top of page

The right to be forgotten, a dive into the Indian landscape

In today’s world, social media is the dictator of one’s reputation and dignity, especially in the public eyes. Online platforms contain collection and records of an individual’s history of all information. For every platform, it becomes a responsibility to assure the dignity of an individual by guaranteeing them the right to personal liberty and privacy in a reasonable manner. Today, the unparalleled growth of technology has blurred the boundaries of privacy. It is true that we enjoy the advantages which AI brings to us, but we forget its ability to interpret data, study behavioural patterns and automate human responses, all of which can have a huge impact on our lifestyle, if in any way our personal information gets compromised. If we look deeply, an individual’s personal information is no more limited to just paper documents, official or government records. It can now be easily assessed by an individual from anywhere around the world through web or search engines.

In the context of protecting an individual’s privacy, national laws are being introduced, which extends to a person’s right with respect to the processing of personal data. The concept of right to be forgotten implies that personal data, which is no longer needed for the purpose that it was originally destined to fulfil, should be completely erased from the public record. Thus, information that is publicly available, would be removed from databases, web searches and other public platforms, when it is not relevant.

The 'right to be forgotten' (RTBF) was first derived from the Google case, wherein the European Union Court of Justice held that search engine providers, such as Google, have a responsibility for checking the personal information that appears on web pages that are published by third parties. The Court orchestrated for the protection of personal data and respect for private and family life4. The 2014 ruling brought about the removal of 45% of the 3.3 million links that Google received about the "right to be forgotten" requests within the EU.

Moving on, when the EU introduced the GDPR, it sparked a debate about privacy in several nations. In the Indian landscape it was highlighted that we needed to formulate a data protection framework which allowed for provisions of an individual’s protection of personal data. As of now, India does not have a framework for the same. However, let us have a look at the case study below,

In Jorawer Singh Mundy v. UOI8, the Delhi High Court granted the right to an Indian-American citizen to have a judgement removed from the platforms of Google, Indian Kanoon and, as he had been an accused in the case, but had been acquitted. The Court gave an interim relief and directed the said removal on the platforms by recognizing the individual's right to privacy under Article 21 as it was hampering with the professional life of the litigant.

According to Section 43A of the Information Technology Act of 2000, organizations that possess sensitive personal data and fail to maintain appropriate security to safeguard such data, resulting in wrongful loss or wrongful gain to anybody, may be obligated to pay damages to the affected person. The 'Right to be forgotten' is not specifically included in the Government of India's notification of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. It does, however, provide procedures for filing complaints with the designated Grievance Officer in order to have content that exposes personal information about the complainant removed from the internet without the complainant's agreement.

The 'Right to be forgotten' bill contains some sections which are either directly or some extent similar to the 'Right to be forgotten', these sections are as follows.

1.According to Section 9 of the Personal Data Protection Bill 2019 The data fiduciary shall not maintain any personal data beyond the term necessary to serve the purpose for which it is processed and shall erase the personal data at the conclusion of the processing.

2. Regardless of sub-section (1), personal data may be maintained for a longer period if the data principal has given his or her explicit agreement, or if it is required to comply with any requirement imposed by any legislation now in effect.

3. The data fiduciary must assess personal data in its possession on a regular basis to decide if it is required to keep it.

  1. Section 18 clause (d) of this bill say that every citizen has Right of erasure of personal data which is no longer necessary for the purpose for which it was processed.

  2. Section 20 clause (1) of this bill defines the ground for claiming of Right to erasure as the clause say (1) The data principal shall have the Right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary where such disclosure-

    1. has served the purpose for which it was collected or is no longer necessary for the purpose;

    2. was made with the consent of the data principal under section 11 and such consent has since been withdrawn; or

    3. was made contrary to the provisions of this Act or any other law for the time being in force7.

  3. As per Clause 21, the 'Right to be forgotten', unlike the other Rights of the data principal, does not require the data principal to request the data fiduciary to restrict or prevent the disclosure of any personal data. The data principal is only required to make an application to the Adjudication Officer to enforce this Right.

The PDPB 2019, on its arrival, faced significant criticisms, especially regarding the regulation of social media platforms and requirements of data localization, which raised concerns for potential violation of fundamental rights of the citizens of India as well as being non-friendly for businesses and platforms to operate in India. This led to significant amendments being proposed in 2021 that aimed to clarify and rework the criticized provisions.

However, in August 2022, the bill was withdrawn altogether by the Indian government, because it failed to meet international standards and upcoming challenges. Again, on 18th November 2022, the Indian Government released a draft for the Digital Personal Data Protection Bill 2022 (“DPDP Bill”), which was then open for public comments and consultations until 02 January 2023. This Bill, once passed, would be called the Digital Personal Data Protection Act 2022.The DPDP Bill's objective will be to provide standards for handling digital personal data in a way that respects both people's rights to privacy protection and the need to handle personal data legally.




Follow Global Lawyers Association for more news and updated from International Legal Industry.




bottom of page