In a first for India, in February this year, an NRI lawyer working with an international bank in Dubai filed a petition in the Delhi High Court asking for the right to be forgotten online.
No, he neither suffers from social anxiety, nor does he have any deep, dark secret to hide. But, there is some information available online that links him to a court case that has been resolved, and he wants his digital persona cleared of the seemingly incriminating legal slur.
The lawyer said in his petition to the Delhi High Court that his name is mentioned in a court order available on indiankanoon.org, a website that publishes court judgements. He claimed that he wasn’t even a party in the 2015 criminal case, which was fought between his wife and his mother, and said that the case has been resolved since. But, even today, a Google search on his name throws up the court order on the Indian Kanoon website as the top result.
The lawyer, in his petition, claims that this online record could potentially “jeopardise his prospective employment opportunities,” as it gives the impression that he was involved in “some sort of criminal proceeding in India.” His fears are not unfounded, considering that social media verifications and Google searches are par for the course in background checks run by organisations looking to hire in modern times.
He approached both Google and indiankanoon.org in January this year, requesting them to remove the URL in question, but when he received no response from either, he approached the Delhi High Court. The case is up for hearing on February 2, 2017.
FactorDaily has a copy of the 131-page petition, where the lawyer cites as a precedent the landmark Google Spain vs Mario Costeja Gonzalez judgment, in which the European Court of Justice (ECJ) ordered the search giant to take off all web links related to Costeja.
So, if there is something embarrassing about you on the net, or there’s some information available that’s not really relevant in the current day and time but that has the potential to harm your reputation, should you have the right to be forgotten online?
In other words, is it justifiable to ask a website or a search engine to erase such content from the internet?
Seems like it is — going by the ruling of the European Union (EU)’s highest court of justice in the Google vs Costeja case, which said that Google and other search engines must remove data from past results if requested to do so by a member of the public.
In 2009, Spanish national Costeja went to court after he discovered that a Google search on his name threw up newspaper reports of legal notices against him from the late 1990s, which have since been resolved. After a five-year court battle, in May 2014, the ECJ passed the judgment in in favour of Costeja.
The judgment triggered a debate on EU citizens’ right to be forgotten, and after a couple of years of negotiation, the EU adopted the General Data Protection Regulation 2016 to give people increased control over their personal information, including the right to be forgotten online.
The legislation states that “data controllers, including at least some Internet intermediaries, must erase content based on right to be forgotten (RTBF) requests.” It allows people to request for removal of search results that may be considered “false, misleading, or outdated information” from search engines, unless it is in the public interest. According to Google, it has received 569,876 right to be forgotten requests and has evaluated 1,731,550 URLs for removal since it launched its online form on May 31, 2014.
The EU Right to be Forgotten provision, as is being applied across Europe, is leading to censorship not only of court judgments but also of journalistic articles that are archived on the net, say cyber law experts. So, articles older than a year about a political candidate or a person are being scrubbed off the net from search results upon request.
However, except for the EU, the right to be forgotten is not legally protected anywhere else in the world. At least, not yet. Japan decided not to go the EU way when the Tokyo High Court last month revoked a lower court judgment that recognised the right to be forgotten.
At present, there is no law in India that protects the personal information of individuals. While certain provisions of the Information Technology Act, 2000 (IT Act), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules), 2011, (IT Rules) exist, these merely scratch the surface as they apply only to information on computer resources (data from servers, smartphones and all other electronic devices), according to Bengaluru-based law firm Trilegal.
The Justice Shah Committee report, which was published in August 2012, studied several foreign jurisdictions and their privacy laws and stated that India needs a substantive privacy law — one which defines what privacy is and what its contours are. It also recommended the establishment of an independent authority for these matters.
So, will India actually get a law that protects an individual’s right to be forgotten? There are no easy answers, says a representative of the Internet Freedom Foundation (IFF) who did not want to be named individually. “It is a complex policy debate which requires to be overseen by a regulatory authority as well as an independent data protection authority. It also requires continuous updates of standards — something on the lines of what TRAI (the Telecom Regulatory Authority of India which regulates the telecom sector) does,” he says. Last month, the IFF moved the Delhi High Court to be able to intervene in the NRI lawyer’s case to determine if India needs a ‘right to be forgotten’ law.
One thing that is certain is that the right to be forgotten should not be just a court’s writ, because in that case, it may not be very well-defined and may not balance the competing right to freedom of speech and the right to public access of knowledge.
The problem with letting courts handle the so-called right to be forgotten is that the powerful, the moneyed and the resourceful, who can engage expensive lawyers, will be the only beneficiaries. There is a substantial risk that in the creation of the right to be forgotten, we may end up creating the right to erasure and delisting from public records — which is not always desirable.
What is required is a specialised body that can proceed on the basis of clarity and also exercise expert functions to do it, feel cyber law experts. “If the court passes such a regulation, first, it won’t be able to comprehensively define what the right to be forgotten is, and under what specific conditions it applies. Second, even if it can do that, the only way to apply it would be to approach a high court and filing a writ petition,” says the IFF.
The right to be forgotten should not be just a court’s writ, because then it may not be very well defined and may not balance the competing right to freedom of speech
According to legal experts, the right to be forgotten can be applicable when some information about a person exists, and has been existing for some time, but it is useless, redundant, and does not serve any public benefit, but at the same time causes damage to the person. It serves no purpose except causing reputational harm.
The stated intent for the right to be forgotten has to be to protect individuals against information which is catalogued against them, and which serves no public purpose. But such a right without any safeguards in place will lead to mass erasure of Wikipedia entries and of journalistic articles.
“The right to be forgotten has to be configured in the public interest. It can’t be a way for the powerful to kill free speech and the right to access”
— Sunil Abraham, executive director, Centre for Internet and Society