The internet has revolutionised the way we live, work and interact. Information, once confined to physical records, now exists in a vast digital landscape. While this accessibility offers undeniable benefits, it also raises concerns about privacy and the potential for information to haunt individuals indefinitely. This is where the concept of the ‘right to be forgotten’ comes into play.
The right to be forgotten empowers individuals to request the deletion or anonymisation of their personal data from search engine results. It grants a degree of control over information lingering from the past, potentially irrelevant or even harmful in the present. This right allows individuals to compel search engines like Bing or Google or similar search engines to de-list website links from search results where such information is inaccurate, outdated, irrelevant and unlawful.
The Right to be Forgotten Explained
The right to be forgotten allows individuals to request the removal of personal information from search engine results or online platforms. The landmark case of Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014) (Google Spain Case) established a legal foundation for the right to be forgotten in the European Union (EU). Mario Costeja González, a Spanish man, sought the removal of search engine results linking his name to a newspaper article about a social security debt auction 16 years prior. Despite the debt being resolved, the information continued to haunt him online. The Court of Justice of the European Union (CJEU) ruled in favour of González, recognising that search engine operators act as data controllers and individuals have the right to request the removal of outdated or irrelevant information from search results. This decision marked a significant shift in the balance between privacy and freedom of expression online. The court also found that individuals have a right to request the removal of links to personal data from search engine results pages.
Currently, Google has even published a video reminding people about this law, along with step-by-step instructions showing how to request content removals under the right to be forgotten. Though laws regulating the right to be forgotten might be different in different countries, the concept about this right is that personal information about an individual can be removed from search results under certain circumstances. However, such removal will not remove the articles from the web entirely but such links will not appear in search results of Google.
The Right to be Forgotten in the GDPR
The right to be forgotten found further legal grounding with the introduction of the General Data Protection Regulation (GDPR) in the European Union (EU). Article 17 of the GDPR codifies the ‘right to erasure’, granting individuals the right to have their personal data deleted under specific conditions. These include situations where the data is no longer necessary, consent is withdrawn, or processing is deemed unlawful. However, the right to be forgotten/erasure is not absolute. Exceptions exist to protect freedom of expression, public interest, and so on.
Significance of the Right to be Forgotten in Nepal
Though Individual Privacy Act 2075 (2018), Individual Privacy Regulations 2077 (2020), Constitution of Nepal, National Civil Code 2074 (2017) and National Criminal Code 2074 (2017) safeguard the right to privacy and prevent unwanted access of personal information of an individual, the laws in place do not enable individuals to request deletion of data that is already publicly available or requires third parties to remove such content.
Nepal currently lacks a legal framework explicitly recognising the right to be forgotten and the concept raises crucial questions for the country’s evolving digital landscape. In the digital era where stale information, especially negative news reports, can unfairly resurface during crucial moments, hindering employment prospects, reputations and even social interactions, Nepal is in need for regulation regarding the right to be forgotten.
The right to be forgotten empowers individuals to mitigate such discrimination based on outdated information. Similarly, unnecessary data retention increases the risk of breaches and leaks. This right encourages data minimisation, reducing the potential for compromising personal information.
While the right offers significant benefits, implementing it in Nepal necessitates addressing certain challenges like balancing right to be forgotten and freedom of expression, a technical implementation meaning that Nepal lacks a robust data protection regime and public awareness.
Implementing the Right to be Forgotten in Nepal
While the EU’s GDPR serves as a valuable model, Nepal needs to develop its own right to be forgotten framework tailored to its specific context. Some key steps which are necessary are as follows:
Legislative Framework: Enacting a provision in data protection law that explicitly incorporates the right to be forgotten is crucial. The current Individual Privacy Act should define the scope of the right, exceptions and procedures for enforcement.
Data Governance Body: Establishing an independent data protection authority is vital. This body would oversee data protection compliance, handle the right to be forgotten requests, and ensure accountability from data controllers.
Collaboration with Search Engines: Engaging with major search engines like Google to understand their de-indexing procedures and establish clear communication channels for right to be forgotten requests from Nepali citizens is essential.
In conclusion, the right to be forgotten empowers individuals to control their online presence by requesting the removal of outdated, irrelevant or harmful personal information from search engine results. This allows individuals to move on from past mistakes and protects them from unfair judgements based on stale information. In the digital age where information can persist indefinitely, this right offers a crucial safeguard.
While Nepal currently lacks a specific legal framework for this right, exploring its potential benefits and challenges is vital for safeguarding individual privacy and fostering a responsible digital ecosystem. Nepal can learn from the EU’s GDPR and adapt it to its own context, focusing on creating a legal framework, establishing a data protection authority, and collaborating with search engines. By fostering open discussions and exploring various approaches, Nepal can pave the way for a more balanced digital future for its citizens.