Scribd
Upload
54 views21 pages

Interplay Between Right To Be Forgotten and Data Protection Regulations

Uploaded by

Ujjwal Saboo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
54 views21 pages

Interplay Between Right To Be Forgotten and Data Protection Regulations

Uploaded by

Ujjwal Saboo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 21

INTERPLAY BETWEEN RIGHT TO BE FORGOTTEN

AND DATA PROTECTION REGULATIONS

CONSTITUTIONAL LAW – RESEARCH PAPER

SUBMITTED BY: SUBMITTED TO:


NAME- UJJWAL SABOO DR. K SYAMALA
ROLL NO. – 1384 ASSOCIATE PROFESSOR, LAW
SEM- III NUSRL, RANCHI
SECTION- A

NATIONAL UNIVERSITY OF STUDY AND RESEARCH IN LAW

RANCHI
1. TABLE OF CONTENS

2. ABSTRACT...............................................................................................3

3. RESEARCH QUESTIONS:.......................................................................4

4. RESEARCH OBJECTIVES:.....................................................................4

5. INTRODUCTION:.....................................................................................5

6. RIGHT TO BE FORGOTTEN...................................................................6

7. ORIGIN OF RIGHT TO BE FORGOTTEN.............................................6


8. EVOLUTION OF RIGHT TO BE FORGOTTEN IN INDIA AS A
FUNDAMENTAL RIGHT........................................................................7
9. WHY THERE IS A NEED OF RIGHT TO BE FORGOTTEN?..............9

10. CHALLENGES IN IMPLEMENTING RIGHT TO BE FORGOTTEN:11

11. EVOLUTION OF DATA PROTECTION REGULATIONS IN INDIA 12

12. The Digital Personal Data Protection Act, 2023......................................13


13. IMPORTANT PROVISIONS OF THE ACT..........................................13
14. INTERPLAY BETWEEN RIGHT TO BE FORGOTTEN AND DATA
PRIVACY REGULATIONS:..................................................................15

15. PRACTICAL IMPLICATIONS FOR BUSINESS(LIKE GOOGLE) IN


IMPLEMENTONG RIGHT TO BE FORGOTTEN................................17

16. ROLE OF TECHNOLOGY.....................................................................17

17. CONCLUSION:.......................................................................................19

18. BIBLIOGRAPHY:...................................................................................21
ABSTRACT:

This research paper delves into the intricate relationship between the Right to
Be Forgotten (RTBF) and data protection regulations within the evolving legal
landscape of India. As the digital ecosystem expands and individuals generate
unprecedented amounts of personal data, the need for robust mechanisms to
safeguard privacy and control over one's information becomes paramount.

The research also explores the conceptual underpinnings of the Right to Be


Forgotten and its implications on the fundamental right to privacy enshrined in
the Indian Constitution. It investigates the legal and ethical dimensions
surrounding the application of the RTBF in a diverse and technologically
advancing society like India.
RESEARCH QUESTIONS:

1. What is right to be forgotten and how it has evolved?

2. What are the different data protection regulations in India?

3. How does the right to be forgotten align with or diverge from existing
data protection regulations in India?
4. What are the practical implications for businesses in India in
implementing and complying with the right to be forgotten within the
framework of data protection regulations?
5. What challenges and opportunities does the interplay between the right to
be forgotten and data protection regulations present for technology
companies operating in India?

RESEARCH OBJECTIVES:

1. To trace the evolution of data protection laws in India and how they have
adapted to address the challenges posed by the right to be forgotten.

2. To investigate how the right to be forgotten is recognized and interpreted


within the Indian legal system, considering case law and legislative
developments.

3. To assess the challenges and opportunities faced by interplay between


right to be forgotten and data protection regulations.

4. To investigate the technological implications of implementing the right to


be forgotten, considering issues such as data storage, retrieval, and
deletion mechanisms.
INTRODUCTION:

In an era dominated by digital interconnectedness, the confluence of individual


privacy rights and the vast expanse of personal data has given rise to critical
discussions surrounding the Right to be Forgotten (RTBF) and its compatibility
with data protection regulations. This research paper delves into the intricate
web of privacy concerns and legal frameworks in the context of India, exploring
the dynamic interplay between the right to be forgotten and existing data
protection regulations.

Right to be forgotten is a part of Right to privacy which is a fundamental right


under Article 21. Right to be forgotten empowers individuals to request the
removal of their personal information from online platforms under certain
circumstances.

A committee headed by retired Supreme Court Judge Justice BN Srikrishna has


submitted its report on "Data Protection Framework" to the Government. With
some amendments to this report, Parliament has passed Digital Personal Data
Protection Act 2023, which is an act to provide for the processing of digital
personal data in a manner that recognises both the right of individuals to protect
their personal data and the need to process such personal data for lawful
purposes and for matters connected therewith or incidental thereto.
RIGHT TO BE FORGOTTEN

The 'Right to be forgotten' gives the right to individuals to have their private
information removed from the internet, websites or any other public platforms
under special circumstances. It is also known as 'Right to erasure'. The right to
be forgotten "reflects the claim of an individual to have certain data deleted so
that third persons can no longer trace them". It has been defined as "the right to
silence on past events in life that are no longer occurring". The right to be
forgotten leads to allowing individuals to have information, videos, or
photographs about themselves deleted from certain Internet records so that they
cannot be found by search engines.

The origin of this Right can be traced back to the French jurisprudence on the
'Right to oblivion' or Droit a loubli in 2010. This Right of oblivion aided
convicted criminals, who had completed their imprisonment terms, by removing
the publication of particulars of their crimes and their criminal life.

ORIGIN OF RIGHT TO BE FORGOTTEN

The right to be forgotten was first recognized in the European Union (EU),
notably through the landmark case of Google Spain SL, Google Inc. v Agencia
Española de Protección de Datos (AEPD), Mario Costeja González (2014). In
1998, Mario Costeja Gonz´lez, a Spaniard, had run into financial difficulties and
was in severe need of funds. As a result, he advertised a property for auction in
the newspaper, and the advertisement ended up on the internet by chance. Mr.
Gonz was not forgotten by the internet and inconsequence news about the sale
was searchable on Google long after he had fixed his financial issue, and
everyone looking him up assumed he was bankrupt. Understandably, this
resulted in severe damage to his reputation, prompting him to take up the matter
to the court. The European Court of Justice ruled in favour of an individual's
right to request the removal of search engine results containing personal
information, leading to the recognition of the right to be forgotten as a
fundamental right within the EU's data protection framework.

EVOLUTION OF RIGHT TO BE FORGOTTEN


IN INDIA AS A FUNDAMENTAL RIGHT

In India, there is no any act or statute expressly declaring right to be forgotten as


a right or Constitution declaring it as a fundamental right, but Supreme Court
and various High Courts have declared right to be forgotten as a fundamental
right.

Dharamraj Bhanushankar Dave v. State of Gujarat1 is the first case in India


where the question of Right to be forgotten came. in this case the petitioner had
been charged with criminal conspiracy, murder, and kidnapping, among others
and was acquitted by the Sessions Court, which was further supported by a
Division Bench of the Gujarat High Court. The petitioner had claimed that since
the judgment was non-reportable, respondent should be banned from publishing
it on the internet because it would jeopardise the petitioner’s personal and
professional life. The High Court, on the other hand, found that such publication
did not violate Article 21 of the Indian Constitution, and that the petitioner had
presented no legal basis to prevent the respondents from publishing the
judgment. Hence, Gujarat HC did not acknowledge the right to be forgotten in
its judgement.

1
2017 SCC OnLine Guj 2493
In Sri. Vasunathan v. High Court of Karnataka2, the Karnataka HC recognised
right to be forgotten. The purpose of this case was to remove the name of the
petitioner’s daughter from the cause title since it was easily accessible and
defame her reputation. The court held in favour of the petitioner and ordered
that the name of the petitioner’s daughter to be removed from the cause title and
the orders.

K.S. Puttaswamy V. Union of India3 is one of the landmark judgements in


which SC recognised right to privacy as a fundamental right under Article 21. In
this case, SC also recognised the right to be forgotten as part of the right to life
under Article 21. The Supreme Court had stated that the right to be forgotten
was subject to certain restrictions, and that it could not be used if the material in
question was required for the-

i) Exercise of the right to freedom of expression and information

ii) Fulfilment of legal responsibilities

iii) Execution of a duty in the public interest or public health

iv) Protection of information in the public interest

v) For the purpose of scientific or historical study, or for statistical purposes

vi)the establishment, executing, or defending of legal claims.

2
2017 SCC OnLine Kar 424
3
(2017) 10 SCC 1
WHY THERE IS A NEED OF RIGHT TO BE
FORGOTTEN?

In today’s world, Artificial Intelligence has advanced to the point of retaining


and interpreting data, study behavioural patterns and automate human
responses, we need to think about the kind of huge impact our digital footprint
has on the web. This has both pros and cons. It helps to analyse data faster. It
can be used to make fake videos of person. Eg- Recently, there was a deepfake
video of Rashmika Mandanna was surfaced online. The video affected the
reputation of the actress signigicantly. Similiarly, deepfake video of PM Shri
Narendra Modi was surfaced in which he was seen playing garba. PM shared
that he did not play Garba since school and said that during the times of
Artificial Intelligence, it is important that technology should be used
responsibly.

With the advancement of technology, whatever we do online remains as digital


footprints. The personal information of an individual at this point not confined
to just papers, official and government records. It can now be easily assessed by
an individual from anywhere around the world through web or search engines
With help of technology, one can hack the person mobile phone and may leak
sensitive data relating to him, his personal photos or videos which will affect his
repulation significantly. There is a couple which has gone viral. They had a
food joint and they were popularly famous as Kulhad Pizza couple. Their
intimate video was leaked and was surfaced online just after 2 days when
couple become parents. At the time when they have become parents, we cannot
understand how the video has broken them mentally.
Hence, the unparalleled growth of information and technology had made us
privy to the most intricate details of human lives – both good and bad. The
boundaries of privacy are blurring more than ever. We enjoy the latest
controversies with a cup of tea but have we ever thought what would things be
like if we were placed in their shoes?

Once your data has been made public on the internet it is virtually impossible to
remove it completely, especially when you consider that every site you have
interacted with has collected some form of information about your online
activities. But with the help of right to be forgotten, we can remove our personal
data significantly. Though one can save our personal data by downloading the
information or photo or video or can take screenshot it. But they would not be
able to share it publicly and we can reduce the presence of that data
significantly. It is with the help of right to be forgotten only that we can remove
data, as Right to be forgotten gives the right to individuals to have their private
information removed from the internet, websites or any other public platforms.
CHALLENGES IN IMPLEMENTING RIGHT TO
BE FORGOTTEN:

1. Balancing Rights: One of the primary challenges is finding a balance


between an individual's right to be forgotten and other fundamental
rights, such as freedom of expression (Article 19(1) (a) and the public's
right to information. Determining when the right to be forgotten should
take precedence over these rights is a complex and subjective task and
Government must introduce regulations to simplify this task.

2. Verification of Identity: Verifying the identity of individuals making


erasure requests is crucial to prevent unauthorized removal of
information. However, creating a reliable and secure system for identity
verification is challenging, especially when dealing with online platforms.

3. Technical Challenges: Implementing the right to be forgotten requires


technical mechanisms to remove or anonymize personal data. This can be
complicated, especially if data is distributed across multiple servers or if
it has been shared with third parties. Ensuring effective and complete
erasure of information poses technical challenges for online platforms.

4. Recordkeeping Obligations: Certain industries and organizations are


subject to recordkeeping obligations for legal or regulatory reasons.
Implementing the right to be forgotten without compromising these
obligations requires careful consideration.
EVOLUTION OF DATA PROTECTION
REGULATIONS IN INDIA

In K.S. Puttaswamy V. Union of India, SC recognised right to privacy as a


fundamental right under Article 21. After the judgement came,the Government
of India has set up a data protection framework which started taking steps
towards the creation of the data protection legislation to protect the personal
data of individuals. A ten-member committee headed by B.N. Srikrishna, a
retired Supreme Court judge was formed to study and identify key data
protection issues and recommend methods to address them. The committee
submitted its Data protection report and proposed a draft Personal Data
Protection Bill. The committee also gave definition of Right to be forgotten
which refers to the ability of individuals to limit, delink, delete, or correct the
disclosure of personal information on the internet that is misleading,
embarrassing, irrelevant, or anachronistic. Section 27 of the sail bill deals about
right to be forgotten which gives data prinicipal right to restrict or prevent
continuing disclosure of personal data by a data fiduciary related to the data
principal. The bill was not passed and was sent to Joint Parliamentary
Committee for feedback. JPC report was tabled in Parliament on 16th December
2021.
The Digital Personal Data Protection Act, 2023

On 18th November 2022, the Ministry of Electronics and Information


Technology released the Digital Personal Data Protection Bill, 2022 for public
consultation. On 5th July 2023, the cabinet has approved the Digital Personal
Data Protection Bill, 2023 which is the revised version of the bill. On 3rd August
2023, Digital Personal Data Protection Bill, 2023 was introduced in Lok Sabha
and was passed on 7th August 2023. On 9 August 2023, the Digital Personal
Data Protection Bill, 2023 was introduced and passed by Rajya Sabha. On 11th
August 2023, President gave assent to the bill and we got a new act which is
known as the Digital Personal Data Protection Act, 2023.

IMPORTANT PROVISIONS OF THE ACT

Chapter 2 of the Digital Personal Data Protection Act, 2023 states the
obligations of Data Fiduciary. Section 4 to 10 comes under this chapter.
Section 2(i) of the Act gave us the meaning of Data Fiduciary. It means any
person who alone or in conjunction with other persons determines the purpose
and means of processing of personal data;

Section 4 of act gives us the grounds for processing personal data. A person
may process the personal data of a Data Principal only in accordance with the
provisions of this Act and for a lawful purpose, - (a) for which the Data
Principal has given her consent; or (b) for certain legitimate uses.

It means that any person must have the consent of the person whose personal
data is used or can use the personal data for certain legitimate uses. Certain
legitimate uses are given under Section 7 of the Act.
Chapter 3 of the act states the rights and duties of Data Principal. Section 11 to
15 comes under this. Section 2(j) of the Act gave us the meaning of Data
Principal. It means the individual to whom the personal data relates and where
such individual is - (i) a child, includes the parents or lawful guardian of such a
child; (ii) a person with disability, includes her lawful guardian, acting on her
behalf. Section 12 of the act gives Data Principal the right to correction and
erasure of data.

Section 12- Right to correction and erasure of data

(1) A Data Principal shall have the right to correction, completion, updating and
erasure of her personal data for the processing of which she has previously
given consent, including consent as referred to in clause (a) of section 7, in
accordance with any requirement or procedure under any law for the time being
in force.

(2) A Data Fiduciary shall, upon receiving a request for correction, completion
or updating from a Data Principal, - (a) correct the inaccurate or misleading
personal data; (b) complete the incomplete personal data; and (c) update the
personal data.

(3) A Data Principal shall make a request in such manner as may be prescribed
to the Data Fiduciary for erasure of her personal data, and upon receipt of such a
request, the Data Fiduciary shall erase her personal data unless retention of the
same is necessary for the specified purpose or for compliance with any law for
the time being in force.
INTERPLAY BETWEEN RIGHT TO BE FORGOTTEN
AND DATA PRIVACY REGULATIONS:

The interplay between the right to be forgotten and data privacy regulations is a
complex and evolving landscape that reflects the ongoing tension between
balancing right to be forgotten and other fundamental rights such as freedom of
speech and expression. It also reflects the ongoing tension between individual
rights and the legitimate interests of businesses and society at large.

Right to be forgotten refers to the ability of individuals to limit, delink, delete,


or correct the disclosure of personal information on the internet that is
misleading, embarrassing, irrelevant, or anachronistic. It gives the right to
individuals to have their private information removed from the internet,
websites or any other public platforms under special circumstances.

Evolution of Data protection regulations in India started with Supreme Court


judgement in KS Puttaswamy case, which declared Right to privacy as a
fundamental right under Article 21. After this judgement, Government setup
committee to give recommendations for data protection regulations and finally
in August 2023, we got The Digital Personal Data Protection Act 2023.

The preamble of the act says that it is an Act to provide for the processing of
digital personal data in a manner that recognises both the right of individuals to
protect their personal data and the need to process such personal data for lawful
purposes and for matters connected therewith or incidental thereto. The Act did
not explicitly give individual Right to be forgotten. However, Section 12 of the
said Act gives Data Principal Right to correction and erasure of data which
means A Data Principal shall have the right to correction, completion, updating
and erasure of his/her personal data for the processing of which he/she has
previously given consent.
The Act helps in the implementation of Right to be forgotten to some extent. It
gives Data Principal right to erase his data which can be inferred as right to be
forgotten as Right to be forgotten is right to remove data from online platforms
and is also known as Right to Erasure.

This Right to erasure is not absolute as there can be retention for the personal
data necessary for the specified purpose or for compliance with any law for the
time being force.

Section 12(3) of Act- A Data Principal shall make a request in such manner as
may be prescribed to the Data Fiduciary for erasure of her personal data, and
upon receipt of such a request, the Data Fiduciary shall erase her personal data
unless retention of the same is necessary for the specified purpose or for
compliance with any law for the time being in force.

From this clause, we can infer that Right to erasure or Right to be forgotten is
not absolute and data can be retained if necessary. Data can also be used for
certain legitimate uses defined under Section 7. Section 7 gave Data Fiduciary
right to process the data of data principal for some uses. There are 8 uses
mentinoned in this act.

Data protection regulations is the means by which we can achieve the ends i.e.
Right to be forgotten. The Digital Personal Data protection Act 2023 sets out
the obligations of Data Fiduciary, gives rights to Data Principal and also set up
Data Protection Board of India.

Once this act gets effective, the procedure to implement Right to be forgotten or
Right to erasure would get simple as it sets out obligations for data fiduciary
which are mainly businesses and after the inpretation of this act by High Courts
and Supreme Courts, we can find out the mention of Right to be forgotten.
PRACTICAL IMPLICATIONS FOR BUSINESS(LIKE
GOOGLE) IN IMPLEMENTONG RIGHT TO BE
FORGOTTEN

Businesses would need to revisit and potentially revise their data processing and
storage practices to ensure compliance with the right to be forgotten. Businesses
would need to enhance the transparency about data usage and obtaining explicit
consent from users for processing their personal data. They would have to make
a Data erasure mechanism. These mechanisms would ensure the permanent
removal of personal data from databases, systems, and backups. This involves
sophisticated algorithms and protocols to identify and delete specific data in
compliance with legal requirements. They would be need to strengthen their
securitites measures to prevent unauthorised access to personal data so that
personal data can be stored safely and no one can use it unlawfully.

ROLE OF TECHNOLOGY

In today’s world technology plays a big and crucial role in everything. For
example- in cricket, we can see the use of Hi-advanced technology by umpires
to reach to their decision like use of ultraedge sound or ball tracking. We can
see the role of technology in daily life. How payment apps have been made and
we can make any payment to any person without cash. How students can
virtually take classes from teachers and enhance their knowledge. Simiarly,
Right to be forgotten can be implemented effectively with the help of
technology.
There are various tech companies in India like Infosys, Wipro,Tech Mahindra
etc which help businesses by providing IT services. We need these tech
companies or any other small tech company to build mechanisms which can
implement right to be forgotten effectively.

Some of the fields in which we need this companies to work and gives us
mechanisms related to it are-

1. User interface- These tech companies need to make user interface


platform where people can get information about their right to be
forgotten/right to erasure, how they can use this right, what’s the
procedure etc.
2. Data erasure mechanisms- Businesses need automated data erasure
mechansims to ensure the permanent removal of personal data from
databases, systems, and backups. Tech companies can make such
mechanism for businesses.
3. Blockchain technology- Blockchain technology can be leveraged to
create decentralized systems where individuals have more control over
their data. This allows for better enforcement of the right to be forgotten
as users can manage and erase their data directly from the blockchain,
reducing reliance on centralized authorities. Hence these tech companies
can create such technology.
CONCLUSION:

The research paper has explored the intricate relationship between the Right to
Be Forgotten (RTBF) and data protection regulations in the evolving legal
landscape of India. The digital era has ushered in unprecedented amounts of
personal data, necessitating robust mechanisms to protect privacy and control
over personal information. The conceptual underpinnings of the RTBF and its
implications on the fundamental right to privacy enshrined in the Indian
Constitution have been thoroughly examined.

The evolution of the Right to Be Forgotten, from its origins in the European
Union to its recognition in India, reflects the global recognition of the need for
individuals to have control over their online presence. The Indian legal system,
through judgments like K.S. Puttaswamy v. Union of India, has acknowledged
the right to be forgotten as a fundamental right, which is subject to certain
restrictions.

The research has delved into the challenges and opportunities presented by the
interplay between the right to be forgotten and data protection regulations.
Balancing individual rights with freedom of expression and information poses a
complex challenge, requiring careful consideration and potentially the
introduction of specific regulations.

The paper has also examined the evolution of data protection regulations in
India, culminating in the Digital Personal Data Protection Act, 2023. While not
explicitly granting the right to be forgotten, the Act provides a framework for
data protection, including the right to correction and erasure of data. The Act
sets out obligations for businesses (Data Fiduciaries) and establishes the Data
Protection Board of India.
The practical implications for businesses, especially technology companies like
Google, in implementing the right to be forgotten involve revisiting data
processing practices, enhancing transparency, and developing robust data
erasure mechanisms. The role of technology, particularly in user interface
design, automated data erasure mechanisms, and leveraging blockchain
technology, is crucial for the effective implementation of the right to be
forgotten.

In essence, as technology continues to advance and the digital landscape


evolves, the research underscores the need for a delicate balance between
individual privacy rights and the legitimate interests of businesses and society.
The legal frameworks and technological solutions must adapt to ensure that
individuals can exercise their right to be forgotten while upholding broader
principles of freedom of expression and information. The Digital Personal Data
Protection Act, 2023, marks a significant step in this direction, providing a
foundation for addressing the complex interplay between the right to be
forgotten and data protection regulations in India. Government should enforce
this act in India as soon as possible.
BIBLIOGRAPHY:

1. https://articles.manupatra.com/article-details/Right-to-be-forgotten
2. https://www.scconline.com/blog/post/2022/01/27/the-evolution-of-
right-to-be-forgotten-in-india/#_ftn4
3. https://www.meity.gov.in/writereaddata/files/Digital%20Personal
%20Data%20Protection%20Act%202023.pdf
4. https://www.drishtiias.com/daily-updates/daily-news-analysis/justice-
bn-srikrishna-committee-submits-data-protection-report
5. https://www.drishtiias.com/daily-news-editorials/right-to-be-
forgotten-2
6. Allegri, M.R. (2022). The Right to be Forgotten in the Digital Age.
In: Comunello, F., Martire, F., Sabetta, L. (eds) What People Leave
Behind. Frontiers in Sociology and Social Research, vol 7. Springer,
Cham. https://doi.org/10.1007/978-3-031-11756-5_15
7. Naman Kappor & Juhi Punj,(2022),Data protection bill and the right
to be forgotten, Indian Journal of Law and Legal Research Volume
IV Issue II
8. https://scconline.com//

You might also like