For the last couple of years, France has been fighting a ‘battle’ with a private enterprise that operates in the virtual world called Google, an American technology company with a global footprint specialising in Internet-related services and products. During the last week of May 2016, the French police raided Google’s Paris headquarters due to suspicions about tax evasion and money laundering. Google could be asked to pay around 10 million Euros in fine, if found guilty.
In addition, the French government is also at loggerheads with Google over the issue of ‘Right To Be Forgotten’ or RTBF. Some French citizens want some information available about them in the Internet to be expunged. This particular issue has global relevance because it is not only about French or European citizens having the right to be forgotten in the cyber world, but also about people in the rest of the world. In March 2016, French authorities have given a decision against Google in this regard and imposed a fine of 100,000 Euros for the company’s failure to remove ‘right-to-be-forgotten’ requests from its global search results. This fine is minuscule: probably Google makes that amount of money every hour; some say the amount is equivalent to less than what Google generates in sales in 10 minutes (Google approximately earns around USD 75 billion a year). Yet, a few days ago, Google took this fight against France’s privacy watchdog to the country’s highest administrative court. Google contends that it is in full compliance with the laws of countries in which it operates and does not want those laws to force it to decide its global business strategies. What France is asking is to delete the links (which are to be forgotten) globally. But Google is refusing to delete links globally because it would indirectly indicate that French law applies throughout the world. Google fears that if it complies with the French demand then many other states could start insisting that their laws regulating information also have a global reach.
In today’s world, the Internet is a boon and even a necessity for survival. However, the Internet has certain disadvantages too in terms of privacy issues, data theft, and masking identity. The ‘right to be forgotten’ also gets projected at times as a limitation of the Internet. Because, in the absence of such a right, the past of an individual which he/she no longer wants the rest of the world to know, would always remain accessible. Hence, the human (read Google) behind the Internet needs to ensure that such a right exists. It is also important to note that Google is not the only search engine in the world. However, since Google has more than 95 per cent market share in this business, it has become the focus.
The ‘right to be forgotten’ (in its present format) is a very recent debate, as recent as 2014. The Court of Justice for the European Union (CJEU) gave a ruling that year that Google must remove links to certain content upon request from EU residents. A decade ago (2006), some discussion on this concept had taken place in the EU and also in Argentina. Also, legal provisions were made concerning this issue. There is no specific definition of the term ‘right to be forgotten’. Broadly, it indicates that individuals have a right to ensure that certain data related to them gets deleted from cyber space. Such data could be in any form like documents, photographs, audio or video information.
In 2014, Google did agree to the court verdict and entertained individual requests. One and a half million URLs (Uniform Resource Locators) were reviewed based on such requests and 43 per cent were removed. However, it needs to be noted that most of the requests accepted were URLs concerning copyright. Initially, it was agreeable to Google that if a person from Germany or the UK makes a request then the URL would not be visible throughout the EU region. Subsequently, however, the problem has become complicated owing to various Google Search domains. Now, the problem is that the URL gets removed from google.fr domain in respect of the request from France and also from other European domains like google.de, google.uk, etc. But the URL would not be dropped from google.com.
How is the world outside Europe addressing this problem? Many states like Russia, China, and Japan are also found taking hard-line positions against Google to protect the privacy of their citizens. Google on its own has extended its cover on RTBF to Switzerland, Iceland, Norway, and Liechtenstein. There is also an increasing awareness in India on this issue.
‘In India, Information Technology Act, 2000 and Information Technology Rules, 2011 do not cover right to be forgotten. Rule 3 of the Information Technology Rules, 2011 states that due diligence has to be exercised by intermediaries to make sure among other things that the data does not invade another’s privacy. Right to be forgotten is not provided for anywhere in the Indian legislation’.1
But Indian courts have taken this issue seriously and have admitted some cases in this regard. At present, these cases are under consideration in the Delhi High Court and Supreme Court and some decisions are expected to be announced during September 2016.
Today, many countries have taken a clear position that data should vanish totally and globally. In the United States, however, there is still some confusion on this issue. In the view of one analyst, ‘the right to be forgotten debate pits American free-speech fanatics against European privacy zealots’.2 The French are asking as to how the geographic origin of those viewing the search results could dictate privacy? Here, the focus is on extraterritoriality. However, there is much more to it and there are various shades of human rights, write to information and free-speech aspects involved in this debate. Is the ‘right to be forgotten’ a form of censorship aimed at concealing the past? It is important for individuals to be responsible for the personal data they upload online. Why should a legal framework be put in place for their stupidity or carelessness?
There are some technicalities also involved. For instance, it is difficult for Google to verify the genuineness of the complaint, what could be the criteria to judge which URL is in the public interest and which is not, why the realities of life should be hidden just because an individual wants to. Also, it is felt that the right to be forgotten has limited relevance because once the information is made available on the Internet, it would get cached, archived or reposted on the Internet itself or could also be made available (at a cost or otherwise) by those who have already stored it.
Google is also being criticised for lack of transparency in its dealings with requests for ‘right to be forgotten’. The company is not ready to explain how the review process works.
At present, the entire debate on ‘right to be forgotten’ is mainly focused on individual freedom and individual rights. However, it is important to look at this issue from a security angle too. Recently, Indian defence officials have been advised not to use smart phones due to the possibility of data theft. Many serving and retired defence/police personal, scientists, policy makers (and their families) are using mediums like Facebook, twitter, Whatsapp and other applications routinely. Inadvertently, they are making some ‘useful’ information available in the virtual world which could get misused. It is important that some such information gets removed (forgotten) from the security point of view. Also, the Internet is infested with correct, incorrect and inappropriate information with regard to various defence establishments which could be better forgotten than read.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.