Indian Kanoon - Search engine for Indian Law

636.Thus, the European Union Regulation of 2016 has recognized what has been termed as ‘the right to be forgotten’. This does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification. If we were to recognize a similar right, it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/ information is no longer necessary, relevant, or is incorrect and serves no legitimate interest. Such a right cannot be exercised where the information/ data is necessary, for exercising the right of freedom of expression and information, for compliance with legal obligations, for the Supra performance of a task carried out in public interest, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise https://www.mhc.tn.gov.in/judis or defence of legal claims. Such justifications would be valid in all cases of breach of privacy, including breaches of data privacy.

37. The Data Fiduciary is expected to protect the personal data in its possession or in its control putting in necessary safety measures to prevent data breach. Intimation is to be given to the Board and to the affected Data Principal in the event of a data breach. Section 8(7) is important to this case, as it provides for erasure of personal data. Sub-clause (7) reads as follows:

https://www.mhc.tn.gov.in/judis (7) A Data Fiduciary shall, unless retention is necessary for compliance with any law for the time being in force,—

8 (5) A Data Fiduciary shall protect personal data in its possession or under its control, including in respect of any processing undertaken by it or on its behalf by a Data Processor, by taking reasonable security safeguards to prevent personal data breach.

47. The important ramification of the insulation as contained in Section 17(1)(b) is that the Section 8(7), that provides for erasure of personal data is now rendered inapplicable to Courts, tribunals and quasi-judicial authorities. The impact of this insulation, specifically upon the Data Principals have been addressed in the paragraphs to follow.

49. Under Chapter V, a Data Protection Board of India has been set up which provides for a Board with a Chairperson and Members. Chapter V deals with various details relating to the constitution of the board, their terms of reference and other matters.

50. Chapter VI deals with the powers, functions and procedure to be followed by the Board and contains Sections 27 and 28. The Board is to look into complaints of personal data breaches and Section 28 states that as far as practicable, the Board shall function as a digital office.