The Right to be Forgotten means that any person has the right to request that his personal data and information be deleted from the internet. Moreover, making sure that data is deleted permanently from backup storage. The basic principle behind the evolution of this right is that an individual has a claim that his certain data be not available to a third person(s). The right is also called an Individual’s Right to Erasure.
The legal aspect of the Right to be forgotten is the perpetual battle between the Right to Freedom of Expression and the Right to Privacy. Many experts have questioned the Right to be Forgotten on the pretext that it indirectly promotes censorship and rephrasing of history.
Origin of Right to be Forgotten
In 2014, the European Court of Justice decided a case against Google in Costeja Case, in which a Spanish man asked Google to delete links in an old newspaper article about his insolvency. The plaintiff argued that since the debt had been paid, there was no reasonable ground for the particular information to remain accessible on the online platform.
The court ruled against Google, stating that European citizens have the right and Google must ensure that if requested, to remove and delete the data so required from all its URLs and databases. However, in 2019, the European Court gave the tech giant Google relief stating that Google does not have to apply the right to be forgotten globally, but only in Europe itself.
The main contention of Google was that the pretext and political correctness of the Right to be Forgotten can be misused by dictatorial governments and regimes to curb freedom of expression, voices of resistance, and human right violations.
Post the 2014 judgment there was a rise in cases of what was termed as ‘Right to be Forgotten’ or ‘Right to Erasure’. The General Data Protection Regulation (GDPR) regulates how individual’s personal and private data ought to be stored, collected, and protected. Right to be Forgotten is much more than simply an individual asking an organization to erase his private data, the concept involved interconnected legal, technological, and paradoxical issues and interests.
Article 17 of GDPR states if an individual requests an organization to erase his data, the organization is obliged to delete that data without “undue delay”. ‘Undue delay’ means delay without unreasonable excuses.
Article 15, General Data Protection Regulation, provides people with a right to access data that contain their personal information and to demand its erasure.
Application of Right to be Forgotten
Article 17, General Data Protection Regulation, enlists the situation and circumstances for the application of the Right to be Forgotten;
The private data has lost its purpose and objective, for which it was collected by the organization.
The individual or subject of personal information has not provided their consent for the publication of his personal information.
The organization holds the private data of an individual unlawfully.
When there is any legal judgment or statutory obligation, the organization requires to delete the personal information.
When the organization’s Right to Process Data will override individual’s Right to be Forgotten;
Data is used to avail Right of Freedom of Expression and Thought
Data is processed in line with a legal and statutory obligation
The private data is necessary for reasons of public health
Personal information serves a certain, public interest, scientific or historical research.
The private data of an individual is used by the organization in lieu of the organization’s legitimate official authority.
Moreover, an organization can charge a “reasonable fee” or turn down the request of an individual to erase the personal information if it fulfills the aforesaid criteria.
Right to be Forgotten in India vis-a-vis Other Countries
Celebrity lawsuits against Google and Yahoo! have been filed in Argentina, with the claimants seeking the removal of some search results as well as access to images. Virginia da Cunha, an artist, brought a case involving photographs taken with her permission and uploaded with her permission, but she claimed that the search results incorrectly associated her photographs with pornography. De Cunha’s case was originally successful, with search engines in Argentina refusing to view photos of the celebrity.
The judge who ruled in De Cunha’s favor, Virginia Simari, said that people have the right to control their appearance and prohibit others from “capturing, reproducing, transmitting, or releasing one’s image without permission.” Simari also cited a treatise by Julio César Rivera, a Buenos Aires lawyer, poet, and law professor, in which he claimed that “the right to control one’s personal data requires the right to prohibit others from using one’s photograph.” Argentina has been a supporter of the habeas data campaign since the 1990s when they “adopted a constitutional clause that is part freedom-of-government-information legislation and part data protection law.” Amparo is the name of their variant. It’s explained in Article 43:
“Any person shall file this action to obtain information on the data about himself and their purpose, registered in public records or databases, or in private ones intended to supply information; and in case of false data or discrimination, this action may be filed to request the suppression, rectification, confidentiality or updating of said data.”
Since people can amend, erase, or amend information about themselves, Argentina’s attempts to protect their right to be forgotten have been dubbed “the most detailed.” In general, their details will be kept secret.
United States of America
Consideration of the right to be forgotten can be seen in US case law, specifically in Melvin v. Reid, and in Sidis v. FR Publishing Corp
In Melvin v. Reid (1931), an ex-prostitute was charged with murder and acquitted; she later proceeded to reintegrate into society in a discreet and anonymous way. However, her past was revealed in the 1925 film The Red Kimono, and she successfully sued the producer. “Every person leading a life of rectitude has the right to happiness,” the court argued, “which involves the freedom from unwarranted assaults on his dignity, social status, or credibility.”
The appellant in Sidis v. FR Publishing Corp. (1940) was a former child prodigy who intended to live his adult life peacefully and unnoticed; however, an article in The New Yorker interrupted his plans. The court ruled that the ability to manage one’s own life and data about oneself has restrictions, that publicly accessible knowledge has a social meaning, and that a person cannot disregard their celebrity status merely because they wish to.
Commentators claim that expanding the right to be forgotten in the United States would amount to censorship and actually violate people’s legally guaranteed right to freedom of speech. Both critiques are based on the idea that the only information that can be deleted at the request of a client is that which the customer has shared.
Section 27 of the PDP Bill, empowers the individual to directly approach the adjudicating officer for enforcement of his Right to be Forgotten, thus bypassing the whole procedure of requesting the organization for deletion of private or personal data.
Section 28 of the PDP Bill, says that any matter other than stipulated in Section 27 shall be made in writing, requesting the organization for concerned deletion of any private/ personal information or data.
Section 47 of the PDP Bill, also provides for journalistic exemptions required for discharging their official duty.
The Conflict between Right to Information and Right to be Forgotten
Right to Information provides for legal mechanism so that public information is easily accessible and available. Section 8, Right to Information Act, 2005 provides for reasonable exceptions where public authorities can refuse the citizens to have access to, particularly sensitive information.
There is reasonable grey area and overlay between Section 8, Right to Information Act, 2005, and Section 27, Personal Dara Protection Bill. Section 8, RTI Act, 2005 empowers the public official to refuse to share a piece of certain sensitive information and Section 27, Personal Data Protection Bill, entails when an individual can approach Adjudicating officer to enforce his Right to be Forgotten.
Proposal for amendment in RTI Act, Section 8(1)(j) entails that personal data can be restricted to be made accessible to consumer citizens if such disclosure is likely to cause “harm” and such harm outbalances public interest.
Criticism of Right to be Forgotten
Right to be Forgotten restricts the Right to Freedom of Speech and Expression.
GDPR has its jurisdiction limited to European Union.
The conflict between RTI Act, 2005 and the Right to be Forgotten
The shield of the Right to be Forgotten can be used as a sword by authoritative regimes to curb Freedom of Speech and Expression
Right to be Forgotten can be stated as a tool to “rewrite history”
The concept of the Right to be Forgotten has revolutionized the concept of the Right to Privacy and ushered in the era of individualism. The twenty-first century is the digital age and, naturally, the traditional system of governance and administration will fall. India desperately needs to strike a balance between the Right to Privacy (Right to be Forgotten and Right to Information Act). Still, there is an area of concord, if, at all public interest and individual rights, both are respected, and it can be said that the Right to be Forgotten is cui bono in this digital age.
Editor’s Note The author has dealt with the modern issue of the Right to be Forgotten. As elucidated by the author, its presence in the era of the internet has been immense. The ability to control what stays on the internet and what goes is the kind of freedom that everyone wants but not everyone gets. The author has explained the origins of this phenomenal right, its position in various countries with respect to India, and the legal framework of such a right to exist in India. International Cases have also been utilized to gain a better understanding.