A single judge of Kerala High Court recently referred to the larger bench the question that whether the parties involved in a suit of personal nature can request the disguising or masking of their names. Interim relief was granted in favour of the petitioner. This petition was filed due to no action from the search engine on the petitioner’s request. This case questions the development of the right to be forgotten (hereinafter referred to as “RTBF”) in India and its potential conflict with Freedom of Expression.
In this article, we analyse the scope of the RTBF in India after the K.S. Puttaswamy judgment, its potential conflict with freedom of expression especially freedom of the press, international conventions on RTBF, India’s data protection bill, its comparison with EU’s law and suggest methods to effectively enforce RTBF in India.
Right To Be Forgotten
It is generally defined as a right of an individual to remove or limit public access to his/her personal information on the internet. RTBF has its genesis in the ruling of Court of Justice of the European Union in Google Spain SL v. Agencia Española de Protección de Datos which for the first time included RTBF under the right to privacy. No statute in India recognizes this right. RTBF is currently not included under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The information of personal nature can only be provided by the Information officer subject to the limitations given in Section 8(1)(j) of the Right to Information Act, 2005. Section 228A of IPC also recognizes the masking/disguising of names of the victims in cases of sexual offences only. However, the Justice B.N. Shrikrishna Committee recommended including the RTBF as a statutory right under Personal Data Protection Bill, 2019 (hereinafter referred to as “PDP”).
In India, the Supreme Court in K.S. Puttaswamy case recognized that the right to have control over personal data will also include the right to control its existence on the internet. The Karnataka High Court acknowledged the RTBF in cases of sensitive matters such as rape and ordered the masking of the name of the petitioner’s daughter in the judgment and any internet searches. Similarly, the Delhi High Court and the Orissa High Court also held that the RTBF is an inherent part of the right to privacy guaranteed under Article 21 of the Constitution. Recently, the Delhi High Court upheld the RTBF in a plea filed by an American citizen and directed Google to remove the judgment concerning the petitioner’s involvement in Narcotics case (acquitted) from search results. It further ordered Indian Kannon to block the said judgment from being accessed through search engines.
Conflict with Right to Freedom of Expression
The right to freedom of expression is guaranteed under Article 19(1)(a) of the Constitution of India. This right also embodies the freedom of the press which though not explicitly mentioned in the Constitution forms an integral part of Freedom of Expression. The Supreme Court specifically emphasized that it is the right of the press to report the judicial proceedings and print faithful reports. The Supreme Court in K.S. Puttaswamy case cautioned that the right to be forgotten has to be balanced against other fundamental rights such as freedom of expression or freedom of the press. The Apex court in the R.Rajgopal case dealt with the potential conflict between the right to privacy and the right to freedom of the press. It emphasized that the right to privacy is sacrosanct however it is subject to an exception such that if the publication is based on a public record especially court records then the right of privacy no longer subsists and the media has the right to comment/publish the same. Further, the Court cautioned that names or information of victims of sexual offences should not be made public owing to the exception of decency under Article 19(2) of the Constitution.
The PDP attempts to balance the two rights in the form of journalistic exemption as provided under section 36(e). This section provides that personal data can be processed for journalistic purpose if it is necessary or relevant. Section 2(24) of the PDP defines “journalistic purpose” as any activity pertaining to recent news or information which is of public interest.
The issue that has been left unanswered by the courts and the legislators is that whether the RTBF can be extended to cases not involving sexual offences. This may include suits of personal nature such as matrimonial cases which are of no interest to the public and such publication may harm the reputation of the parties involved. In this section, we will analyse international conventions recognising the RTBF, the scope of the RTBF in the PDP and its comparison with EU’s GDPR:
- International Conventions: Article 12 of the Universal Declaration of Human Rights, 1948 recognises that no one shall be subjected to arbitrary interference with his privacy, family, home nor to attacks upon his reputation. Further, Article 17 of the International Covenant on Civil and Political Rights also recognises non-interference with the privacy of a person and provides for the protection of law against such attacks or interference. Similarly, Article 8 of the European Convention on Human Rights values non-interference with the privacy of individual and carves certain exceptions such as protection of rights and freedoms of others, national security, protection of health or morals, etc. On the same line, Articles 5, 9 and 10 of the American Declaration of Rights and Duties of Man recognise that the privacy of an individual should be protected. Article 4 of the African Charter on Human Rights also states that human beings are inviolable and are entitled to respect. Though these conventions do not explicitly address the RTBF, it is inherent that to maintain the inviolability of a human being this right should be guaranteed to every individual in this digital age.
- Personal Data Protection Bill, 2019- Section 20(1) of the PDP provides the right to prevent or restrict the continuing disclosure of personal data on three grounds if: (i) the information has served its purpose or has become unnecessary; (ii) the consent as provided under Section 11 of the Bill has been withdrawn; and (iii) such disclosure was made contrary to the bill or any other law in force. Section 20(3) provides for certain parameters that the Adjudicating Officer has to keep in mind while making the decision which includes- sensitivity of personal data, relevance to the public, whether the person is a public figure or not, etc. Further, it provides for the right to correction and erasure which is to correct, update the information or erase personal data which is no longer necessary. However, this is subject to the discretion of data fiduciaries such as search engines. The bill also includes provisions (Section 91) related to the collection of non-personal data by governments which seems irrelevant in a data protection law. Further, the bill provides that the central government can exempt any government agency from Bill’s purview on grounds of security and sovereignty through a mere executive order. If we compare it to the Committee’s recommendation, which provided for the exception only when legislation mandates the same, the Bill offers more discretion to the government which might lead to mass surveillance in future. Further, this is also in violation of the test laid down in K.S. Puttaswamy case that the measure restricting the right to privacy must (1) be backed by law, (2) serve a legitimate aim, (3) be proportionate, and (4) have procedural safeguards against abuse. The Bill in its current form dilutes the right to privacy of individuals. It should be drafted in such a manner that the primary objective is to protect the privacy of people.
- Comparison with GDPR- The Bill is modelled on the framework of EU’s GDPR and shares similar features such as the RTBF, right to erasure, exceptions, importance of consent, etc. However, there are certain dissimilarities as well- Article 17(1) of GDPR offers wider protection to the individuals as it states that the data subject has the right to obtain the erasure of personal data without undue delay. Further, GDPR provides for the right to object to profiling whereas PDP does not provide for such a right. Even if GDPR, alike PDP, provides certain escape clauses the same is regulated by other EU directives. Therefore, the GDPR is a robust mechanism to strictly protect personal data as compared to the PDP.
RTBF is still in a nascent stage in India. We propose certain ways to effectively enforce this right in India:
First, the best solution to effectively imbibe this right in every citizen is through a robust data protection law. PDP guarantees the RTBF but as analysed above it certainly can be improved to better align to protect the privacy of individuals. However, for that to happen this bill needs to be enacted into an Act as it is the need of the hour in this digital age to protect people against attacks or interferences. Further, there should be a clear catalogue of different situations with certain outcomes so that the potential conflict between the two fundamental rights could be resolved easily.
Second, while the Personal Data Protection Bill hasn’t become a law yet, courts have expressly recognized the right to be forgotten in their judgments, taking note of international jurisprudence on this right. In this line, Delhi High Court and Karnataka High Court have recognized the right and judicially enforced it. However, there is long way for the courts to provide a consistent and definite method to safeguard RTBF such that the Right to Information and the Freedom of the Press are not completely encroached upon. Further, people can rely on other laws to protect this right such as defamation or file a petition to invoke their fundamental Right of Privacy for the time being.
Third, the search engines or internet service providers can implement voluntary policies or agreements whereby they decide how to determine the erasure of personal data through de-linking. However, as seen in the Kerela HC case Google did not listen to the requests of the petitioner to erase her name from the search result. Therefore, this is the least effective way to enforce this right. However, these three mechanisms can apply cumulatively to properly implement RTBF in India.
Although the RTBF is a facet of the right to privacy, it has become very important in the digital age. The times when information is available at a click, the need to protect personal data becomes all the more important. Personal data such as related to matrimonial suits are of no relevance to the public. However, due to lack of proper legislation recognising this right people are subjected to harassment and loss of reputation. Therefore, legislation protecting this right is the need of the hour. Until then, the task is left to the judiciary which has to carefully tread its path between two fundamental rights- RTBF and freedom of expression.
(This Article is written by Janhavi Somvanshi and Tulika Somvanshi. Janhavi is a third-year student at National Law University, Jodhpur and Tulika is second-year student at Institute of Law, Nirma University)
CITE AS: Janhavi Somvanshi and Tulika Somvanshi, ‘Right to be Forgotten- A Must for the Digital Age in India’ (The Contemporary Law Forum, 5 June, 2021) <https://tclf.in/2021/06/05/right-to-be-forgotten–a-must-for-digital-age-in-india/> date of access.