In light of a Delhi High Court judgment from April this year directing certain internet search engines to omit references to a particular previous judgment of the same court from their search results in order to protect the petitioner’s privacy, SANSKRUTI YAGNIK traces the evolution of jurisprudence on the ‘right to be forgotten’ across the world and in India, and explains the need for a rights-based approach to reconciling an individual’s right to privacy with internet companies’ freedom of expression.
—-
IN a digitalised information-based society, the role of search engines and data available on the internet through private sector entities in gathering information has come under increasing scrutiny with regards to an individual’s right to privacy versus the right to information. The Delhi High Court recently granted interim protection to an American citizen of Indian origin by directing the platforms Google, Indian Kanoon and vLex.in to remove a judgment by the same court concerning the petitioner from their search results. Indian Kanoon was directed to block the said judgment from being accessed by using search engines such as Google/Yahoo etc.
This has brought discussions about the ‘right to be forgotten’ to the fore, and with it, a wide range of questions of law, relating to the rights of privacy and to information, and the feasibility and legality of requesting broadcasters and newspapers to remove information from digital archives as well as internet search engines to remove results to queries based on an individual’s name. It is therefore pertinent to examine the evolving jurisprudential history of the right to be forgotten and understand how and why data protection laws must be strengthened to protect personal privacy.
It also becomes necessary to begin a public discourse over the conflict that arises in such scenarios between the freedom of expression and personal privacy, and if the right to be forgotten necessitates a higher degree of government involvement in its protection.
Evolution of the rights to privacy and to be forgotten
The American lawyers Louis Brandeis (who later went on to serve as a judge on the United States Supreme Court) and Samuel Warren, in 1890, were the first ones to articulate a right to privacy, writing in a Harvard Law Review article that protection of the private realm is the foundation of individual freedom in the modern age, and concluding that legal remedies had to be developed to enforce definite boundaries between public and private life.
In 1965, the US Supreme Court, in its judgment in the case of Griswold v. Connecticut, 381 U.S. 479 (1965) officially recognized the right to privacy as a fundamental right protected by its Constitution.
Perhaps the first major instances of the right to be forgotten being materially, if not expressly, recognized is in a 2014 decision of the Court of Justice of the European Union (CJEU).
In the case of Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (ECLI:EU:C:2014:317), the CJEU held that as a search engine controller, Google was obliged to stop some links from appearing, upon the request of an individual, in its web search results when users query for the individual’s name. It also affirmed that search engines should be considered data controllers as defined by the EU’s 1995 Data Protection Directive (the Directive has been superseded by the General Data Protection Regulation since May 25, 2018.)
The Present Case
When the petitioner travelled to India in 2009, a case under the Narcotics Drugs and Psychotropic Substances Act, 1985, was lodged against him. He was acquitted of all charges by an Additional Sessions Judge in the Dwarka Courts of Delhi via an order dated April 30, 2011.
An appeal was filed before the Delhi High Court challenging this order of the trial court. Through an order delivered on January 29, 2013, a single-judge bench of the High Court upheld the petitioner’s acquittal. The petitioner then travelled back to the US to pursue law. He soon realised that due to the fact that the judgment rendered by the High Court was available through a Google search to any potential employer who would want to conduct his background verification before employing him, he faced unnecessary stigma and prejudice, which put him at a huge and unwarranted disadvantage.
Human Dignity and Informational Self- Determination: Evolving Jurisprudence
To err is human. Before the advent of the internet, people could make mistakes without the fear of being haunted by them in the future. Information was usually contained in one’s community which would typically be forgotten over time. One could even move to a new city, state or country, or change jobs in order to start a fresh life.
However, today, it is no longer easy to escape one’s past when one’s personal information can go viral or stay on the world wide web indefinitely, available through quick search results. This is particularly troubling for individuals who have learnt from their mistakes and would want to start a new life. The primary question that surrounds the genesis and nature of the right to be forgotten is: should we have a right to be forgotten online?
In India, the question first came up before the judiciary in the case of Dharamraj Bhanushankar Dave v. State of Gujarat & Ors (2015 SCC OnLine Guj 2019) before the Gujarat High Court. In its judgment in the matter, the court did not recognize the ‘right to be forgotten’. Here, the petitioner had been accused of the offences of criminal conspiracy, murder and kidnapping, among others.
The Sessions Court acquitted the petitioner, and the same was upheld by a division bench of the Gujarat High Court. Since the said judgment was non-reportable, the petitioner contended that respondent should be barred from publishing it on the internet, since it was to the detriment of the petitioner’s personal and professional life. The High Court, however, held that such publication was not a violation of Article 21 of the Indian Constitution, and that there was no legal provision proffered by the petitioner to restrain the respondents from publishing the judgment.
However, the Karnataka High Court, in the matter of {Name Redacted} v. The Registrar General, High Court of Karnataka (2017 SCC OnLine Kar 424), recognized the right to be forgotten. The court’s judgment therein held: “This would be in line with the trend in the Western countries where they follow this as a matter of rule “Right to be Forgotten” in sensitive cases involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned.”
Needless to say, the right to be forgotten has now come to be recognized as an integral face of the right to privacy.
In its landmark judgment in the case of Justice K.S. Puttaswamy (Retd.) v. Union of India (AIR 2017 SC 4161) the Supreme Court granted definitive recognition to the right to be forgotten as part of the right to life under Article 21:
“Privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation. Privacy also connotes a right to be left alone. Privacy safeguards individual autonomy and recognises the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy”.
The Right to be Forgotten: Application to workplace
Individuals and organisations should be permitted to control information about them and determine when, how, where and to what extent that information is communicated to strangers.
In 2006, Stacy Synder, a young American teacher-in-making, was denied her teaching degree and certification by the Millersville University after in found a picture of her on her MySpace page wearing a pirate’s hat and holding a plastic cup with the caption “Drunken Pirate”. Despite being of legal drinking age at the time the photo was taken, the university took umbrage, and because of not getting her degree, Synder was forced to take a job in an unrelated field. She legally challenged the university’s decision, but the district court for the Eastern District of Pennsylvania ruled in favour of the university in 2008.
Sometimes, what one does in one’s personal life has a ripple effect on one’s professional life, with even the potential to cause unnecessary trouble therein. Both businesses and individuals looking for jobs view social media sites as valuable tools during the beginning of the hiring process.
Interestingly, employers are legally allowed to judge prospective hires based on all information available on the internet, and one’s reputation and character are justifiable reasons for denying an offer of employment. However, after becoming an employee, any intrusion into the individual’s personal life by the employer constitutes a direct threat to the individual’s freedom, dignity, and privacy and may ultimately lead to discrimination.
Personal Data Protection Bill, 2019
The Personal Data Protection Bill, 2019 (PDP Bill) brings the right to be forgotten, which is not available in the current legal framework, to the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
Section 20 of the PDP Bill states that, “The data principal shall have the right to restrict or prevent the continuing disclosure of his personal data by a data fiduciary where such disclosure —
- has served the purpose for which it was collected or is no longer necessary for the purpose;
- was made with the consent of the data principal under section 11 and such consent has since been withdrawn; or
- was made contrary to the provisions of this Act or any other law for the time being in force.
Moreover, the bill clarifies that a request is to be made to the ‘adjudicating officer’ to avail the right to be forgotten. The data protection authorities appoint these officers whose members are in turn appointed by the government, which is a direct violation of the doctrine of separation of powers, as the essential responsibility of adjudication vests on government agencies.
Also read: The Personal Data Protection Bill 2019: Do you have the Right to be Forgotten from the Internet?
The question of an individual’s privacy is of a serious concern and will occupy international and national public discourse for years to come, especially in democratic states with independent judiciaries. There is certainly no optimal solution available except holding the intermediaries and data collectors accountable.
A rights-based approach in policy-making must be pursued by policymakers to protect personal privacy. If anything, more safeguards must be added — or at least clearly spelled out — to reconcile the right to privacy with the freedom of expression.
(Sanskruti Yagnik is an interdisciplinary researcher and a penultimate year undergraduate law student at the University of Mumbai. Her research interests include comparative constitutionalism, gender and minority rights and criminal law. The views expressed are personal.)