[Navya Alam and Pujita Makani write about the Right to be Forgotten under the Data (Privacy and Protection) Bill.]

Abstract

The Supreme Court of India granted citizens with the fundamental right to privacy in 2017. The Court recognized the importance of individual autonomy and ability of an individual to exercise control over his personal information. The right to be forgotten is instrumental in enabling an individual to exercise such control. The Data (Privacy and Protection) Bill, 2017 introduced in the Lok Sabha by Baijayant ‘Jay’ Panda, seeks to provide a statutory framework for data privacy, security and protection. Among other rights and duties, it includes the ‘right to be forgotten’ to ensure that individuals are protected from the misuse of personal data by data controllers and third parties. This paper highlights the salient features of the Bill. Through a close analysis of the Bill, particularly its language and the safeguards it proposes, the right to be forgotten seems to be diluted and potentially ineffective. We argue that the Bill has not been contextualised in light of recent international developments. Further, the Bill must adopt consistent language to secure clarity in its interpretation. The Bill also needs to be industry and sector specific given the nature, size, infrastructure and operational capabilities of various industries.