Home Constitution RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

The recent recognition of the right to be forgotten (RTBF) by the Karnataka High Court has given commentators and thinkers an unparalleled opportunity to delve deeper into the jurisprudential basis of the right and to pontificate upon the broader ramifications of this landmark development.[1]

In the instant case, the High Court accepted a father’s plea to mask his daughter’s name in the cause title of a criminal petition in which she was a Respondent and to remove any references to her, relating to the aforesaid Petition, on the Internet. In the concluding paragraph of its judgment, the Court noted that its directions are in consonance with the recently recognized RTBF which can be applied in cases that involve women or are otherwise of a highly sensitive character.[2]

While the Court’s recognition of the right is a welcome development, it is dismaying to note that the court did not spell out the width or amplitude of the right in any meaningful way. As a matter of fact, the Court’s remark that its directions would be in keeping with the global recognition of the RTBF appears more to have been made in passing as opposed to a conclusion arrived at on the basis of any serious deliberation. Further, a petition has also been filed in the Delhi High Court, praying for the judicial recognition of the RTBF.[3]

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

Due to its next hearing in February 2017, this petition carries with it significant potential for debate surrounding the formulation of this right in Indian constitutional law. In an unregulated environment, online rights giving rise to recurrences of revenge pornography, cyber-squatting, and trolling, it is critical to examine how this right can form a part of the constitutional scheme in India and thereby serve as an instrument for alleviating some of these concerns.

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

WHAT IS THE RIGHT TO BE FORGOTTEN

The Court of Justice of the European Union (CJEU) in its landmark Google -Costeja[4] judgment (2014) defined it as the right of individuals (under certain conditions) to require search engines to erase links containing “inaccurate, inadequate, irrelevant or excessive” personal information about them.[5] This right, however, is not absolute and must be:

  1. balanced against other fundamental rights such as the freedom of speech and expression and,
  2. developed on a case-to-case basis.

Further, the CJEU held that private search engines such as Google, were ‘controllers’ of personal information about users, and as a consequence of providing a ‘structured overview’ of them, would be obliged to address customer’s privacy interests protected by Articles 12 and 14 of the European Data Protection Directive.[6]

In carving out the RTBF, the CJEU adopted a principled balancing of rights between free speech and censorship, re-iterating Europe’s Hegelian understanding of privacy. Significantly, the court’s nuanced understanding of the RTBF is best evidenced by the fact that it held that data subjects would be able to press this right into service in order to compel search engines to remove personal information even in cases where the information could not be removed by the publishers themselves.

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

Finally, it was held that in the balancing exercise, consideration would have to be afforded to:

  1. the type of information,
  2. its sensitivity to the data subject’s life and
  3. the interest of the public in accessing that information.

Decisions such as Google-Costeja and Max Mosley are reflective of the increasing willingness by Courts across jurisdictions to overlook jurisdictional limitations and address the internet as a single rights territory. This is especially significant, given that the RTBF has not received any statutory or legislative recognition by any country thus far. More specifically, even though the Google-Costeja ruling was founded upon an interpretation of Directive 95/46 of the European Parliament which was construed in such a way as to read the RTBF within its ambit, the Directive does not flesh out the contours of the right.

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

It is only recently that the EU has accorded legislative recognition to the right, through its Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data which will come into force in May 2018 (EU GDPR Regulations).

The Regulation makes it clear that every data subject must be given the right to demand that content concerning him be removed in case any of the situations contemplated therein are applicable, such as the content no longer being relevant, being stored without the data subject’s consent, being processed in an unlawful fashion or the erasure being mandated by a legal obligation. The Regulation specifically emphasizes the need to allow for the exercise of this right when the content was taken from the data subject as a child.

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

At the same time, however, it recognizes the need to balance this right with other compelling interests, such as the freedom of expression and storing the data for archival purposes. Finally, recognizing the need to enable the exercise of this right in cyberspace, the Regulation casts an obligation on data controllers to take effective steps for the removal of the concerned content that is stored digitally.

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

Similarly, the South Korea Communications Commission released guidelines on the RTBF last year in accordance with which a person can get content that was posted by him or any third party about him removed on supplying the concerned intermediary the URL to the posting along with proof that the post was published by him and grounds warranting the removal.

In certain exceptional circumstances, when the removal would be contrary to the public interest or when the removal of the content is prohibited by any statute, such a request can be turned down. Third parties can get the content reinstated by proving that the content in question was published by them. Likewise, in the United States, California has enacted a law that allows adults to erase the content that was posted by them as minors, and Illinois and New Jersey are contemplating a similar law.[7]

RIGHT TO BE FORGOTTEN: CRITICAL ANALYSIS

An online privacy bill has also been in the works for a significant time period now which, if passed, would make this facility available to all adults across the country. Pertinently, these state laws and the proposed federal law only grapple with the right of the data subject to erase the content that was posted by her in the past; they do not empower them to get the content that is posted about them by third parties removed, as is contemplated by the EU Directive.[8]

Keeping the above discussion in mind, it would be apposite to briefly examine the constitutional debate surrounding the adoption of the RTBF in India, with special reference to its nature, existence, and enforcement. Our current legal scheme under the Information Technology Act and the Intermediary Guideline Rules offer little jurisprudential service to a constitutional debate.

More specifically, the Guidelines were formulated with the basic objective of articulating the principles in accordance with which Internet intermediaries must deal with requests for the removal of content that is considered objectionable and falls within the four squares of the prohibited categories outlined in the Rules.

Ergo, the Guidelines do not grapple with the RTBF in any meaningful sense. Also, these Guidelines were framed before the ECJ recognized this right and its judicial/legislative recognition by other countries, so it is no surprise that the Guidelines are of little help in acquiring a deeper understanding of the jurisprudential scope of the right in India. Further, it is widely advocated that a positive reading of Article 19(2) of the Constitution, in line with Romesh Thapar, grants that free speech applies to the entire electronic media.

However, a somewhat extra-constitutional scheme exists within the guidelines, by way of widely worded categories of prohibited content through the use of such terms as grossly harmful or harassing. Further, the element of prior restriction on the freedom of speech is self-evident through a harmonious construction of Section 79 of the IT Act[9] and Rules 3(2) and 3(4) of the guidelines, which vests the State with wide and sweeping powers. Naturally, therefore, our current legal scheme is altogether premised on an anti-free-speech paradigm, thereby undermining the qualitative analysis a functional reading requires.

There has, however, been substantial constitutional recognition of the key components of the RTBF by way of progressive judicial pronouncements. In light of the fact that the right is still in its infancy, an analysis of the comparative jurisprudence across the EU, U.S.A, Germany, Finland, and Australia helps us ascertain its key elements and acquire a deeper appreciation of the manner in which the right can be incorporated into Indian constitutional law. The following sections attempt to flesh out the contours of the RTBF within the framework of Indian constitutional law.

CONTEXTUALISING THE RIGHT TO BE FORGOTTEN IN THE INDIAN

CONSTITUTION

Article 19(1)(a) of the Constitution ensures the freedom of speech and expression to the Indian citizens, subject to certain restrictions under Article 19(2), which allows the State to make laws that limit the right. Free speech jurisprudence in India has been grounded sufficiently to counter the anchoring of the right to be forgotten and make it incompatible with the Constitution, as will be established in the following sub-sections.

The first categorization by Fleischer envisages the situation where the data subject posts personal data himself. The right to be forgotten allows the data subject to delete the information that they post online on grounds that the content is no longer relevant for the purpose that it was created;[10] the data subject withdraws his consent;[11] the data subject objects to the processing of the data;[12] personal data has been unlawfully processed et al. This right is not problematic as the privacy policy of most sites allows the user to take down the content that they upload.

The second categorization posits an inquiry pitting the right to privacy of the data subject against the right to expression of the third party. Freedom of speech and expression under Article 19 of the Constitution allows the third party to post personal data of the data subject onto their own site. Asking the data controller to delete the link warrants the need to balance the two aforementioned rights and places the onus on the private entity to strike the correct balance.

The right to privacy has not been accorded explicit constitutional status in India, as opposed to the ECHR, which establishes the right to privacy as a fundamental right. The Indian privacy discourse has been carved out of Article 21 of the Constitution and has evolved through judicial precedents.

The recognition of the right to privacy under Article 21 was explored in Subbarao j. dissenting opinion in the case of Kharak Singh v. State of Uttar Pradesh,[13]  where he averred the existence of a right to privacy within the right to personal liberty. This dissenting opinion went on to become the majority decision in Gobind v. State of Madhya Pradesh,[14] which firmly established the emanation of right to privacy from Article 21 of the Constitution.

However, the privacy jurisprudence remains restricted in scope, with the right only evolved with respect to breaches appertaining to surveillance. Indian discourse has not developed to the extent the EU’s has, which is evident from the fact that India still lacks a privacy regulatory bill or a data protection regulation, in consonance with international standards of the same. Further, in India, the right to privacy can only be claimed against the State.

The Court in Petronet, undertook an extensive analysis of the contention whether the right to privacy vests in juristic persons, or in non-State actors and emphatically held that the right can neither be enforced against non-State actors nor does it vests in juristic persons.

Moreover, for our analysis, it is pertinent to note the ratio in Rajinder Jaina v. Central Information Commission.[15] The case involved a petition that contended that a writ petition filed under the Right to Information Act, 2005 infringed the right to privacy of the petitioner. The case was dismissed on the ground that the aforesaid information was part of the public record, and thus, the right to privacy did not accrue to it.

Similarly, in R. Rajagopal v. State of Tamil Nadu[16], the judges affirmed that the right to privacy, though implicit in Article 21, was not absolute. The right would give way when the information already subsists in public records. Thus, once certain data is posted, it leaves the absolute control of the data subject, it can validly be utilized by someone else.

Juxtaposing the second categorization by Fleischer against the present privacy discourse in India affirms that the data subjects’ rights would not override the freedom of expression of the third party. This can be surmised as first, the right to privacy is not available against non-State actors. Thus, a search engine, like Google, or a private third body are not legally bound to respect the privacy of the data subject. And second, by posting the content online, the information pertaining to the data subject becomes a part of the public domain and can be transmitted further. Thus, the right to privacy does not accrue in the second categorization either.[17]

The third categorization by Fleischer deals with claiming the right to be forgotten against subject matter relating to the data subject that is posted by a third party. The GDPR allows the right to be forgotten to be claimed in such cases too. It is submitted that such an approach would be a violation of freedom of expression of the third party.[18]

Article 19 allows the citizens the freedom to express, subject to certain restrictions imposed by laws and statutes legislated by the State. Thus, a textual reading of the Constitution prevents the benefit of restrictions under Article 19(2) from accruing to private citizens.[19]

Hence, the right to be forgotten cannot be effectuated in India without a statute permitting such a right, as otherwise the freedom of expression would trump the right to be forgotten in all cases since Article 19 would guarantee an absolute right to freedom of expression to a third party against the person claiming the right to be forgotten. This result would entail largely due to the fact that the reasonable restrictions envisaged under Article 19(2) to Article 19(6) can be imposed only by a law made by the State, and not by a private entity.

Thus, the subsequent section will analyse the potential pitfalls that could be faced if legislation akin to the present framework of GDPR were to be enacted in India and could thus, impose reasonable restrictions on the right to freedom of speech.

EXCESSIVE DELEGATION TO A PRIVATE ENTITY

Under the GDPR, the right to be forgotten entails an evaluation by a private entity like Google as to whether the link that is requested to be deleted satisfies any of the grounds of removal enumerated under Article 17. By delegating the power to evaluate the legality of the right “right to be forgotten” request to a private entity with no substantive guidelines, the private bodies would be expected to balance the two rights- right to privacy and right to free speech, a traditionally adjudicatory role.

This is hugely problematic because a private entity that is guided by profit maximization, does not take public welfare into account. Hence, under the proposed GDPR framework, private entities would tend to comply with the request of erasure rather than uphold the link, because of the enormous sanctions contemplated on non-compliance with the request. The direct effect of the right to be forgotten would then be to infringe Article 19 through private censorship.

Assuming that a right to be forgotten is enacted in India and an executive body is delegated with the onus to decide, on an ad-hoc basis, which right to be forgotten requests are to be complied with, even then such a body would suffer from illegality due to non issuance of any explicit principles guiding the body how to decide which requests are legitimate enough to trump the right to free speech.

This is due to the Doctrine of Excessive Delegation which restricts the delegation of power to an executive body to make regulations without outlining the standards for guidance by the Legislature.[20] Legislations have consistently been struck down in cases wherein no legislative guidance was issued on how to exercise the delegated power. In the absence of any discernible guidelines, such a delegation would be unconstitutional.[21]

VAGUENESS OF TERMS IN GROUNDS OF REMOVAL

The “right to be forgotten” request has to be complied with when the information put up by the third party is inadequate, irrelevant or no longer relevant or excessive. The ambiguity of the terms allows wide discretion to be exercised by the private bodies in evaluating each request, which might lead to abuse. It has been held that a statute can be void for vagueness if the restrictions imposed are not explicated intelligibly.

Vague statutes are unconstitutional as they violate the rule of law by not granting a fair warning to the citizens before penalizing them.[22] The terms employed in the right to be forgotten are not grounded in constitutional discourse; rather they are left open-ended and subject to personal proclivities, hence would be liable to be struck down for vagueness and ambiguity, in case such terms were to be employed in a statue effectuating the right to be forgotten in India.

OVER-BROADNESS OF RIGHT TO BE FORGOTTEN

A statute is overbroad if the restrictions delineated therein are not constitutionally valid. The restrictions enumerated under Article 19(2) are exhaustive and nothing which is not included under Article 19(2) can be read as a permissible restriction on right to freedom of speech. This was demonstrated emphatically in ShreyaSinghal [23] wherein Nariman J. struck down Section 66A of the Information Technology Act, 2000 by stating that restrictions such as information that may be grossly offensive or which causes annoyance or inconvenience are undefined and hence are violative of Court’s exhortations that require each restriction on Article 19(1) to be couched in narrowest possible terms.

Similarly, the right to be forgotten in its present form as seen in the GDPR envisages restrictions that are not only vague but also not listed under Article 19(2). Thus, the grounds of removal are impermissible under Article 19(2) and hence the entire conception suffers from over-broadness, effectively rendering it void.

CHILLING EFFECT ON FREEDOM OF SPEECH

The Court in Shreya Singhal has enumerated the chilling effect as one of the reasons for striking down Section 66A of the IT Act. It emphatically stated that due to the vague and over-broad restrictions in Section 66A, it swept innocent speech in its ambit too, and hence was unconstitutional for chilling free speech. Another decision that recognized the chilling effect was S. Khushboo v. Kanniammal [24] that dealt with criminal complaints being filed against the appellant for airing her views on premarital sex.

The Court held that the appropriate action would have been to counter the appellant’s view through social media as opposed to using criminal laws, as disproportionate actions chill the freedom of expression.

The GDPR envisages a hefty fine to be imposed on the data controller on non-compliance with the right to be forgotten request. To circumvent the fine, the bodies would exercise caution and essentially comply with all the requests, rather than risking the fine due to non-compliance. This would lead to a chilling effect on speech as the data controller would be incentivized to remove the links without examining them carefully, and thus deleting the data that might not strictly be protected under the right to be forgotten.[25] The debilitating fine, combined with vagueness and over-broadness of the right to be forgotten, would render the right void for having a chilling effect on free speech.

NON-COMPLIANCE WITH PRINCIPLES OF NATURAL JUSTICE

The principles of natural justice require the other party to be notified and given a chance to argue his case before a prejudicial action is enforced against him. Non-adherence to the principle may vitiate any action taken against the person.[26] For instance in S.L. Kapoor v. Jagmohan and Ors.,[27] the Court vitiated the order of the Lt. Governor against the petitioner for failing to observe the principle of audi alteram partem.[28]

  In the present scenario, the GDPR posits a procedure within the framework of the right to be forgotten that does not require notification of the deleted link to the third party. The procedural scheme does not afford a chance of defence to the third party, which is in explicit contravention of natural justice and thus susceptible to be rendered void.

INDIAN CASE LAW’S ON RIGHT TO BE FORGOTTEN

This issue has recently cropped up in two cases in the High Courts of Karnataka and Gujarat. This commentary divulges into questions regarding the same and seeks whether such a right must be provided in a country like India.

As mentioned before, European Union developed the concept of ‘right to be forgotten’ whereby every individual would have the right to anonymity in context of digital media and online portals. This was echoed in the European Data Protection Directive in 1995 to control the processing of data. This stand was legally solidified in Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos, Mario Costeja González, wherein the Court of Justice of European Union (CJEU) reiterated the theory of right to be forgotten and also, acknowledged the liability of search engines to remove personal data that appear to be irrelevant, inadequate or excessive.

This right has also been sanctioned by the European Union in the General Data Protection Regulation (GDPR). The same shall be brought into application on 25 May 2018. Google on 13 June 2017 released data which showed that it had received about 732,528[29] removal requests involving more than 2,075,155 URLs. Thus, it may now be considered as a constituent of international human rights. Yet, the Indian judiciary, which has from time to time upheld and respected world human rights, has failed to recognise this right or even discuss about the matter in detail.

In Kharak Singh v. State of U.P.,[30] the Honourable Supreme Court recognized the right to privacy as a part of Article21, i.e., right to life and personal liberty. The court also has gone on to hold that right to privacy is an implicit right which includes the ‘right to be let alone’ and to safeguard one’s personal life. No one would have the right to publish such details without his/her permission. However, such a right is subject to publication in public records, including court records.

The Delhi High Court in 2016 dealt with this issue as well. Herein the petitioner pleaded before the court to delete his personal details from search engines involving him in certain legal dispute. The Honourable High Court called upon Google and other online servers to submit their reply to the petition, so that the court could continue its’ investigation regarding the same.

However, it was only in these two recent cases where this concept has been discussed in greater detail. But, both the High Courts have taken opposing stances.

The subsequent cases have put forth the following issues to be discussed for the legislators and the Supreme Court, to be decide upon.

  1. Should ‘right to be forgotten’ be recognized in India?
  2. How ‘right to be forgotten’ shall affect the freedom of speech and expression?
  3. Whether ‘right to be forgotten’ is a recognized international human right which must be respected by India?

The two recent cases, which touched upon these questions, are: Dharamraj Bhanushankar Dave v. State of Gujarat and Ors.[31] and Sri Vasunathan v. The Registrar General.[32]

  1. Dharamraj Bhanushankar Dave v. State of Gujarat and Ors.

A case came up in the Gujarat High Court in 2015, the court, for the first time in India, talked about this concept in its’ judgment dated 19th January 2017. In this case, the petitioner was charged with various criminal offences, including culpable homicide amounting to murder. He was acquitted by the Sessions as well as the High Court. The petitioner filed a case under Article 226 praying for ‘permanent restraint of free public exhibition of the judgment’.

The petitioners’ chief concern was that despite the judgment being declared as ‘non-reportable’, the copy of the judgment with his name was available on various legal portals and could be searched on Google. They contended that the respondents were overzealous and had acted without any authority. It was also alleged the same had affected the personal and professional life of the petitioner. Another argument was that the Registrar of the court has exclusive control over such orders and the respondents would have to power over it to openly display them.

The judgment was parted in form of an oral order by the Honourable Mr. Justice R. M. Chhaya. The court dismissed the petition and held the following:

1. The High Court is a Court of Record.[33]

2. The Gujarat High Court Rules, 1993 provide that copies of any judgments or proceedings can be accessed.

3. The same statute states that only parties to the case can ask for the copies and no other person can ask for them until an order is given by the Assistant Registrar. An affidavit by the third party must be accompanied specifying the grounds for obtaining them.

 4. The petitioner has been unable to prove the violation of any law to be redressed under Article 226. However, his claim does not violate Article 21 of the Constitution.

5. The publishing of any judgment or proceeding on a website would not come under the realm of ‘reportable’ as understood in context of judgments reported in a law reporter.

In the light of the following the observations, the petition was disposed of and the Gujarat High Court did not recognize the ‘right to be forgotten’.

  • Sri Vasunathan v. The Registrar General

The case was filed in the Karnataka High Court in 2016. The judgment of the same was given on 23rd January 2017. In this case a woman, herein after called X, had filed an FIR against a man, Y, involving crimes of grave nature such as forgery, compelling to get married and extortion. She also filed a civil suit for annulment of her marriage with him. She requested an injunction to restrain Y from claiming any marital rights. Later, both reached an out-of-court settlement and the cases were closed.

Subsequently, X got married. However, her father filed another petition realizing that an online search would reveal his daughters’ connections to all the legal disputes. This could result in affecting X’s personal life and her public image. The father pleaded the court to mask X’s name in cause title of the cases and prayed the same for any other copy available at online portals.

In the judgment pronounced by Honourable Mr. Justice Anand Byrareddy, the court observed the following:

1. It was recognized that there was a serious trepidation that X’s name on an online search portal would have repercussions on her relations with her husband and also, on her public image.

2. The petitioners’ special request was accepted and if X’s name was mentioned in any cause title, the Registrar would try to mask the same.

3. However, as far as the High Courts’ website is concerned, if a certified copy is asked for, the petitioner’s daughter would be reflected in the it.

4. It was ordered that it would be endeavor of the Registry to mask X’s name in any internet search on any online public realm.

Thus, the Court upheld the petitioners’ claim and recognized the ‘right to be forgotten. Justice Byrareddy concluded the judgment in the following terms: “This would be in line with the trend in the Western countries where they follow this as a matter of rule ‘right to be forgotten’ in sensitive cases involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned.”

Thus, the court recognized the need to maintain privacy of women in certain delicate and complex cases wherein her status and character are called into question. Such a law could protect them in their personal and social lives from any kind of discrimination or ridicule in public or private lives.

  • Critical Analysis of the High Court Judgments

The question of ‘right to be forgotten’ came up in the Gujarat and Karnataka High Courts, both adjudicating the matter with contradictory views. The Gujarat High Court declared that no one

has the right to prevent publishing of any judicial and public proceedings. The judgment can be seen to be resting upon two elements.

Firstly, the petitioner was unable to satisfactorily provide proof that his fundamental rights, especially Article 21, had been encroached upon by the publishing of the judgment. And since there was no infringement of any right, the court could not take any action. However, here is a flaw. It has been seen that Article 21 is a storehouse of innumerable rights. As mentioned earlier, the right to privacy has been declared a part of Article 21. Herein as well, if the details of the petitioner are released, it could hamper his privacy; revealing issues of his personal life on an online public portal for anyone to see.[34]

The question before the court should have been, whether such a revelation would be considered as a violation of right to privacy; which the court failed to bring under consideration. However, at the same time, such rights are only available against the State; and therefore, their function regarding private parties continues to be uncertain and undecided.

The second aspect was regarding reportable and unreportable judgments. The Supreme Court in its’ 2008 judgment held that a law reporter publishes both reportable and non-reportable judgments. In the present case as well, the court clarifies that the term ‘reportable’ would be only in regard to a law reporter and not for any other areas of publication on the internet and the like.

This facet of the judgment is precise and does explain the jurisdiction of the court to prevent publication of any proceedings. However, this does crop up a requirement to introspect the foundation of such arrangements of judgments as no clear demarcations of their distinction has been made by any legislation or court judgment.[35]

Absence of privacy legislations and data protection directives have resulted in privacy violations that hinder prospects of people both in personal and professional lives. One cannot deny that, at its’ root, the main aim of ‘right to be forgotten’ is empowering the citizens to have control over their lives which is a prerequisite for the functioning of a democratic nation. This judgment, though a positive step towards data protection, has failed to take all these matters into consideration.[36]

The Karnataka High Court had a different take on the matter. It decided to protect the petitioners’ daughters’ right to be forgotten. The court recognized the need to protect and maintain the modesty and reputation of a woman. It did not deny the right to control ones’ personal information. The acknowledgement of special cases wherein a woman’s dignity is called into question, thereby making it necessary for her to protect her name, is laudable on part of the court.

But then again, the judgment is not as simple as it may seem. The decision is directly contradictory to freedom of speech[37] and the right to information.[38] The foundation of democracy is based on openness of the system, that is, on the right to know.[39] For years, the right to privacy and the right to freedom of expressions have been at loggerheads. Recently, right to privacy has been recognized as fundamental right by the Apex court in Justice KS Puttaswamy v. Union of India.[40]

If the Karnataka judgment is to be followed, then the petitioner must prove that it would be reasonably possible that s/he would suffer in his/her personal, social or professional life, if the information about him/her shall be published. S/he must prove that there is a reasonable apprehension that such revelation of information would tarnish their reputation.

In this regard, the judgment is satisfactory as the main intention behind the same is to protect one’s dignity and honour. However, it should be the endeavor of the judiciary to maintain equality and provide this protection to men as well and not only restrict itself to women. Despite accepting this norm for the first time in India, many issues continue to remain incomplete regarding its application.

Another flaw which is common to both these judgments is that search engines like Google and other online portals or websites were never made party to the case. The right in question is related to the very sources on which such information is provided. It is necessary to call these public domains to present their side of the story as well.

Though the judgments on both the parts are flawed with many omissions, one cannot deny that it is a welcome decision that would affect the data protection and digital memory system for the years to come. However, a new law by the Legislature and a more detailed judicial decision by the Supreme Court is still awaited.

JUSTICE K.S. PUTTASWAMY V. UOI AND RIGHT TO BE FORGOTTEN

India has come a long way in the last few years in protecting privacy. In 2017, in Justice K.S. Puttaswamy,[41] a nine-judge bench of the Supreme Court over-ruled its earlier decisions in M.P. Sharma and Ors. v. Satish Chandra[42] and Ors and Kharak Singh v. The State of U.P.[43] and Ors. and recognized the Right to Privacy to be a fundamental right intrinsic in Article 21. In this decision, the Right To Be Forgotten was also held to be a facet of privacy. Following are the relevant excerpts of the decision:

“484. The technology results almost in a sort of a permanent storage in some way or the other making it difficult to begin life again giving up past mistakes. People are not static, they change and grow through their lives. They evolve. They make mistakes. But they are entitled to re-invent themselves and reform and correct their mistakes. It is privacy which nurtures this ability and removes the shackles of unadvisable things which may have been done in the past.

486. People change and an individual should be able to determine the path of his life and not be stuck only on a path of which he/she treaded initially. An individual should have the capacity to change his/her beliefs and evolve as a person. Individuals should not live in fear that the views they expressed will forever be associated with them and thus refrain from

488. Thus, The European Union Regulation of 2016 has recognized what has been termed as ‘the right to be forgotten’. This does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification. If we were to recognize a similar right, it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/information is no longer necessary, relevant, or is incorrect and serves no legitimate interest.

Such a right cannot be exercised where the information/data is necessary, for exercising the right of freedom of expression and information, for compliance with legal obligations, for the performance of a task carried out in public interest, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims. Such justifications would be valid in all cases of breach of privacy, including breaches of data privacy.”

Therefore, by way of this decision, the Apex Court brought Right To Be Forgotten within the ambit of right to privacy by recognizing that an individual has the right to control the way his personal information is processed and one cannot be profiled to the ..nth extent. Recognising that mistakes are a part of human life, the Court impliedly found that Right To Be Forgotten helps a person to re-invent himself and try to undo the mistakes of the past because, if not for this right, that blot will always remain in a person‘s life and he will fail at any reformatory process he tries to carry out.

Thereafter, there has again been an attempt at drawing a legislative framework for data privacy. A committee was formed for this purpose under the chairmanship of Justice B.N Srikrishna. It submitted a report namely, the Justice B.N. Srikrishna Committee Report on A Free and Fair Digital Economy Protecting Privacy, Empowering Indians[44] which again expressly recognized the Right To Be Forgotten making the following observations:

“The right to be forgotten therefore provides a data principal the right against the disclosure of her data when the processing of her personal data has become unlawful or unwanted……

The right to be forgotten is an idea that attempts to instil the limitations of memory into an otherwise limitless digital sphere. A limited memory and the consequent need to both remember and forget are essential facets of the human condition. The internet, with its currently vast reserves of data storage appears to facilitate timeless memory. As a result, the ability to forget is seriously denuded. …. the individual desire to forget is an expression of autonomy that may be worthy of protection.”

Following were some of the recommendations made by the committee in the domain of the Right To Be Forgotten:

“Recommendations:

A)The right to be forgotten may be adopted, with the Adjudication Wing of the DPA determining its applicability on the basis of the five-point criteria as follows:

  • the sensitivity of the personal data sought to be restricted;
  • the scale of disclosure or degree of accessibility sought to be restricted;
  • the role of the data principal in public life (whether the data principal is publicly recognisable or whether they serve in public office);
  • the relevance of the personal data to the public (whether the passage of time or change in circumstances has modified such relevance for the public); and
  • the nature of the disclosure and the activities of the data fiduciary (whether the fiduciary is a credible source or whether the disclosure is a matter of public record; further, the right should focus on restricting accessibility and not content creation). [Section 27 of the Bill] 

B)The right to be forgotten shall not be available when the Adjudication Wing of the DPA determines upon conducting the balancing test that the interest of the data principal in limiting the disclosure of her personal data does not override the right to freedom of speech and expression as well as the right to information of any other citizen. [Section 27 of the Bill]

Further, this Committee also submitted THE PERSONAL DATA PROTECTION BILL, 2018.[45] Right To Be Forgotten has been incorporated under Section 27 of this Bill. This Bill is still pending.

CHALLENGES AND SUGGESTIONS

It is of utmost importance to recognize that the doctrine of ‘right to be forgotten’ is very wide-ranging and comprehensive. With the current manias and trends of fast-speed internet, any information is available in seconds; everything is a click away. At such times, strict and supervisory measures are required for regulating the same.

This doctrine must not be out rightly disregarded and discarded. It is impertinent for the judiciary to strike a balance between privacy and freedom. It must not violate the rights of others to protect anothers. An attempt for equilibrium between the two shall result justice for all.

However, in providing such a right, a significant amount of thought must be given to making sure such a right is not absolute. Reasonable restrictions must be imposed. For example, the claimant must prove the special circumstances of his/her case that are relevant and adequate enough for him to demand for exercise this right.

A software may be developed, similar to that developed by researchers at CISPA and University of Auckland called the Oblivion, which seeks to mechanize the whole procedure of authenticating a person’s data that may be available on the internet.

The Indian judiciary must endeavor to bring in a uniform solution with detailed observations so as to provide a concise and precise precedence for all the matters that may come up in the future concerning this right.

CONCLUSION

The present analysis examined the conception and subsequent development of the right to be forgotten in European Union. Marked by an extensive right to privacy jurisprudence, the sustainability of the right is higher in Europe as compared to India. The right to be forgotten requires harmonisation and balancing of the right to privacy and the right to freedom of expression. The right to privacy, which is a fundamental right in the European context, is not a constitutional or a statutory right in India.

However, with judicial pronouncements it has been propounded to have been intrinsic under Article 21 of the Constitution. Though, the right is now being recognised, its development has so far been limited to enforcement against state surveillance. In the absence of any explicit right to privacy and any legislation protecting personal data of citizens on an online forum, the right to be forgotten, if established, would have minimal and insufficient footing in India. Moreover, it is submitted that the free speech jurisprudence in India is evolved sufficiently to trump the right to be forgotten.

The right to be forgotten suffers from many constitutional inconsistencies which make its grounding incompatible in the Indian setting. Article 19 of the Constitution protects the right to expression of the citizens and allows an individual to post content online about another person, as long it is not restricted by a statutory legislation, under Article 19(2).

Thus, the broad conception of personal data as defined in the GDPR cannot be protected under the constitution, as it would infringe the right to freedom of expression. Hence, substantively and procedurally, the right to be forgotten, in its present form, would be incompatible in the Indian context.

This project concentrated on examination of the right to be forgotten as it exists in Europe. It is however, submitted that the European version of the right could suitably be to render it compatible in the Indian Constitution. The right to privacy needs to be established statutorily in Indian jurisprudence and must extend to cover private persons as well as the State, as proposed in the Draft Bill on Right to Privacy, 2014.

Further, data protection laws, such as the Information Technology (Intermediary Guidelines) Rules, 2011, which presently form a weak protection for data protection, need to be strengthened and worded specifically. The authority to balance the right to privacy and the right to freedom of speech should be done by an executive body in accordance with Administrative principles against excessive delegation.

 In a recent Karnataka High Court judgment, the right to be forgotten has been recognised with regard to the erasure of the name of a woman from search engines, to delink her name from a criminal complaint filed to annul her marriage, which was later settled. Though the Court did not delve into the requisite Constitutional grounding of the right, this could mark the commencement of its grounding in India. However, what is required are legislative amendments to ensure that the right is exercised judiciously, with minimal scope of abuse by politicians and criminals to airbrush their criminal history to protect their privacy, thus infringing the right to know of the citizens.


This article is written by Priya Bishnoi and edited by Rupreet Kaur Dhariwal.

[1]In A First An Indian Court Upholds the Right to be Forgotten

[2]Vasunathan v. The Registrar General, WRIT PETITION No. 62038/2016.

[3]Delhi High Court Asks Centre, Google About ‘Right to Be Forgotten’

[4] Google Spain SL and Google Inc. v. AgenciaDatos (APED) and Mario Costeja, case C-131(2010).

[5] Steven Bennett, The Right to be Forgotten: Reconciling EU and US Perspectives, 30 BERKELEY J. INT L L., 161 (2012)

[6] https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-2/93.htm.

[7] http://www.mondaq.com/x/561018/IT+internet/Korea+Communications+Commission+Releases+Guidelines+ On+The+Right+to+be+forgotten

[8] https://www.washingtonpost.com/news/the-intersect/wp/2015/08/04/how-the-right-to-be-forgotten-couldtake-over-the-american-internet-too/?utm_term=.c25bb00f9d7c.

[9]http://cio.economictimes.indiatimes.com/tech-talk/Right-to-be-forgotten-an-Indian-perspective/240.

[10]Article 17(1)(a), GDPR

[11]Article 17(1)(b),GDPR

[12] Article 17(1)(c),GDPR

[13] AIR 1963 SC 1295.

[14] (1975) 2 SCC 148.

[15] 2164 (2009) D.L.T. 153.

[16] 5(1994) 6 SCC 632.

[17] Supra note 9

[18] Ibid

[19] See, Article 19(2), Constitution.

[20]Kishan Prakash Sharma and Ors.etc. v. Union of India and Ors, AIR 2001 SC 1493

[21]Confederation of Indian Alcoholic Beverage Companies v. State of Bihar, (Civil) Writ No. 6675/2016

[22]Kartar Singh v. State of Punjab, JT 1994 ( 2 ) SC 423

[23]Shreya Singhal v. Union of India, AIR 2015 SC 1523

[24] AIR 2010 SC 3196.

[25] Ibid.

[26]Union of India v. Tulsiram Patel, AIR 1985 SC 1416

[27]AIR 1981 SC 136.

[28] Ibid.

[29]https://www.google.com/transparencyreport/removals/europeprivacy/

[30] (1964) 1 SCR 332.

[31]Special Civil Application No. 1854 of 2015.

[32]Writ Petition No. 62038 of 2016.

[33] Article 215 of the Constitution of India.

[34] Supra note 31

[35] Supra note 32

[36]Eastern Book Company and Ors. v. D. B. Modak and Anr., Appeal (civil) 6472 of 2004.

[37] The Constitution of India, art. 19(1)(a).

[38] State of U.P v. Raj Narain, 1975 AIR 865; Peoples Union for Civil Liberties v. Union of India, Writ Petition (Civil) No.161 of 2004.

[39] Reliance Petrochemicals Ltd v. Proprietors of Indian Express, 1988 SCR Suppl. (3) 212.

[40] Writ Petition (Civil) No. 494 of 2012.

[41] Supra 40

[42] [1954]1SCR1077

[43] [1964]1SCR332

[44] https://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf

[45] https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018_0.pdf

Must Read

Modernisation

We all have seen our grandparents and at times even our parents telling us about how they used to live back then....

Analysis Of Mergers and Acquisitions of Company

Acquisition and merger mostly occur when two companies agree to join their forces together. Both terms are often used interchangeably although there...

ICRC and Its Legality in War Crimes

RulesDefinition of War Crimes Rule 156.

Collaborative Law

Meaning of Collaborative Law Communitarian law is an option in contrast to a...

Related News

Modernisation

We all have seen our grandparents and at times even our parents telling us about how they used to live back then....

Analysis Of Mergers and Acquisitions of Company

Acquisition and merger mostly occur when two companies agree to join their forces together. Both terms are often used interchangeably although there...

ICRC and Its Legality in War Crimes

RulesDefinition of War Crimes Rule 156.

Collaborative Law

Meaning of Collaborative Law Communitarian law is an option in contrast to a...

Income Tax Act

Prologue to Personal Assessment Act, 1961 In India, Personal assessment is a duty you pay to the administration...