Internet users have the right to erase their online data but will have to provide an adequate reason for the same. Technically called "Right to be forgotten" essentially allows users to restrict or prevent the continuing disclosure of his personal data to an entity that collects data. But the right is not absolute and only applies in certain circumstances.

But according to the proposed data protection bill, the right to be forgotten may be enforced only on order of the Adjudicating Officer. The consumer will have to make an application for exercising this right.

If a user is not happy with the decision of the adjudicating officer, he can file an appeal with an appellate tribunal. In the draft bill circulated in 2018, there was no provision to appeal the decision by the adjudicating officer.

"Provided that no order shall be made under this sub-section unless it is shown by the data principal (consumer) that his right or interest in preventing or restricting the continued disclosure of his personal data overrides the right to freedom of speech and expression and the right to information of any other citizen," the proposed bill states.

There are three reasons under which a user can seek the erasure of data. The data collected (a) has served the purpose for which it was collected or is no longer necessary for the purpose; (b) was made with the consent of the data principal (the entity which collects data) under section 11 and such consent has since been withdrawn; or (c) was made contrary to the provisions of this Act or any other law for the time being in force." the bill states. This is similar to the GDPR law enacted in Europe.

If a valid erasure request is received and no exemption applies then entities that have stored the user data will have to take steps to ensure erasure from backup systems as well as live systems.

 

Related Topics
comment COMMENT NOW