Naureen Hera, Maharashtra National Law University, Mumbai
ABSTRACT
When we walk, we leave our vestige on the earth and as days pass by it fades away gradually but that is not the case when we or somebody else writes, posts, or shares anything online. This is called digital footprint and it remains for eternity hence, digital eternity. People change with time and sodoes their understanding of things and behaviour but what becomes immortal is the material posted online. Even if one changes one’s house, friend circle, school, college, locality, or for that matter even one’s country, escaping one’s past becomes next to impossible because at one click in any part of the world those haunting past transgressions can be resurfaced again. Those memories become immutable. Therefore, to tackle this problem and prevent people from being stigmatized and live life with dignity a directive was passed in Europe in the year 1995 on the Protection of Individuals with Regard to the Processing of Personal data which required member states to make laws on RTP1 with regards to the processing of personal data which was followed by the thrilling legal battle between Google Spain v. AEPD2 which led to the European Union recognizing the RTBF for the first time which was subsequently written down in the EU’s General Data Protection Regulation (GDPR), 2016. This paved the path for the right to be further dissected into (1) the right to have the information erased after a prescribed period (2) the right to have a clean slate (3) the right to delink outdated information3.
India was a late entrant in the field of digital privacy due to the lethargic legislation on the right to privacy which was very recently declared a fundamental right in the year 2018 through judicial intervention in the Puttaswamy case where it was held that the Right to Privacy (RTP) to be part and parcel of the fundamental right to life and personal liberty enshrined in the Constitution and especially that the "right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the internet."4 This further led to the formal drafting of the bill called Personal Data Protection Bill, 2019. This Bill deals specifically with the RTBF which includes the removal of inaccurate, inadequate, irrelevant, and excessive personal identifiable data. But unlike GDPR erasure of data rests solely on the ground where data is no longer needed for its original purpose. The onus lies on the data subject to prove that data is no more relevant and has to apply directly to the Adjudicating officer or the data controller. This would invite a tsunami of applications requesting to delink the data of data subjects. This calls for special management and detailed provisions to handle the apprehended chaos for which some changes need to be made in the Bill. As of now the Bill is pending before Parliament.
