Open Access Research Article
THE RIGHT TO BE FORGOTTEN: NAVIGATING THE TENSION BETWEEN PRIVACY AND FREE EXPRESSION IN THE DIGITAL AGE
Published Paper
Article Details
THE RIGHT
TO BE FORGOTTEN: NAVIGATING THE TENSION BETWEEN PRIVACY AND FREE EXPRESSION IN
THE DIGITAL AGE*
AUTHORED BY -
V VISHAL
ABSTRACT
This paper examines the
evolution and implementation of the "right to be forgotten" (RTBF), a
concept that has gained significant traction in the digital era. Originating
from European privacy laws, the RTBF was cemented by the landmark Google Spain
judgment and subsequently codified in the General Data Protection Regulation
(GDPR). The study traces the development of this right across various
jurisdictions, with a particular focus on its emergence in India through
judicial interpretations and proposed legislation. The research critically
analyses the challenges posed by the RTBF, including its potential conflict
with freedom of speech and expression. It highlights the delicate balance
required between individual privacy rights and public access to information.
The paper also explores the practical implications of implementing the RTBF,
discussing the role of search engines as de facto arbiters and the ambiguities
in current legal frameworks. Furthermore, the study considers the RTBF's impact
on democratic values, historical records, and the free flow of information. It
concludes by emphasizing the need for clear guidelines and a nuanced approach
to prevent the misuse of this right while ensuring adequate protection of
individual privacy in the digital landscape.
Inception of the Right to be
Forgotten
The
concept of the "right to erasure," commonly known as the "right
to be forgotten," is enshrined in Article 17 of the General Data
Protection Regulation (GDPR) of 2016.[1] This concept has its roots in French law, which recognizes "le droit a l'oubli" or "the
right of oblivion."[2] This French legal principle allows rehabilitated criminals to object to
the publication of information about their past convictions and imprisonment. The
modern interpretation of this right evolved from the European Union's Data
Protection Directive of 1995. This directive allowed individuals to request the
deletion of certain online information due to its inaccurate or incomplete
nature.[3] A significant development occurred in 2014 when the Court of Justice of
the European Union (CJEU) ruled on the case of "Google Spain SL and Google Inc. v. Agencia Española de Protección de
Datos (AEPD) and Mario Costeja González."[4] This landmark decision established that EU citizens have a right to be
forgotten, prioritizing personal privacy over freedom of information within the
European Union. This ruling was instrumental in incorporating the right into
the GDPR in 2016.[5] The implementation of this right posed challenges, particularly
regarding enforcement against both state entities and private search engines.
The solution involved designating the state as a regulator to enforce residents'
rights against private search engines like Google, Yahoo!, and Bing.
Before the Google Spain judgment, the European Parliament and
Council had enacted the Data Protection Directive. This directive intended to govern
personal data transfer across EU Member States and provide a foundation for
protecting individuals essential freedoms, particularly privacy. Unlike traditional European directives, which often allowed significant
discretion in implementation, the Data Protection Directive provided limited
flexibility to ensure harmonization of privacy laws across Member States
without compromising security. The Google Spain case[6] was groundbreaking in introducing and enforcing a citizen's right to be
forgotten, making its analysis particularly significant in the development of
data protection law in the European Union
Analysis of the Google Spain
Judgment
Prior to the Google Spain
Judgment, the European legislature and Council enacted the Data Protection
Directive (DPD) to regulate the exchange of personal data across the union’s
States and protect privacy rights. The DPD aimed to harmonize national privacy
laws without compromising security. The Google Spain case, being the first to
introduce and enforce the "right to be forgotten," is considered a
landmark decision.
Facts of the Case
In 2010, Spanish citizen
Mario Costeja Gonzalez filed a complaint with the Spanish Data Protection
Agency (AEPD) against Google Inc., Google Spain SL, and a local newspaper. He
asked for the erasure of personal information relating to a 1998 auction notice
for his foreclosed home, asserting that the information had become irrelevant. Gonzalez sought two reliefs:
deletion of the newspaper article and removal of links to the article from
Google's search results.
AEPD's Decision
The AEPD affirmed Gonzalez's claim against Google, determining that
search engine providers are subject to data protection laws because they
process data and operate as intermediaries. However, it dismissed the claim against the newspaper,
stating that the information was necessary for potential bidders. This decision
implicitly formulated the "right to be let alone" and, by extension,
the "right to be forgotten."
CJEU's Decision
When Google appealed to the Court of Justice of the European Union
(CJEU), the court had to interpret Directive 95/46[7]
concerning search engines and newer technologies. The key questions were:
- Whether
search engines' activities constitute "processing of data" under
Article 2(b) of Directive 95/46.
- Whether
search engines can be considered "controllers" of personal data
under Article 2(d).
The CJEU concluded that search engines process data and are controllers
of personal data under Articles 2(b) and 2(d) of Directive 95/46. The court
ruled that search engines play an important role in disseminating personal
information by making it available to any internet user looking for an
individual's name. The court then addressed whether Articles 12(b) and 14(a) of
Directive 95/46 allow data subjects to request search engines to prevent indexing
of information published on third-party websites, even if the information was
lawfully published. Google argued using the "Proportionality
Principle," contending that removal requests should be directed to the
original publishers. They also raised concerns about the fundamental rights of
website publishers and internet users' freedom of speech. However, the CJEU
favoured citizens privacy rights over internet users' freedom of speech. The
nature of the material, its sensitivity to the private life of the data
subject, and the public's interest in gaining access to the information are all
factors that the court observed may affect the balance. The CJEU ruled that
search engine operators are obliged to remove links to web pages containing
personal information from search results based on a person's name, even if the
information remains on the original web pages and its publication is lawful.
This right to be forgotten stems from the right to privacy and is subject to
certain conditions:
- The
processing of personal data must be incompatible with the Directive.
- The data
may be insufficient, obsolete, or excessive in relation to the processing
purposes.
- The data
is not kept up to date or is retained longer than necessary.
The court stated that if the inclusion of links to lawfully published
web pages containing true information is found to be incompatible with the
Directive because the information appears inadequate, irrelevant, no longer
relevant, or excessive, the links must be erased.[8]
The Google Spain judgment
was a landmark decision wherein the ECJ ruled that "right to be
forgotten" was a facet of right to privacy. While doing
so, it included the right to delist or de-index links and
extensively considered the potential consequences of such a right,
reaffirming that there was adequate reasons to ensure that such a power was not
abused. The court held
the subsidiaries responsible for the processing of data and an EU entity and
subsidiary, however, practical issues of compliance remained as the links of
the print article will be removed from Google Spain (or maybe all Google
subsidiaries in the EU) but it will be available on other jurisdictions which
do not recognize the right to be forgotten such as the US (in Google US) to
people disguising their location using a Virtual Private Network.[9]
In January 2012, the
European Commissioner for Justice, Fundamental Rights and Citizenship unveiled
a plan to formalize the right to be forgotten. On May 13, 2014, the CJEU
unequivocally ruled in the Google case that the right to be forgotten can be
implemented against search engine operators and third parties who are the
publishers of the impugned information on the internet, even if the publication
is lawful, establishing a "right to be forgotten" for European Union
citizens. A significant consolidation of privacy rules resulted from this
verdict. This ruling led to a broad unification of privacy laws.[10] The
next step for the enforcement of a legal right was always finding a solid place
in a legislation to make it an enforceable right with all reasonable
restrictions and a well-defined scope of the application of the right.
After the Google Spain
verdict, the 2012 proposed codification gathered traction. 2018 will mark the
start of its implementation. It was formally agreed upon in 2015 and approved
by the European Parliament and Council in 2016. The decisions rendered in the
landmark Google Spain case are reinforced and incorporated by the codification. In order to establish a uniform legal
framework for the RTBF, also known as the right to erasure, and to harmonize
data protection throughout the EU, the European Council and the European
Parliament passed the General Data Protection Regulation (GDPR) in May 2016. In
2014, Art. 17's title was descriptively altered from "Right to be
forgotten and to erasure" to "Right to erasure”.[11]
The aforementioned provision seeks to mandate that, in response to such a
request, the data controller destroy the customer's information. There are
several reasons for this, from consent withdrawal to the knowledge becoming
irrelevant. Other reasons are as follows:
1) Lack of legality in processing
such information,
2) Objection by the user, and
3) Making user data, public without a
justifiable cause.
In the event that an
order of 'erasure' is made in favour of the user, such information against
which an order is made, cannot be stored or transferred any further.
International Developments of Such Right
Since Google is an
American firm, there has been a lot of global attention, particularly in the
US, to the EU's implementation of the right to be forgotten. It is crucial to
keep in mind, nevertheless, that many other countries are presently discussing
whether to create a right to be forgotten in their legal and political spheres.
India needs to assess the right much more urgently in light of this global
discussion. For instance, the right to be forgotten in Argentina[12]
has a pop-culture twist since celebrities routinely launch Internet privacy
disputes. In one well-known instance, a well-known soccer mogul was sued by an
Argentine pop singer who had defeated Google and Yahoo in a 2009 trial court
battle but had lost the following year on appeal. The cases in Argentina are
based on other strong legal claims because there isn't the same "right to
be forgotten" as there is in Europe. Not only Argentina but also a number
of other non-EU countries struggle with the right to be forgotten. For example,
in July 2015, Russian President Vladmir Putin signed into law a bill that
mirrored the European Union's right to be forgotten, resulting in more
stringent regulations for Russian search engine providers.[13] A
legal variant of the right to be forgotten is afforded to Russian citizens.
This gives citizens the ability to change the information that comes up when
someone searches for their name online, as long as they avoid clicking on links
that take them to outdated, unverified, or privacy-violating websites. The
search engine providers have ten days to respond, failing which they could face
penalties or legal action.
Major Criticisms Against the Enforcement of Such a
Right
The Right to be Forgotten
has been the subject of much debate and criticism in response to the GDPR and
the Google Spain Judgment. There is no expectation of privacy when submitting
personal information online, according to several scholars. Others
hold that the RTBF's protections would unfairly restrict people's access
to information and freedom of speech and force search engines to remove content
from the Internet. Technology thinks tanks noted that while the new law gives
EU people greater control over their personal data, its implementation will be
challenging for governments, small and medium-sized enterprises, and civil
society organizations due to the excessive bureaucracy involved. Specifically,
the harsh administrative penalties and onerous proof requirements associated
with data protection violations may deter new business ventures and obstruct
scientific investigation.[14]
Further, the CJEU also
held that the respondent falls under the ambit for being subject to the
territorial application of the DPD. The parent corporation of Google Search is
situated in the United States; yet, Google Spain, a subsidiary, functioned as
the Google group's commercial agent in Spain, selling and marketing advertising
space. As a result, the Court found an unbreakable link between Google Inc.'s
data processing activities and Google Spain's business operations. Therefore,
data controllers believe that processing carried out "in the context of
the activities" of an EU subsidiary is sufficient to meet the DPD's
criteria. The rule was widely implemented due to a teleological interpretation
of the DPD.[15]
The Court reasoned that a
comprehensive interpretation of the regulation was required since the EU
legislature sought to ensure effective privacy protection. As a result, the
ruling made it possible to file a right of erasure against non-EU data
controllers. Google Inc. appealed this part of the ruling to the Conseil D’état, or the French Supreme
Court, and then to the CJEU, which recently ruled that
"where a search engine operator grants a request for
de-referencing pursuant to the provisions of the Directive and the GDPR, that
operator is not required to carry out that de-referencing on all versions of
its search engine, but on the versions of that search engine corresponding to
all the Member States, using, where necessary, measures which, while meeting
the legal requirements, effectively prevent or, at the very least, seriously
discourage an internet user conducting a search from one of the Member States
on the basis of a data subject's name from gaining access, via the list of
results displayed following that search, to the links which are the subject of
that request."
Essentially ruling that
search engines like Google are not obligated to comply with delisting requests
made globally, eliminating the right to be forgotten's extraterritorial
application outside of the EU.
The Puttaswamy Judgment[16]
A right to be forgotten
in the Indian context was extracted from the realm of "informational
privacy" by the Supreme Court's 9-judge bench, which also decided that the
right to privacy was a basic right. "The
right to privacy is not merely a common law right but has to be deemed as a
fundamental right"[17]
stated the Honourable Justice Sanjay Kishan Kaul. In addition, he recognized in
his concurring opinion that informational privacy encompasses the right to be
forgotten in both real and virtual realms. This is essential given the
internet's pervasive presence. The goal of the right to be forgotten is to
guarantee that a person has total control over the data that is shared online.
It stands to reason that they would also be in charge of their internet persona
and want any information about them removed. Justice Kaul was of the view that
"the right to control all information about themselves encompasses one's
right to control their existence on the internet. Therefore, just because the
information is truthful, it does not entitle the general public to access
it." The rationale behind this was clarified by pointing out the
distinction between the application of 'public interest' and anything 'in the
interest of the public'. It was stated that the information regarding the
latter could be crucial. However, it still will not fall under the garb of
public interest so as to justify infringing privacy of an individual.
A right of this kind
would not have absolute boundaries; thus, history would not be entirely erased.
The following are a few examples of reasonable constraints listed in the
judgment:
1) Other fundamental rights
(especially freedom of speech and expression)
2) Compliance with legal obligations
(such as taxes)
3) Public interest
4) Public health
5) Archiving
6) Scientific, historical or
statistical research and
7) Defence of legal claims.
This implies that people
have the right to decide what personal information about them should be shared
in both online and offline settings. Recognizing that errors are human and
shouldn't be used against someone based on information they may have placed
online. This totally prevents them from reintegrating into society. In order to
foster the ability to change, Justice Kaul stresses the importance of right to
be forgotten (as part of right to privacy) and relies on Article 17 of GDPR
that provided the right to erasure for the same. The Supreme Court has not
declared the "right to be forgotten" to be a fundamental right.
Therefore, it is left as a question of judicial interpretation by the High
Courts in India. Notably, the Gujarat High Court has decided against such a
right, whereas the Karnataka and Kerala High Courts have upheld it.[18]
The Personal Data Protection Bill, 2018
The Information
Technology Act, 2000[19]
is the piece of legislation in India's legal system that controls electronic
commerce and addresses cybercrime. Nevertheless, neither the IT Rules 2011[20]
nor this bill acknowledge the concept of online data privacy or the right to be
forgotten. The Sri Krishna Committee, chaired by B.N. Sri Krishna, was only
formed by the government in response to the 2017 verdict in the Privacy case.
Its purpose was to develop a comprehensive framework that could be implemented
and enforced without affecting rights under other laws into consideration. In
response to the Committee's recommendations The Government drafted the Personal
Data Protection Bill, 2018, a comprehensive piece of legislation that covers
every aspect of privacy. Justice Sri Krishna himself said that commerce and
industry cannot be compromised in the name of data protection, even while
international commitments and citizens' rights must be respected.
The Personal Data
Protection Bill and its European equivalent, the GDPR, observe similar effects
on citizens. But, in contrast to the GDPR, it's probable that this piece of law
has given the State and other similar institutions new liberties that are more
vaguely defined or uncertain in nature. This could result in the State applying
strange interpretations to such ambiguously written regulations and imposing
different types of monitoring based on its whims and fancies.[21] The
second issue with this section is that the people making these requests for the
"right to be forgotten" are not impartial. The PDP Bill has bestowed
this responsibility upon adjudicators; the government selects the members of
the Data Protection responsibility for appointment. Put another way, the
government will nominate the adjudicators, and during their tenure, they will
ostensibly be under its purview.
Striking
a balance between the Right to be Forgotten and Article 19 of the Constitution
The core critique of the right to be forgotten has consistently cantered
on its potential to limit freedom of expression. This contentious issue
highlights a fundamental tension in modern society: the balance between
collective rights and individual privacy. On one side, we have the public's
entitlement to free speech and expression, which encompasses the right to
access and disseminate information. This societal right is deeply rooted in
democratic principles and supports the free flow of ideas and knowledge. On the
other side, we find an individual's claim to the right to be forgotten - a key
aspect of personal privacy. This right empowers people to request the removal
or de-indexing of certain personal information from public access, particularly
online. The conflict arises when these two rights intersect. When an individual
exercises their right to be forgotten, it may result in the removal of
information that others argue should remain in the public domain. This creates
a complex dilemma: How can we protect personal privacy without unduly
restricting public access to information?
The primary issue is the
fact that it is prima facie limiting of the right to freedom of speech and
expression established in the Constitutions of various States such as the
United States of America[22]
and India. The issue before the court is one of freedom of speech and
expression vs the right to be forgotten, two things that are diametrically
opposed. To address the aforementioned issue, a diplomatic approach needs to be
used, noting that the best course of action is to contextualize the two rights and
determine which party has the advantage of convenience in having their right
realized. The Indian Constitution does not specifically address the right to
privacy as a Fundamental Right in Part III. Nonetheless, the right to freedom
of speech and expression is specifically included in Article 19 (1) (a) of the
Constitution, which addresses a number of public liberties. The Indian
judiciary deserves recognition for recognizing the right to privacy as an
essential component of Article 21 of the Constitution. When the idea of privacy
was previously foreign to Indian legal precedent, Justice Subba Rao's forceful
and innovative dissent in the Kharak
Singh v. State of Uttar Pradesh[23]
case gave Article 21 a liberal interpretation, planting the seeds of privacy in
the Constitution. Before the groundbreaking ruling in Justice K.S. Puttaswamy (Retd.)[24]
where the concept of privacy was discussed in detail by a Constitutional
Court bench of nine justices and certain other aspects of privacy were
acknowledged as well and given constitutional protection under Article 21, the
idea and concept of privacy only extended to bodily privacy and domiciliary
visits. The Indian Constitution, under Article 19(1)(a),
safeguards the right to freedom of speech and expression. However, this right
is not absolute and can be subject to reasonable restrictions as specified in
Article 19(2). These constitutional provisions allow the State to enact
legislation and implement additional guidelines that may place certain
limitations on this fundamental right.
In the subsequent sections of this discussion, a compelling argument
will be presented against the existence and implementation of the right to be
forgotten. The core of this argument rests on the premise that this right
potentially infringes upon citizens' constitutionally protected freedoms of
speech and expression. The debate centres on the delicate balance between
individual privacy concerns and the broader societal interest in maintaining
open access to information. The right to be forgotten, while intended to
protect personal privacy, may have far-reaching consequences that could
potentially undermine the robust tradition of free expression in India.
This critique will explore how the application of the right to be
forgotten might extend beyond its intended scope, potentially leading to
unintended restrictions on the free flow of information. It will examine the
tension between an individual's desire to control their personal information
online and the public's right to access and share information freely. By
analysing these conflicting interests, the following sections aim to
demonstrate how the right to be forgotten, in its current form, may pose a
significant threat to the fundamental right of free speech as enshrined in the
Indian Constitution.
Google Case Provides for Excessive Delegation on the
Search Engines
In accordance with the
GDPR, 2016, the right to be forgotten requires a private organization, such as
Google, to determine whether the link that is being asked to be removed meets
any of the removal criteria listed in Article 17. The author firmly holds that
there is an urgent need for the European Union to come up with certain
guidelines to regulate this unlimited power handed over to the search engines
and data controllers by the CJEU. Any person making a request to one of these
search engines for the removal of certain information from their databases with
the purpose of making it inaccessible to the world will not be entertained by
the search engines. The provision in the GDPR mentions a well-worded criterion,
however it is open to many interpretations and the absence of any sort of
guidelines to control the power exercised by the search engines would lead to
the conclusion that the search engines are exercising the rights of the
individuals in an arbitrary way. Though it might be true that the search engines
while justifying the deletion of the concerned entry, have proof to show that
the link was deleted as it met the grounds mentioned in the Article 17 of the
GDPR or their act is in consonance with the decision of the CJEU which held for
the right to be forgotten.
Looking at this situation
from the Indian perspective, a certain piece of legislation called the Personal
Data Protection Bill, 2018 is on its way to becoming a full force law in India.
This law involves the creation of a Data Protection Authority which will be
responsible of the requests made by certain individuals with respect to the
enforcement of their right to be forgotten. Even this authority will act in an
arbitrary manner, unless certain guidelines are framed within which this
authority can act and their limitations are well defined in those guidelines.
In India, the practice of delegation, to a body run by the executive, has been
in effect since long. However, the doctrine of excessive delegation is also in
effect. The Supreme Court decision in 'In Re: Delhi Laws Act, 1912[25]'
held that legislatures in India have wide delegation powers, subject to one
limitation: a legislature cannot delegate essential legislative functions such
as determining legislative policy and formally enacting that policy into a
binding rule of conduct.
Ambiguous Grounds Mentioned Regarding Removal of
Information
The right to be forgotten
represents an individual's request to have specific data removed so that third
parties can no longer identify them. It's been defined as "the right to
silence on past events in life that are no longer occurring." Consequently,
the regulation of such a right which has far-reaching implications becomes of
paramount importance and there is a need for statutory backing to this right.
It is a settled position in law that a statute worded vaguely would be held
unconstitutional by the courts as it will abridge the right of a fair warning
to the citizens before any adverse action is initiated against them. The author
also mentions that the same legal proposition covers to the restrictions which
are imposed by a law which doesn't seem to include the element of rationality
in its provisions.
Section 18 of the
Personal Data Protection Bill, 2018[26],
which discusses the right to correction and erasure, states that the data
principal, i.e. the concerned person, can apply to have certain information
about himself removed from the internet or corrected if it is inaccurate in
nature and is no longer required for the purpose for which it was processed.[27] Only
when there is incorrect personal data which is misleading[28]
someone or when there is incomplete[29]
personal data which needs to be completed, can a request for correction be made
to the concerned data fiduciary under Section 18(2) of the Bill. The conditions
mentioned in the current legislation are vague and ambiguous to say the least.
They can be bent and skewed by the concerned data fiduciaries to abide by the
requests made by the data principals on principals on the basis that it should
be requested based on one of the grounds mentioned in Section 18 clause 1 of
the Bill. This leads to a huge amount of discretion being handed over to the
data fiduciary, or in this case, the search engines and such a provision is liable
to be held unconstitutional on the ground of it being vague and open to many
interpretations.
Chilling Effect on Freedom of Speech and Expression
The implementation of the right to be forgotten raises significant
concerns due to its potential conflict with freedom of speech, a fundamental right
of utmost importance. In India, Article 19 of the Constitution enshrines the
right to free speech and expression as one of the essential liberties granted
to citizens. Over time, constitutional jurisprudence has elevated this right to
a prominent position through various influential court decisions. The only
permissible limitations on free expression are those reasonable restrictions
specifically outlined in Article 19(2). No constraints beyond those enumerated
in this section can be considered legitimate limitations on the freedom of
speech and expression. The list of acceptable restrictions provided in Article
19(2) is comprehensive and definitive.[30]
In the Shreya Singhal case[31],
it was decided that certain limitations listed in Section 66-A of the Information
Technology Act, 2000; such as "information that may be grossly offensive,
or which causes annoyance or inconvenience" are unconstitutional because
they are ill-defined and have imprecise language. All restrictions must be
"couched in the narrowest possible terms." Furthermore, the court
determined that Section 66-A was unconstitutional in this case due to its
chilling impact on free speech.[32] Should
the right to be forgotten remain in its present form, it's likely to have a
similar chilling effect on free expression as observed in the case at hand.
While this right may be technically valid and within the parameters outlined in
the Personal Data Protection Bill of 2018, its practical application could
extend far beyond its intended scope. Individuals might invoke this right to
remove online personal information they deem superfluous, irrelevant, or
inaccurate. However, this subjective interpretation of what constitutes
removable data may not align with the general public's perspective. The potential
for widespread use of this right raises concerns about its impact on the free
flow of information. It could lead to situations where individuals attempt to
scrub the internet of data they personally find unfavourable, even if that
information serves a legitimate public interest. This broad application of the
right to be forgotten could create tension between personal privacy desires and
society's need for open access to information.
The Personal Data
Protection Bill, 2018's Section 18[33]
addresses the right to erasure and correction. Even the CJEU's decision in the
Google case was called into doubt since it created and maintained the right to
be forgotten, which was seen as a means of limiting free speech and imposing
censorship by non-state actors like search engines. Furthermore, rather than
risking being fined for non-compliance, the search engines would exercise
caution and essentially comply with all demands in order to avoid paying the
punishment. Exorbitant fines imposed on data controllers and
search engines for failing to respect citizens' right to be forgotten, combined
with an ambiguous provision, would render the right to be forgotten null and
void in its existing form, suppressing free speech.
CONCLUSION
The right to be
forgotten, while aimed at protecting individual privacy in the digital age,
presents significant challenges when balanced against the fundamental right to
freedom of speech and expression. Developments in the European Union,
particularly the GDPR and the landmark Google Spain case, as well as emerging
discussions in India, including the Puttaswamy judgment and the Personal Data
Protection Bill, 2018, highlight the ongoing debate surrounding this right. The
implementation of the right to be forgotten raises several concerns, including
potential infringement on freedom of speech, ambiguity in the grounds for
removal of information, excessive delegation of power to private entities like
search engines, and the risk of a chilling effect on the free flow of
information. To address these issues, a careful balance must be struck between
individual privacy rights and the public's right to information. This balance
requires clear, unambiguous guidelines for implementation, establishment of an
independent regulatory body to oversee removal requests, narrow and precise
framing of conditions for information removal, and consideration of public
interest and historical record preservation. As India moves forward with its
data protection legislation, it must carefully consider these factors to ensure
that the right to be forgotten does not unduly restrict the fundamental right
to freedom of speech and expression. The challenge lies in crafting a legal
framework that protects individual privacy while preserving the open,
democratic nature of the internet and safeguarding the public's right to access
information of legitimate interest.
*
Author, V. Vishal, 2250334, 5 BA LLB ‘C’.
[1] General Data Protection
Regulation GDPR, 2016, art. 17.
[2] Hillary C. Webb, People Don’t
Forget: The necessity of legislative guidance in implementing a U.S. Right to
be forgotten, 85 GEO, WASH. L. REV. 1304, (2017).
[3] Council Derivative 95/46/EC,
art. 12 (b), 1995 O.J (L 281) 31.
[4] Case C-131/12
[5] GDPR, supra 1.
[6] Google Spain v. Agencia
Espafiola de proteccion de Datos (AEPD), 2014 E.C.R. 317.
[7] Council Directive 95/46/EC, 1995
O.J. (L 281) 31.
[8] Google Spain, 2014 E.C.R. 317.
At para 92.
[9]Klint Finley, “In Europe vou will
need a VPN to see real search results”, Wired (8" March 2016), available
at
https://www.wired.com/2016/03/europe-youll-need-vpn-see-real-googlescarch-results,
(last accessed 2" October 2019)
[10] Council Regulation 2016/279,
2016 O.J. (L119) 1 (EU).
[11] Protection of Individuals with
regard to the processing of personal data, EUROPARL (Jan 29, 2018) available at
http://www.europarl.curopa.ew/sides/geboc.do?ype-TA&language-EN&reference-P7.
(Last accessed on 4th October 2024)
[12] Edward L. Carter, Argentina’s
Right to be forgotten, EMORY INT’L. REV. Vol. 27, p 23 (2013)
[13] Brittany Doyle, Russia’s “Right
to be forgotten” and China’s right to be Protected; New Privacy and security
legislation, HARV. J.L. & TECH: JOLT Digest (2015)
[14] Stefania Alessi, Eternal
sunshine: The right to be forgotten in European union after the 2016 General
data protection Regulation, 32 EMORY INT”L L.REV. 145, 172 (2017).
[16] Justice K.S. Puttaswamy ( Retd.
) & Anr. vs. Union of India & Ors. (2017) AIR 2018
SC (SUPP) 1841.
[17] Id at para 219.
[18] Dharamraj Bhanushankar Dave v.
State of Gujarat & Ors 2015 SCC OnLine Guj 2019; Vasunathan v. Registrar
General, (2017) SCC OnLine Kar 424.; Zulfiqar Ahman Khan v. Quintillion
Business Media Pvt. Ltd. & Ors. AIR 2019 Del. 132
[19] No. 21, Acts of Parliament,
2000.
[20] Information Technology Rules,
2011.
[21]Personal Data Protection Bill - A
right to be Forgotten, giving government the power to censor, available at:
https://www.bloombergquint.com/opinion/personal-data-protection-bill-a-right-to-be-forgotten-giving-government-the-power-to-censor.
[22] US Const. amend. 1.
[23] AIR 1963 SC 1295
[24] (2017) 10 SCC 1.
[25] In re Delhi Laws Act, 1912, AIR
1951 SC 332.
[26] § 18(1), Personal Data
Protection Bill, 2018.
[27] § 18(1)(d), Personal Data
Protection Bill, 2018.
[28] § 18(1)(d), Personal Data
Protection Bill, 2018.
[29] § 18(1)(a), Personal Data
Protection Bill, 2018.
[30] Ram Jethmalani v. Union of
India, (2011) 8 SCC 1.
[33] Supra Note 26.
Article Information
THE RIGHT TO BE FORGOTTEN: NAVIGATING THE TENSION BETWEEN PRIVACY AND FREE EXPRESSION IN THE DIGITAL AGE
Authors: V VISHAL
- Journal IJLRA
- ISSN 2582-6433
- Published 2025/03/26
- Issue 7
About Journal
International Journal for Legal Research and Analysis
- Abbreviation IJLRA
- ISSN 2582-6433
- Access Open Access
- License CC 4.0
All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.
Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.