The boundaries of privacy are becoming increasingly blurred, and the virtual world now plays a significant role in determining an individual's credibility. This fundamental shift in the nature and scope of personal data available online has highlighted the urgent need for the Right to be Forgotten (“RTBF”). A similar view was also taken by the Madras High Court while ordering a search engine to redact the name of the petitioner from a judgment who was acquitted of the charges under the Indian Penal Code in an order dated August 03, 2021. The order was further upheld by the Division Bench of Madras High Court on February 27, 2024[1].
However, on July 24, 2024, the Supreme Court of India, through its bench led by Chief Justice DY Chandrachud, stayed the above-mentioned order and said that “once a judgement is delivered, it becomes part of the public record, and any direction to remove it will have serious ramifications.”
Is the 'Right to be Forgotten' the Solution to Modern Privacy Concerns?
RTBF, also known as the Right to Erasure (“RTE”), allows individuals to request the removal of their personal information from the Internet, related databases, search engines, websites, or any other public platform only when the information is no longer necessary or relevant, thereby safeguarding their privacy and protecting their reputation.
The history of RTBF can be traced back to the European Court of Justice in the case of Google Spain SL and Google Inc. v AEPD and Mario Costeja González. The petitioner, who once needed funds, published a newspaper advertisement offering property for auction and subsequently indexed it on the Internet. Unfortunately, the advertisement remained online long after his financial situation had improved. As a result, anyone searching for him online would find outdated information suggesting he was still bankrupt. Understandably, this damaged his reputation, prompting him to take legal action.
This case ultimately gave rise to 'the right to be forgotten'. The European Court of Justice ruled against the search engine giant, affirming that under certain circumstances, citizens of the European Union have the right to request the removal of their personal information from databases, including public records and search results.
Judicial Odyssey: The Evolution of the 'Right to be Forgotten' in India
In India, RTBF under Section 12 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) is in the name of the ‘Right to correction and erasure of personal data’.[2] However, RTBF is still in its developing stage in India at the moment. For instance, in 2017 the Gujarat High Court in the case of Dharmaraj Bhanushankar Dave v. State of Gujarat[3] did not acknowledge the right to be forgotten. However, the Karnataka High Court, in the case of V v. High Court of Karnataka[4] recognised the same, stating that “this would be consistent with the trend in western countries, where the ‘right to be forgotten’ is applied as a rule in sensitive cases concerning women in general, as well as particularly sensitive cases involving rape or harming the modesty and reputation of the individual concerned”. Later, the Supreme Court also recognised the RTBF as part of the Right to life with certain restrictions in the landmark judgment of K.S. Puttaswamy v. Union of India[5].
Contrasting provisions of the DPDP Act and GDPR
The DPDP Act is largely influenced by the European Union's General Data Protection Regulation (“GDPR”), offering stronger protection for personal data. However, there are certain differences between the two legislations.[6] The recent enactment of the DPDP Act officially codifies RTBF in India; however, the scope of RTBF is narrower than that under GDPR. A comparative analysis between Section 12 of the DPDP Act and Article 17 of the GDPR reveals several distinctions.
In India, Section 12 grants data principals the right to correct, complete, update, and erase personal data obtained with consent. However, erasure may be denied if retention is necessary for a specified purpose or legal compliance. In contrast, Article 17 of the GDPR allows data subjects to request erasure without undue delay under specific conditions, including withdrawal of consent, unlawful processing, or when the data is no longer necessary for its original purpose.
Furthermore, the GDPR's RTE encompasses broader aspects, such as unlawful data processing, compared to India's RTE, which is limited to digital personal data processed with consent.
Conclusion
As the global landscape evolves, prioritizing data protection and privacy rights remains paramount. The upcoming developments in the RTBF following the Supreme Court's stay of the Madras High Court order and agreeing to examine the issue of the ‘right to be forgotten’ will be particularly interesting to observe. Moving forward, the RTBF is expected to evolve in tandem with India's data protection laws.
[1] https://www.livelaw.in/pdf_upload/karthick-v-registrar-general-525727.pdf
[2] Section 12 of the Digital Personal Data Protection Act, No.22 of 2023.
[3] 2017 SCC OnLine Guj 2493.
[4] 2017 SCC OnLine Kar 424.
[5] AIR 2017 SC 4161
[6] Data Protection Obligations of Financial Service Providers in India, AK and Partners, available at: https://www.akandpartners.in/_files/ugd/077257_3a02df1c9ef44156b3612fb42d0cbfb6.pdf