Unlike the EU, India does not have any existing legal framework which recognises the right to be forgotten. However, the Indian courts have taken varying views in respect to whether such right exists in India as yet. In Dharamraj Bhanushankar Dave v. State of Gujarat & Ors., the Gujarat High Court denied the existence of such right. However, the Karnataka High Court in Sri Vasunathan v. The Registrar General & Ors. recognised it. Recently, in 2020, the Orissa High Court in Subhranshu Rout @ Gugul v. State of Odisha, emphasized the importance of ‘right to be forgotten’.
Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection.
Though the existence of such right is unclear right now, however, the PDP Bill, 2019 has a dedicated provision on the ‘Right to be forgotten’. According to Clause 20 of the Bill, the data principal enjoys the ‘right to restrict or prevent the continuing disclosure of his personal data’ by a data fiduciary if–
- The purpose for which the data was collected is fulfilled;
- The data principal has withdrawn his consent;
- The disclosure was made contrary to the provisions of the bill or any other law in force.
The provision further provides that such right can only be enforced by virtue of an order by the Adjudicating Officer, after the data principal has made an application on the grounds mentioned above. The burden of proving that this right overrides the freedom of speech and expression and the right to information of any other citizen, is on the data principal.
Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection
The provision further provides for the factors which the Adjudicating Officer should take into account, while making the order. Such order can be reviewed by the Adjudicating Officer himself, and any order made by the Adjudicating Officer can also be appealed to the Appellate Tribunal.
Therefore, on analysis of the provision of right to be forgotten under the PDP Bill, 2019, it is apparent that its scope is very limited compared to the scope it enjoys under the GDPR. The Bill merely provides for restricting or preventing continued disclosure of information, as opposed to GDPR which provides for complete erasure.
Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection