Why can’t I delete my nudes? A case for Right to be Forgotten

Granting citizens across the globe the ‘right to be forgotten’ can be a welcome move in the Internet age, but legislating on it will require striking a fine balance between matters of privacy, censorship, freedom of expression and corporate policies.

Technology has fundamentally changed our lives, but it has also created inexorable and unanticipated societal repercussions. The fundamental principles inherent in our Constitution and the Indian legal system have faced the challenge of harmonising discordant facets and the impacts of such developments. The Right to Privacy was declared an integral part of the Right to Life and Personal Liberty (Article 21 of the Constitution) vide K. Puttaswamy Judgement by the apex court. Whether to consider the ‘Right to be Forgotten’ as part of the Right to Privacy is a conundrum which courts around the world, including the Indian judiciary, are being forced to consider or opine upon. The cause célèbre encompassing the Right to be Forgotten is the intersection of the Right to Freedom of Speech and Expression and Right to Privacy.

Processing certain personal data is permitted when the controller’s legitimate interest requires it. The controller’s economic interests are not enough to overcome the interference with the data subject’s privacy rights. The process to strike a balance between full access to uncensored information versus protecting a person’s image and well-being by allowing post-hoc censorship of information detrimental to that person has to be fact-intensive.


Counterbalancing conflicting fundamental rights in a contested digital space is a tightrope walk. The very jurisprudence of digital human rights is in a nebulous state where the boundaries of these individual rights coalesce and clash, making any estimation or evaluation fraught with polemics. For instance, consider the case concerning a Spanish citizen’s request to have personal information delisted from internet search engines. The Court of Justice of the European Union (CJEU) on 13 May 2014 passed a judgement which firmly established the “right to be forgotten” and also affirmed the idea that personal data should not be indefinitely stored in databases. But this ruling has had very divergent reactions. Significantly, this ruling went against the June 2013 opinion of Advocate General Jääskinen, who felt that the establishment of the “right to be forgotten” in the European Union would leave the bulk of the decision on fundamental rights down to search engines. He also opined that RTBF would curtail the right of expression of the original publisher of the said content. France’s data protection authority subsequently ordered Google to extend its removal of links to any Google site globally (not just limited to the EU). Google resisted this initially, refusing to comply with the French order on the ground that “no one country should have the authority to control what content someone in a second country can access”.

These judgments and orders were portrayed in the media as a battle between the right to privacy and the freedom of speech, and created widespread concerns regarding censorship in the garb of individual privacy. The US and European approach to the primacy of individual freedoms and rights are fundamentally different. While the US gives utmost importance to the freedom of speech and expression, even refraining from limiting hate speech at times, Europe culturally values privacy more than FOE. A future legal conflict would involve an asserted First Amendment right of free speech versus a statutory or common law right to be forgotten. In this scenario, the freedom of speech may start out with an edge, being an established constitutional right. Constitutional rights, however, are not absolute and subject to reasonable restrictions. Even in case of a conflict between two constitutional rights, there is still a need to decide how to resolve the conflict, and future constitutional law developments will be an interesting space to watch.


Privacy is an elusive concept which is difficult to define precisely. Generally, what we mean by privacy is a desire that our personal information be left alone and not interfered with. RTBF is actually a claim for control over our personal information. It is entirely up to individuals to decide how much of their private sphere they decide to share with others.

The notion of informational autonomy naturally finds application to the regulation of online privacy: both the EU and Strasbourg Courts have recognised it as a key value underlying both data protection and Article 8 ECHR. Recital 7 of the GDPR states that, “natural persons should have control of their own personal data”; the Strasbourg Court in one ruling opined that Article 8 ECHR, the right to privacy, “provides for the right to a form of ‘informational self-determination’.

It is true that the information available on the internet has been shared by individuals themselves in the first place, which is why some argue that people “invade their own privacy”. However, even in this culture of internet exhibitionism and voyeurism, it is only when someone’s control over their private sphere is taken from them that their privacy is invaded. Thus, the important postulate here is that, while the boundaries between self-expression and privacy will always vary between people, it in no way means that individuals should be deemed to have given up the core right to privacy.


Justice S.K. Panigrahi of the Orissa High Court recently observed that “allowing videos/photos of rape victims to remain on social media is violative of their fundamental right to privacy,” and also that “it is their (victims’) right to enforce the right to be forgotten as a right in rem”.

Several lawsuits and significant media attention surrounding revenge pornography have facilitated a transformation to the traditional philosophy which says that web searches should reflect the web in its entirety. The revenge pornography epidemic entails mostly vindictive postings on the internet of nude pictures by an “ex” without the other’s consent.

Google and other search engines have amended their policies to safeguard the rights of victims. This decision was made weighing the utility of public access to revenge pornography against the damage suffered by individual victims of this crime. This change clearly depicts the ability to recognise the intersection between right to privacy and freedom of speech and expression. It also reflects the slow encroachment of big tech into a quasi-judicial domain.

There have been a wide variety of attempts to deal with the deleterious effects of technology, especially regarding minors and women. The first law of its kind for protecting minors online was introduced on 1 January 2015 as the California’s Children’s Online Privacy Protection Act 2015 or ‘CalOPPA’. One of the aspects of CalOPPA was the ‘eraser button’, which mandates Internet companies to provide a method by which minors can delete a posted picture from a website. It also mandates websites to provide clear instructions to minors as to how they may remove content they have posted online and the website may be required to make certain content invisible to other website users. However, such erasure of content is limited to content posted by the individuals themselves but not content posted by someone else.


Implementation of the Right to be Forgotten in practice poses significant problems as it is impractical/ impossible to remove content from the internet effectively because of the ease with which content is duplicated and transferred and stored by data fiduciary and users. De-linking specific websites or images does little to prevent content from reappearing and content usually remains in its original location where people can continue to find it by typing in specific URLs into their browser or visiting that specific website.

Germany’s Federal Constitutional Court, the Bundesverfassungsgericht, issued a pair of rulings on ‘right to be forgotten’ cases, now called RTBF 1 and RTBF 2, where it circumscribed the reach and territorial application of the earlier Google Spain case, observing that “search engines must find a balance between the public’s right to information and an individual’s ability to live without impairment due to past events”. The judgments also clarified the relationship between the fundamental rights of the national constitution (Grundgesetz), the EU Charter of Fundamental Rights and the European Convention on Human Rights.


A hyper-connected world which makes individuals virtually omnipresent will cause tectonic political, psychological and social upheavals, unsettling traditional and accepted modes of interaction, interchange and strife. We are already moving in this direction as we see institutional changes where technology giants are increasingly taking over the functions of a democratic polity and acting as a quasi-judicial authority, adjudicating on questions of privacy, freedom of expression and criminal jurisprudence.

In an arena of conflicting rights, the means and measures for achieving congruence between seemingly incompatible objectives need to be developed with great care. The Right to be Forgotten has various contours which affect human dignity and well-being while overlapping with other fundamental rights. Evolving jurisprudence will have to take into account geographical and territorial application, national sovereignty, media privileges, individual liberties, transparency and accountability among other things.

New technologies will chart untrodden paths with monumental impacts on life, liberty and human dignity. While humanity embarks on this journey, it has to be mindful of basic human values and ensure that technology is only a means to an end—that of achieving human well-being.

Brijesh Singh, IPS, is an author and Inspector General of Police, Maharashtra. Khushbu Jain is a practising advocate before the Supreme Court and founding partner of Arklegal.