You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 1/2021
The Right to be Forgotten – not a forgotten right in India, but not yet enforced
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
The Right to be Forgotten – not a forgotten right in India, but not yet enforced
Page Content
published on 26 January 2021 | reading time approx. 4 minutes
India is known to be a high-tech country that is ahead of European countries in many ways when it comes to digitalisation and IT. Nevertheless, India lags behind Europe in the area of data protection. This shall change with the introduction of the Data Protection Bill, 2018 but until then, data protection regulations are rather weak. Still, recently the Orissa High Court reaffirmed the right to be forgotten, which is currently not covered in applicable data protection laws in India. This article will take a closer look at the right to be forgotten in India and it is importance in the times of Tiktok, Facebook, Instagram and co.
1. Legalisation
Currently, India has not yet enacted any specific legislations on data protection. In India, these laws are governed under the Information Technology Act, 2000 (“IT Act”) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“the Rules”). Further, the Indian Government is in the process of passing and implementing the Personal Data Protection Bill, 2019 (“PDP Bill”) which is set to model similar lines along the European General Data Protection Regulations, 2016 (“GDPR”).
With Sec. 27 of the PDP Bill, the right to be forgotten shall be introduced for the very first time in India. As per this Section, every data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary, when the disclosure of data has met one of the following conditions:
It has served the purpose for which it was made or is no longer necessary;
was made on the basis of consent and such consent has since been withdrawn; or
was made contrary to the provisions of this Act or any other law inforce.
The right can be exercised by the data principal through an application directly to the Adjudicating Officer, who will then determines the applicability of the aforesaid conditions and whether the rights and interests of the data principal in preventing or restricting the continued disclosure of personal data override the right to freedom of speech and expression and the right to information of any citizen. For this, the Adjudicating Officer shall to take into consideration i) the sensitivity of the personal data; ii) the scale of disclosure and the degree of accessibility sought to be restricted or prevented; iii) the role of the data principal in public life; iv) the relevance of the personal data to the public; and v) the nature of the disclosure and of the activities of the data fiduciary, particularly whether the data fiduciary systematically facilitates access to personal data and whether the activities would be significantly impeded if disclosures of the relevant nature were to be restricted or prevented. It is not required for the data principal to first approach the data fiduciary.
Further, it is important to note that the PDP Bill does cover separately the right of erasure unlike the GDPR. As per Sec. 18 of the PDP Bill, a right of erasure exists, in case the personal data is no longer necessary for the purpose for which it was processed. For this, the data principal can issue a request to the data fiduciary, which the data fiduciary can review and eventually reject the applicable in writing while giving adequate justification. Where the data principal is not satisfied with the justification provided by the data fiduciary, the data principal may require that the data fiduciary take reasonable steps to indicate, alongside the relevant personal data, that the same is disputed.
2. Importance and Background of the Orissa High Court decision
Even though Sec. 27 of the PDP Bill is yet to become effective, the right to be forgotten was recently reaffirmed on 23rd November 2020 by the Orissa High Court (“the Court”) in the matter of Subhranshu Rout @ Gugul v. State of Odisha.
In this case, the Petitioner is alleged to have raped a woman and uploaded photos and videos of this act on Facebook after blackmailing her. Only after police intervention, the Petitioner deleted the content from Facebook. The bail application of the Petitioner was dismissed by the Court. Further, the Court made notes on the importance of a right to be forgotten, which still has to be implemented in India. The rights of a victim to get uploaded photos or videos erased from an internet platform such facebook still remain unaddressed for want of appropriate legislation, even though keeping such photos and videos on social media platform without the consent of a woman is a direct affront on the victims modesty and on the right to privacy. Currently the victims only have the option to seek appropriate orders to protect the victim's fundamental right to privacy and have offensive posts erased from a public platform.
This decision of the Orissa High Court shows the importance to implement a right to be forgotten, which can arise in very delicate cases such this one and that even authorities such as Courts whish the same to be implemented eventually. With the introduction of the right to be forgotten, everyone will have a right to restrict or prevent continuing disclosure of personal data and therefore will have more rights towards data privacy.
3. Implications for companies
Introducing the right to be forgotten is the right step towards data privacy. To ensure the same, Indian companies should be aware that the same exist and should implement appropriate provisions in their data privacy policies. Even though the application towards the right to be forgotten has to be filed with the Adjudicating Officer and not directly with the data fiduciary, every company should be able to proceed with the deletion of data in the prescribed timeframe and manner.
Further, it is important to note that this right to be forgotten will not be applicable to customers but also to employees of a company. Therefore, every company should have appropriate provisions in place to delete data of ex-employees as and when it is under other statutory laws not required to store the same.
CONTACT
Ursula Hoffmann
Senior Consultant
+91 22 6266 0800
Invia richiesta
RÖDL & PARTNER INDIA
Discover more about our offices in India.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
