court (December 2023) The Court decided that the Right to Be Forgotten could not be used as the reason for the violation of open justice in the ongoing court cases. It was emphasized that the requirement for the legislature’s clarity and the right might be taken into account, depending on many case-specific factors like the passage of time and nature of the offence.
Himachal Pradesh High Court (July 2024) The Court has tasked that the only reasonable cause for deleting the name of the guilty party in a rape case should be the positive result of the case, and the name of the victim should have been deleted as well. This was characterized by an increasing judicial awareness of privacy after an acquittal as the main features of the judgment, returning the themes of privacy by one of the authors.
Supreme Court Order (July 2022) The Court instructed the search engine operators to delete the details of a couple who were in a marital conflict from the search engine results, thereby strengthening the interpretation of the Right to Be Forgotten and also calling for an internal registry to be established to protect digital privacy.
Research Methodology
One of the two methods adopted in this work is doctrinal, or analytical, with secondary sources forming the paramount basis for conduct. It engages in the intensive study of various sources of legal literature-such as constitutional provisions, statutes, case law, committee reports, academic commentary, and policy papers. The work constitutes one of the major strands of research into the development, recognition and application of RTBF within the Indian legal context, while comparisons and contrasts are simulated with international developments, especially with the General Data Protection Regulation (GDPR) from the European Union, which can be almost universally recognized as the global benchmark in data privacy jurisprudence.
The study contends with comparative legal research to explain how other jurisdictions, particularly those with well-entrenched data protection laws, have recognized and implemented RTBF. This comparative study would also bring to limelight areas where India faces drawbacks, opportunities, and challenges in assimilating RTBF into its data protection regime. Special emphasis is laid on landmark Indian cases, such as Justice K.S. Puttaswamy v. Union of India, Sri Vasunathan v. The Registrar General and others, which have provided interpretational aid in the absence of a codified statute.
Since no provision exists to identify RTBF legislatively at this stage in India, the research is to a large extent reliant on judicial pronouncements, governmental white papers, expert committee reports, etc.
Review of Literature
One of the major issues with the right-to-know law in India, as of today, is a low degree of awareness in the judiciary, even though the court has applied this law on numerous occasions in actual practice without any statutory basis. When the Supreme Court in the case of Justice K.S. Puttaswamy v. Union of India (2017) ruled that privacy is a fundamental right under Article 21 of the Constitution, they not only established a basis for such derivative rights like the RTBF but also made it legally doable. In a different inscription, the Karnataka High Court in its judgment in Sri Vasunathan v. The Registrar General (2017) directed to keep the name of the lady in the written order. This preserved the dignity of the woman. The decisions like the one in the case of Dharamraj Bhanushankar Dave v. State of Gujarat (2017) created a lot of discussions, showing that the lack of legal situations is pretty visible.
Suggestions
Due to this changing realm of privacy and the nature of personal data protection, RTBF needs to be recognized and enforced through concrete legislation in India. While courts have occasionally held this right, relevant legislation governing the matter is yet to be in place, thus severely limiting available remedies in the event of violations. This calls for an emergency enactment of RTBF, rigorously stipulating criteria for eligibility, a precise official procedure, and also, the timeframe within which the removal of all requests must be addressed. Within special protection must be afforded to victims of sexual offences, especially within rural and tribal areas where, notwithstanding the legal norms, the names of rape victims are sometimes made publicly available leading to irreparable harm and social ostracisation. The other case pertains to the digital age, where false or defamatory information aimed at revenge or harassment must be able to be taken down by the afflicted party immediately.
A Data Protection Tribunal or Ombudsman should also be considered in India that ensures and guarantees that RTBF claims are resolved much quicker than the present judiciary can obtain the capacity for. Strengthening the whole enforcement mechanism, including compensation for the whistle-blowers for failure on the part of the platform and intermediaries to go into the merit of the claim, would offer a huge improvement in the exercise of RTBF. To protect privacy, the freedom of expression is grounded.
Conclusion
“Right to be forgotten” is becoming very important for the legal aspect as well as the technical aspect. Due to technical complications, legal provisions for such a right are also becoming complex. Now, as “Right to be Forgotten” is increasingly being viewed as a part of the right to privacy. When we talk about “Right to be forgotten”, the information will be considered true, so the right to free expression and publication could not be overshadowed by “Right to be Forgotten”.
In India, the RTBF has not yet been codified in the law. Despite its judicial approval, especially Landmark Justice K.S. The decision in Union of Puttaswamy vs India, and the absence of a broad statutory structure, depend on individuals’ fragmented and inconsistent judicial interpretations. This creates ambiguity and unequal access to privacy security, especially for weaker groups such as women, minors and criminal allegations such as weaker groups. The judiciary has shown an increasing desire to identify RTBF in sensitive matters; However, without clear legislative guidance, its implementation is uncertain and uneven.
Furthermore, advocating the RTBF, it is equally important to balance it against the right to reach the rights of the public with the fundamental right to speech and freedom of expression. RTBF should not become a tool for censorship or historical revisionism, especially in matters associated with public interest, accountability, or legal obligations. Therefore, a fine and case-by-case app guided by clear legislative standards is required to prevent misuse, ensuring fairness.
In light of the increasing recognition of digital privacy as a human right, it is mandatory for India to adopt a specific and applied legal provision that defines and controls the right to forget. The newly enacted Digital Personal Data Protection Act, 2023, provides a promising foundation, but requires more clarity and strong procedural mechanisms to operate RTBF in a meaningful manner. Only with such legislative support can individuals gain control over their digital life and ensure that their past does not do injustice to their future in the age of the Internet.
Author,
Name- Madhura Nitnaware
College- ILS Law College, Pune
(5th Year BA LLB)