Context:
The Delhi High Court sought replies from the Centre, Google and India Kanoon on a plea seeking removal of a judgment and an order in connection with a seven-year-old FIR under ‘Right to be Forgotten’, and asked how far this rule can be stretched.
Relevance:
GS-II: Polity and Governance (Constitutional Provisions, Fundamental Rights, Government Policies and Interventions)
Dimensions of the Article:
- Right to be Forgotten (RTBF)
- ‘Right to be Forgotten’ in the Indian context
- What does the Personal Data Protection Bill say about this?
Right to be Forgotten (RTBF)
- Right to be Forgotten (RTBF) is the right to have publicly available personal information removed from the internet, search, databases, websites or any other public platforms, once the personal information in question is no longer necessary, or relevant.
- This right has been recognised as a statutory right in the European Union under the General Data Protection Regulation (GDPR).
‘Right to be Forgotten’ in the Indian context
- The Right to be Forgotten falls under the purview of an individual’s right to privacy, which is governed by the Personal Data Protection Bill that is yet to be passed by Parliament.
- In 2017, the Right to Privacy was declared a fundamental right by the Supreme Court in its landmark verdict.
- The court said at the time that, “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution”.
What does the Personal Data Protection Bill say about this?
- The Personal Data Protection Bill aims to set out provisions meant for the protection of the personal data of individuals.
- The draft bill mentions the “Right to be Forgotten” and states that the “data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary”
- (A data fiduciary means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.)
- Therefore, broadly, under the Right to be forgotten, users can de-link, limit, delete or correct the disclosure of their personal information held by data fiduciaries.
- Even so, the sensitivity of the personal data and information cannot be determined independently by the person concerned, but will be overseen by the Data Protection Authority (DPA).
- This means that while the draft bill gives some provisions under which a data principal can seek that his data be removed, but his or her rights are subject to authorisation by the Adjudicating Officer who works for the DPA.
- While assessing the data principal’s request, this officer will need to examine the sensitivity of the personal data, the scale of disclosure, degree of accessibility sought to be restricted, role of the data principal in public life and the nature of the disclosure among some other variables.
-Source: The Hindu