| The much awaited Draft Personal Data Protection Bill, 2018 ("PDP Bill") was issued by the Ministry of Electronics & Information Technology ("MeitY") on August 26, 2018 for public consultation along with Justice B.N. Srikrishna committee report on 'A Free and Fair Digital Economy - Protecting Privacy, Empowering Indians' ("Data Protection Committee Report"). The said PDP Bill contains a lot of hot issues which have created a sensation among the industries and individuals who are going to be affected by it. One such issue which has drawn a special attention of industries and general public is 'Right to be Forgotten'. The said right has been incorporated in the PDP Bill on verge of European Unions data protection regime i.e. General Data Protection Regulation ("GDPR") with some modifications. |
| The 'Right to be Forgotten', as envisage under Section 27 of PDP Bill, gives 'data principal' a right to restrict or prevent continuing disclosure of his/ her personal data by 'data fiduciary'. Though the language of the said right under PDP Bill is not exactly similar to that contained under GDPR but the genesis of the same has been taken from GDPR. The 'Right to be Forgotten' does not exist in India's current data protection framework i.e. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") which are issued under Information Technology Act, 2000. |
| The 'Right to be Forgotten' has been originated in the western countries. Its history can be traced back to the year 1995 when European Union ("EU") enacted its first legislation on personal data protection i.e. Directive 95/46/EC ("Directives"). Though the said right was not expressly codified in the Directives but a combined reading of Article 6(1) (e) and Article 12(b) gave an inference of 'Right to be Forgotten'. Article 6(1) (e) mandated member states that personal data shall be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed" while Article 12(b) gave data subject the right to rectify, erase or block the processing of personal data if the same is not in line with the Directives. The bare language of Article 12(b) is read as "Member States shall guarantee every data subject the right to obtain from the controller as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data." |
| The foundation of the 'Right to be Forgotten' was laid down by the European Court of Justice in the case of Google Spain SL v/s Agenda Espanola de Proteccion de Datos & Mario Costeja Gonzalez ("Google Spain Case"). The dispute in the said case arose in the year 2010 when Mr. Costeja Gonzalez lodged a complaint against a newspaper publisher and Google with Spanish data protection agency. The case of Mr. Costeja Gonzalez was that whenever an internet user enters his name on the Google search page, link of two pages of La Vanguardia newspaper dated Jan. 19 and March 09, 1998 appears on the result page. These pages contained personal information of Mr. Costeja Gonzalez relating to an attachment proceeding for recovery of social security debt which was later resolved. In the complaint made to the data protection agency, Mr. Gonzalez requested that La Vanguardia and Google shall remove or take measures to conceal the personal data concerning him. In response, the data protection agency rejected his compliant relating to La Vanguardia newspaper as the information published was legally justified but upheld the complaint against Google as the operators of search engines were subjected to the Directives. In an appeal by Google, the European courts and the European Court of Justice held that the operators of search engines fall under the definition of 'controller' as envisaged under Article 2(d) of the Directives. Further, the courts also confirmed the individual's Right to be Forgotten if the personal data concerning him/ her is no longer needed for which it was collected. |
A) The responsibility of the agency to forget the innocent persons data
B) Right to restrict or prevent continuing disclosure of data
C) Right to erase personal data once it has been used
D) Right to prevent the agency seeking personal data
Correct Answer: B
Solution :
(b) The Right to be Forgotten, as envisage under Section 27 of PDP Bill, gives data principal a right to restrict or prevent continuing disclosure of his/ her personal data by data fiduciary.
You need to login to perform this action.
You will be redirected in
3 sec
