Want to have your personal information available over search engines removed from the reach of your fellow web surfers? The Telecom Regulatory Authority of India's (Trai's) recent recommendations on data ownership and privacy have said that people should be given the 'right to be forgotten' -- which could let you do just that.
Trai on Monday said that the rules for protecting personal data in the telecom space were not up to scratch. Further, it suggested that the public should be given the right to choice, consent and to be forgotten to safeguard their privacy.
To begin with, we do not yet know how the right to be forgotten will be interpreted under Indian law. However, we can look at international definitions and examples to get a good idea.
What is the 'right to be forgotten'?
As it was envisioned in the European Union (EU) after a landmark 2014 ruling by the European Court of Justice, the right to be forgotten allows a person to demand that links to online information about them be removed from search engine results if the data are outdated or irrelevant.
In effect, it could more accurately be described as the "right to delist", allowing Europeans to ask search engines to delist information about themselves from search results. In deciding what to delist, search engines have to consider whether the information in question is "inaccurate, inadequate, irrelevant or excessive". They also have to consider whether there is a public interest in the information remaining available in search results.
How does the right work and what are its limitations?
The legal definition of the right provided on the EU's official General Data Protection Regulation portal also describes how the right actually works and whether there's a catch or not.
- The right to be forgotten, also known as data erasure, entitles the data subject to have the data controller erase his/her personal data
- It also entitles them to have the data controller stop any further spreading of the data
- Potentially, it also entitles them to have third parties put a halt on processing of the data
- The conditions for erasing the data include that it is no longer relevant to original purposes for processing
- A data subject withdrawing consent is another condition
- However, this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data"
Yet again, one crucial deciding factor that emerges is "public interest". It appears that on a case-by-case basis, the individual's right must be found to trump the public's right to know for the data to be delisted or erased.
How this factor will be interpreted under Indian law, for example in cases where a person wants information about something like a past criminal case or conviction to be removed, remains to be seen. Further, would such a right allow you to delist the data from a search engine or have it altogether erased also remains to be seen.
ALSO READ: Spotlight on Srikrishna Committee, India's new data-privacy law: 10 points
A regulation under EU law, the GDPR provides data protection and privacy to all individuals within the EU and the European Economic Area. Its enforcement began in May this year.
Do many people actually use the right?