Right to be Forgotten: An Indian Perspective


Everyone would face insults and humiliations in life, But nobody wants to remember those. We all try to forget it and motivate ourselves to move forward, while the world never forgets it irrespective of our growth and achievement. Right to be Forgotten means the right to get one’s information removed from internet or any public platforms. This right was first established by European Union in 2014 and enforced in 2018 through the General Data Protection Regulation which provides the right to individuals to delete or erase their personal information. Till date there is no law in India to deal with the right to be forgotten specifically. 

Right to be Forgotten in India  

An attempt was made in India to bring the ‘right to be forgotten’. Ravi shankar prasad, ministry of Electronics and Information Technology, introduced The Personal Data Protection Bill to the Lok Sabha on 11th december 2019. The purpose of the Personal Data Protection Bill is to protect an individual’s privacy relating to their personal data. Under the Personal Data Protection Bill, Chapter 5 provides about Right of Data Principal and clause 20 mentions the Right to be Forgotten;  

Clause 20 (l) states that: “Data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by data fiduciary”. 
The users can delink, delete, or correct an individual’s personal information under this right but it is yet to be passed in the parliament. 

The right to be forgotten was first raised in India in the case of Dharamraj Bhanushankar Dave v. State of Gujarat & Ors (2015) before the Gujarat High Court. The petitioner was accused of criminal conspiracy, murder, and kidnapping. After he was acquitted by the Court, he requested that the respondent must be barred from publishing the non-reportable judgement on the internet, as it could be damaging to the petitioner’s personal and professional life- leading to defamation. However, the court did not recognize the existence of the ‘Right to be Forgotten’ in India.  

Supreme court in the case of Justice K.S. Puttaswamy (Retd.) and Anr. vs Union of India, held Right to Privacy as a fundamental right as it will be included in the Right to Life enshrined under Article 21 of the Constitution. The aim of Article 21 is that No person shall be deprived on his life or personal liberty expect according to a procedure established by law. Court observed that: “right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet.” 

In the case of Jorawar Singh Mundy vs. Union of India (W.P. (C) 3918/ 2020), Single Judge bench comprising Justice Pratibha M. Singh held that, on the one hand, there is petitioners’ right to privacy and on the other hand, the public’s right to information & the preservation of transparency in judicial records. The court prioritizing the petitioner’s right to privacy, ordered the respondents to delete access to the judgement from their websites.  

In Zulfiqar Ahman Khan v. M/S Quintillion Business Media Pvt. Ltd. And others, High Court of Delhi recognized the Right to be Forgotten and the right to be left alone as the integral part of an individual’s existence.  

There are certain challenges associated with the implementation of Right to be Forgotten. It would be a disadvantage for the journalists in providing information and news. This right clearly benefits the individual claiming it, while on the other side it hinders the right of freedom of expression of others who have expressed their opinion through various modes of publication. Thus, Right to be forgotten is a complex right. It has to decide between a person’s Privacy and others freedom of speech and expression. 


The right to be forgotten is a subset of the right to privacy, which is a basic right under Article 21 of the Indian Constitution. However, whether the right to be forgotten is a basic right is ambiguous. The “right to be forgotten” being widely significant in present days is a developing right in India. Each one make mistakes remarking their character and everyone deserve the right to be forgotten of that remark once they are exonerated.  


“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.” 

Written by- K R Bhuvanashri 



  • https://www.legalserviceindia.com/legal/article-7112-right-to-be-forgotten-in-india.html 
  • https://timesofindia.indiatimes.com/readersblog/myblogpost/is-the-right-to-be-forgotten-a-fundamental-right-52529/ 
  • 2015 SCC OnLine Guj 2019, 
  • https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf  

Data Theft Becoming A Menace Of Digital Age, Must Be Nipped In The Bud: Karnataka High Court

Title: Naveen Kumar R @ Naveen & ANR And State of Karnataka.


Date of Order: 12-07-2023



The Karnataka High Court recently remarked that the act of stealing data has become a significant problem in the digital era and needs to be curbed.


The complainant company alleged that the petitioners violated a non-disclosure agreement and stole essential client data from the company. They used this information in their rival company named Conscala. Consequently, the complainant company filed civil proceedings seeking an injunction against the use of the stolen data. The court granted a temporary injunction in favor of the complainant.

Prior to filing the civil case, the complainant also lodged a complaint with the police, stating that the data belonging to their company had been stolen by the petitioners and others. The police registered a crime  for the mentioned offenses. However, an interim order from the court prevented the investigation against the petitioners from being conducted.

The petitioners’ counsel argued that there is no substantial evidence to support the allegations of offenses under Sections 408, 504, 506 of the IPC, or even under Section 66 or 66C of the Information Technology Act.


The court while refusing to quash the proceedings initiated against two persons accused of having stolen client data from their previous employer and misusing it by joining a rival company. The court said after going through the records the case is shrouded with seriously disputed questions of fact and therefore, it would not be prudent to quash the proceedings at this stage. It held “The allegation against the petitioners is that they have been thieving all the data belonging to the clients of the complainant/Company and using it for the purpose of development of business of the rival Company, and have therefore, violated the non-disclosure agreement of the Company, which would become an offence as alleged for the aforesaid offences.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Written by- Shreya Sharma

Click here to view judgement



Appropriate risk governance management in the fields of digital data privacy and security in the business world requires not only understanding of applicable laws and regulations, but also at least a reasonable awareness of modern techniques and the activities of the organization or other organization that are accumulating or using private information or controlling behaviour. The Data Protection Act (DPA) regulates the gathering and use of private information. ‘Personal data’ refers to information that may be used to identify any living individual or that, when combined with other information stored by you, can be used to identify any person.

The term ‘processing’ of personal data refers to the act of acquiring, collecting, or storing information. Because you will be managing the private information of your workforce, suppliers, and/or customers as a company, it is probable that your actions will fall under the purview of the DPA. If you are a ‘data controller’ under the Act and fail to tell the Information Commissioner about your organization, your directors may face criminal prosecution. A system administrator is an individual or organization that determines why personal data is handled. Private data must be protected under the DPA.

 Personal information according to the DPA must be:

  1. fairly and legally processed;
  2. processed for reasons; adequate, meaningful, and not unnecessary; Personal information must be:
  3. fairly and legally processed;
  4. processed for reasons;
  5. adequate, meaningful, and not unnecessary;
  6. accurate and, where required, updated regularly;
  7. not kept for longer than needed;
  8. processed in accordance with the person’s freedom;
  9. kept safe; and
  10. not transferred to countries outside the EEA unless the information is adequately protected.

Failure to comply can lead to an enforcement letter prohibiting your company from analysing information, thus shutting down numerous firms, as well as severe fines may be imposed. Furthermore, a company’s officials, managers, and directors could be held personally criminally accountable for the violation. Laws governing information privacy, data privacy, or data protection establish a legal framework for obtaining, using, and storing personal data.

 The different laws throughout the globe define natural individuals’ rights to regulate who uses their information. This often involves the right to obtain information about which information is held, for what purpose, and to seek deletion if the objective is no longer specified.

Personal Data Protection Bill (PDP)

The PDP Bill (Personal Data Protection Bill) was proposed and passed in India to protect the current data protection system of India.  Currently governed under the Information Technology Act 2000. The Personal Data Protection Bill provides rules for notice and previous approval for the use of personal information, constraints on the reasons for which organizations can handle data, and limitations to guarantee that only information needed to provide a service to the person concerned is gathered.

 It also contains criteria for data localization and the designation of data protection administrators inside enterprises. This precise data protection regulation has not yet been established in India. The Indian legislature did, nevertheless, alter the Information Technology Act (2000) to add Sections 43A and 72A, which provide for reimbursement for wrongful personal data. Rules governing the acquisition and sharing of private information.

Under Article 43A of the IT Act, the Indian federal government later enacted the Information Technology Rules. The Regulations place extra duties on corporate and commercial enterprises in India for the acquisition and disclosure of sensitive private and confidential information, which are comparable to the GDPR and the Data Protection Regulations. Organizations in regulated industries, such as financial services and telecommunications, are subordinate to confidentiality obligations under sectoral laws that force them to keep customers’ data kept private and use it only for recommended purposes or in the sort of way agreed upon with the customer.

PDP will be introduced in stages. The Indian government and a Joint Parliamentary Council have submitted the original PDP Bill on data protection, which would be India’s first legislation on the protection of personal information and therefore will abolish Section 43A of the IT Act. Nevertheless, yet after approval, the law is likely to be adopted in stages. There is currently no available information concerning the deployment timeframe.

Furthermore, India lacks a national regulatory authority for personal data protection. The Ministry of Electronics and Information Technology oversees overseeing the IT Act and making regulations and other adjustments under the IT Act. The Personal Data Protection Bill proposes the establishment of a Data Protection Authority of India, which would be accountable for safeguarding data principals’ rights, prohibiting the exploitation of personal information, and enforcing compliance with the new legislation.

WhatsApp clashes with the Indian government Regarding Privacy Rules 

Recently WhatsApp filed a suit in Delhi against the Indian Government to block the rules which may be coming into force. Experts suggested that would compel Facebooks messaging application to break the privacy and protection. The appeal seeks the Delhi High Court to determine since one of the new IT rules violates India’s constitution’s right to privacy by requiring social media websites to identify the “original source of data” when officials seek so. WhatsApp claims that since conversations are secured end-to-end, it would have to decrypt messages for both message recipients and senders in order to keep up with the changes in the new legislation.

When asked to elaborate on the court case, WhatsApp said in a statement, “Mandating text messaging applications to detect chats is the equivalent of having others to maintain an information of every particular message sent through WhatsApp, which might dissolve end-to-end encryption and profoundly diminish anyone’s privacy rights.” The court determined that privacy should be protected unless legality, need, and proportionality all counted against this. WhatsApp says that the new legislation breaches all those requirements, beginning with a lack of clear legislative support.

Data Protection Act and its Impact on Small Businesses

The Data Protection Act of 1998 safeguards personal data held by corporations and governments by setting restrictions on the transmission of such data and information. The Legislation contains various provisions that should be followed while acquiring and providing data. These guidelines, or Data Protection Policies, are issued by the Information Committees Office, which oversees determining how businesses utilize personal information and if they are accountable enough while collecting and distributing such data. Every day, many enterprises, especially huge ones, manage massive amounts of data. Therefore, they must devise methods for auditing enormous amounts of redundant or outmoded data. Previous Information is already out of date as well as prone to mistakes like transmitting incorrect information.

 Records having past data are harder to verify than those carrying recent data. It is difficult to uncover private information among a slew of worthless data. Given all these factors, it becomes critical for businesses, whether big or small, to maintain and update on a regular basis and discard older data that might create errors in sharing information, as well as safeguard confidential material from ending up in the hands of a rival


Data protection regulations have become more important not only in our country but then also throughout the globe. Because more and more technologies are used in their daily lives, users’ security must be safeguarded because they are surrendering it with each usage. Nowadays, practically every element of our interaction and privacy is controlled by a third person. The dimensions of the current virtual era are such that practically every single transaction that persons engage in includes some type of information transmission or another.

This might also raise concerns about the “data protection expectations” which have been established as a significant foundation in the scope of Data Protection Legislation. While the information may be put to good use, the uncontrolled and random use of data worldwide has generated concerns among people about their security and liberty. In addition, the Apex Court issued a historic decision on the subject topic, which resulted in the implementation of the right to privacy and freedom of expression as a fundamental right. 


“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”


Petrescu, M., & Krishen, A. S. Analysing the analytics: Data privacy concerns

–   Journal  of   Marketing  Analytics. Retrieved         from


Martin, K. D., Borah, A., & Palma tier, R. Data Privacy: Effects on Customer and firm performance. Retrieved from

https://www.researchgate.net/publication/305822708_Data_Privacy_Effects_on_Customer_a nd_Firm_Performance

LLP, P. What is the Data Protection Act, and how does it affect my business? Retrieved from https://www.bdbpitmans.com/insights/whatisthedataprotectionactandhowdoesitaffectmybusiness/

Data     Protection        Act      1998.          Retrieved from https://en.wikipedia.org/wiki/Data_Protection_Act_1998

What      is      a      Data      Subject?      Experian      Business.    (n.d.).          Retrieved       from


Data       Protection       /       Privacy       Policy       –       DCD.      (n.d.).                Retrieved    from


Johnson, K.Council Post: The Impact of Data Privacy on Your Business. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/09/14/theimpactofdataprivacyonyourbusiness/?sh=54fb2fe0196c

Written by- Anushka Satwani