Trai wants you to have right to be forgotten: What that means for your data

Want personal information about yourself taken off Google? If you do, Trai has your back with its suggestion on the right to be forgotten

Want to have your personal information available over search engines removed from the reach of your fellow web surfers? The Telecom Regulatory Authority of India's (Trai's) recent recommendations on data ownership and privacy have said that people should be given the 'right to be forgotten' -- which could let you do just that. 

Trai on Monday said that the rules for protecting personal data in the telecom space were not up to scratch. Further, it suggested that the public should be given the right to choice, consent and to be forgotten to safeguard their privacy.       

To begin with, we do not yet know how the right to be forgotten will be interpreted under Indian law. However, we can look at international definitions and examples to get a good idea.  

What is the 'right to be forgotten'? 

As it was envisioned in the European Union (EU) after a landmark 2014 ruling by the European Court of Justice, the right to be forgotten allows a person to demand that links to online information about them be removed from search engine results if the data are outdated or irrelevant.     

In effect, it could more accurately be described as the "right to delist", allowing Europeans to ask search engines to delist information about themselves from search results. In deciding what to delist, search engines have to consider whether the information in question is "inaccurate, inadequate, irrelevant or excessive". They also have to consider whether there is a public interest in the information remaining available in search results.

How does the right work and what are its limitations?

The legal definition of the right provided on the EU's official General Data Protection Regulation portal also describes how the right actually works and whether there's a catch or not.  

• The right to be forgotten, also known as data erasure, entitles the data subject to have the data controller erase his/her personal data
• It also entitles them to have the data controller stop any further spreading of the data 
• Potentially, it also entitles them to have third parties put a halt on processing of the data 
• The conditions for erasing the data include that it is no longer relevant to original purposes for processing
• A data subject withdrawing consent is another condition 
• However, this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data"

Yet again, one crucial deciding factor that emerges is "public interest". It appears that on a case-by-case basis, the individual's right must be found to trump the public's right to know for the data to be delisted or erased. 

How this factor will be interpreted under Indian law, for example in cases where a person wants information about something like a past criminal case or conviction to be removed, remains to be seen. Further, would such a right allow you to delist the data from a search engine or have it altogether erased also remains to be seen.  

  

A regulation under EU law, the GDPR  provides data protection and privacy to all individuals within the EU and the European Economic Area. Its enforcement began in May this year. 

Do many people actually use the right?

As of February this year, Google had received more than 2.4 million requests to remove URLs from its search engine under EU's right to be forgotten laws since they were introduced in May 2014. 

Within a little less than two years of the law being introduced, Google had received 86,600 requests in France alone, involving more than a quarter million Web pages.