Data protection Bill has provisions for ‘right to be forgotten’, Centre tells HC

Contact Counsellor

CategoryPolity

Last Updated20/12/2021

The Centre has informed the Delhi High Court that the Personal Data Protection Bill 2019, which was tabled in Parliament on Thursday, contains provisions related to the ‘right to be forgotten’.
The right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet.

RTBF is a fairly new concept. The Ministry of Electronics and Information Technology (MeitY), in an affidavit, stated that the international legal concept of ‘right to be forgotten’ is evolving in India.
It is the right to have personal information removed from publicly available sources, including the internet and search engines, databases, websites etc. once the personal information in question is no longer necessary, or relevant
The Right to be Forgotten falls under the purview of an individual’s right to privacy, which is governed by the Personal Data Protection Bill that is yet to be passed by Parliament.
In 2017, the Right to Privacy was declared a fundamental right by the Supreme Court in its landmark verdict.
The court said at the time that, “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution”.

It was introduced in Lok Sabha on December 11, 2019.
Aim: To set out provisions meant for the protection of the personal data of individuals.
Clause 20 under Chapter V of this draft bill titled “Rights of Data Principal” mentions the “Right to be Forgotten.”
It states that the “data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary”.
It gives an individual the right to restrict or prevent the continuing disclosure of their personal data when such data
Has served the purpose for which It was collected, or is no longer necessary for said purpose;
Was made with the consent of individual, which consent has since been withdrawn; or
Was made contrary to the PDP Bill or any law in force.

sensitivity of the personal data,
the scale of disclosure,
degree of accessibility sought to be restricted,
role of the data principal in public life and
the nature of the disclosure among some other variables.
Therefore, broadly, under the Right to be forgotten, users can de-link, limit, delete or correct the disclosure of their personal information held by data fiduciaries.
A data fiduciary means any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.
Even so, the sensitivity of the personal data and information cannot be determined independently by the person concerned, but will be overseen by the Data Protection Authority (DPA).
This means that while the draft bill gives some provisions under which a data principal can seek that his data be removed, his or her rights are subject to authorisation by the Adjudicating Officer who works for the DPA.
In the meantime, the Information Technology Rules, 2011 — which is the current regime governing digital data — does not have any provisions relating to the right to be forgotten."