“Technology is a useful servant but a dangerous master. 
— Christian Lous Lange
The rise of internet
Human memory has limits but the same cannot be affirmed about the internet. Data once uploaded stays in the internet’s continual memory. For some, it is worrying but internet slaughter, for one is not a solution. The globe went berserk with a historic decision in 2014[1], when the Court of Justice of the European Union (EU) recognised a right to be forgotten. The trend trickled down to India when the Supreme Court while pronouncing the infamous Privacy judgment[2], led to traces of the birth of a right to be forgotten, domestically. How far and fair shall it fare, only time can tell. Rapid technological advancements are often a trap under the garb of necessity however legislative as well as judicial efforts at constraining such growth are not proving enough. Right to privacy, data protection and right to be forgotten should go hand in hand to overcome the vices of the data age.
The birth of internet is a tiny part of the phenomena. The world did not stop at discovering this wonder but dug deeper in anticipation of larger benefits as a result of which, this baby called “internet” is ripe and ready to outsmart humans.
Name it the internet, information technology, information age, cyberspace, digitisation, virtual world, world wide web, our globe has been part of a revolution, the magnanimity of which is immeasurable. And if experts are referred, this is just the tip of the revolution, bigger innovations and inventions await humanity. However, there is a flip side to this amazing development; while humanity smiles at the shining milestones of a long developmental journey, probable difficulties that may arise, must be questioned and resolved. Internet is as much a bane as is a boon. People have surrendered so much of their selves in the form of information (also called data, terms used interchangeably here), now it appears difficult, almost impossible to turn back and take away the same. Privacy is a mere delusion and laws are being smashed hard as corporations — private and public as well as Governments are busy mining, collecting and storing data through which a person’s current location, preferred genre of movies, choice of food or clothing, list of friends, acquaintances, relatives and much more than fathomed, are practically identifiable. There has to be a way out of this digital trap. Globally, the boundaries of privacy and data protection laws have been widened to include a “right to be forgotten”. However, time will tell whether the right will be reduced to a mere fancy term or will prove a wise step towards walking out of the digital trap.
The internet as we now know embodies a key underlying technical idea, namely, that of open architecture networking; in an open architecture network, the individual networks may be separately designed and developed and each may have its own unique interface which it may offer to users and/or other providers including other internet providers.[3] Each of the networks can be designed in accordance with the environment and user requirements therein and there generally are no constraints on the types of network that can be included or on their geographic scope, thus making the internet a world that effortlessly transcend all physical boundaries known to man.
Right to Privacy and Right to be Forgotten in India
A nine-Judge Bench of the Supreme Court of India pronounced a judgment[4] last year, overruling major precedents, thus changing the Indian outlook towards privacy of an individual. The judgment was welcomed amidst much anticipation and is definitely a revolutionary first step towards recognising the adverse impact of internet, and the need to limit the growth of this highly valuable invention in order to uphold an individual’s privacy. Adding to the explicit recognition of privacy as a fundamental right under the Indian Constitution, the judgment also welcomed a newer right in the way to creating a digitally safe India — a right to be forgotten.
Globally, there have been developments on this issue and India too has its share of the story. Walking the path laid down by the landmark decision, Justice Sanjay Kishan Kaul delivered a concurring opinion in the infamous “right to privacy” judgment[5], by stating that “The right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the internet.”[6] Additionally, two Indian High Courts had the opportunity to deal with the right to be forgotten, however both dealt differently. The central issue in both cases was the plea to either redact personal information from text of the judgments available online or removal of the judgments from where available publicly.
The Gujarat High Court[7] dismissed the petition, while citing two factors: (i) failure on part of the petitioner to show provisions of law which are applicable to the situation, or that a threat lies to the right to life and liberty; (ii) publication on a website does not amount to “reporting”, reporting pertains only to law reports. Contrary to this decision, the Karnataka High Court[8] favoured the petitioner and ordered her name to be redacted from the text of the judgment. However, the Court in this case while making subtle references to the right to be forgotten as discussed globally, did not base its decision on the same lines but endorsed the ideas of modesty and reputation of a woman to favour the petitioner.
Challenges to implementation
It is not only the nature and quantity of information that has changed, but also the means through which this information can be accessed. In the pre-internet era, access to records was often made difficult by procedural hurdles. Permissions or valid justifications were required to access certain kinds of data. Even for the information available in the public domain, often the process of gaining access were far too cumbersome. Now digital information not only continues to exist indefinitely, but can also be easily accessed readily through search engines. It is in this context that in a 2007 paper, Viktor Mayer-Schönberger pioneered the idea of memory and forgetting for the digital age. He proposed that all forms of personal data should have an additional metadata of expiration date to switch the default from information existing endlessly to having a temporal limit after which it is deleted.[9]
Some significant challenges stand in the way of implementation of a right to be forgotten, uniformly. One of such is the manner in which jurisdictions comprehend the concepts of privacy and personal data. Laws in the EU view privacy as an aspect of personal dignity, and are more concerned about with protection from third parties, especially media, while in the US privacy may be seen as a corollary of personal liberty protecting against unreasonable State intrusions.[10] Further, in the latter’s case, privacy policy often dictates intervention from the State unlike the former where it is the individual’s duty to protect his/her privacy. Understanding how “personal data” is defined is also important; data that clearly identifies a particular individual does not raise concerns, however if the data does not uniquely identify the individual but gives information whereby it can be understood that the person is part of a small group, for e.g. his/her family, whether such information fits into “personal data”. Should other individuals involved in such a case, be asked for their consent? Clearly, there are many questions to be resolved before any implementation of a right to be forgotten, in a less complicated manner.
Another noteworthy argument against the total implementation of this right, is its conflict with freedom of speech. It is believed this right proves to be a battle between privacy and the freedom of speech as well as a right to know. Jonathan Zittrain has argued against the rationale that the right to be forgotten merely alters results on search engines without deleting the actual source, thus, not curtailing the freedom of expression; he compares this altering of search results to letting a book remain in the library but making the catalogue unavailable.[11]
When compared to other rights, a “right to be forgotten” falls short of significant development. This right emanates from the concept of privacy, which itself is at a nascent stage, the reason being, both, a right to privacy and that to be forgotten are intrinsically connected to the internet phenomenon birthing a genre of novel complications. However, observing the Indian situation, one cannot get a clear picture of where the legislature or judiciary stand on the issue of the right to be forgotten. With right to privacy taking its first steps, the focus should first lie on strengthening an individual’s privacy and data protection concerns, then pursue enactment and implementation of the right to be forgotten.
Two things are clear from an effort to understand the right to be forgotten. One, that there is a massive leap in the manner in which data can be collected, stored and used and two, there is a critical need for development of a right to be forgotten under the guidance of a right to privacy. Looking at theories and literature, it is clear that the right to be forgotten is in existence but not in practice as its implementation at the global level has not been figured out.
The right to be forgotten is more a journey in reverse. Man, who invented the internet is suddenly aware of its prowess but is only partially ready to tackle the same. When it comes to the right, it brings a precarious task of striking balance between rights of individuals and the internet giants; too much power with either parties can lead to its abuse. However, time is ripe to delve into this pool of problems in order to fetch a solution. A flame of hope burns alive with courts in different jurisdictions dealing with individuals demanding for a right to be forgotten, there does not seem to be a long wait till the day this right is enshrined along with other human rights.
* Hetvi Trivedi is Research Associate, GNLU-GUJCOST Research Centre of Excellence in IP Laws, Policies & Practices.
[1] Digital Rights Ireland Ltd. v. Minister for Communications, Marine and Natural Resources, (2014) 3 WLR 1607.
[2] K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.
[3] Brief History of the Internet, available on <http://www.internetsociety.org/internet/what-internet/history-internet/brief-history-internet>.
[4] Puttaswamy case, (2017) 10 SCC 1.
[5] Ibid.
[6] Id., 630, para 629.
[7] Dharamraj Bhanushankar Dave v. State of Gujarat, 2015 SCC OnLine Guj 2019.
[8] Vasunathan v. Registrar General, 2017 SCC OnLine Kar 424.
[9] Amber Sinha, Right to be Forgotten: A Tale of Two Judgments <https://cis-india.org/internet-governance/blog/right-to-be-forgotten-a-tale-of-two-judgments#_ftn4>.
[10] Ibid.
[11] Ibid.
