The digital age has unlocked the ability to archive, interconnect and transmit data globally. As of 2022, 4.66 billion people worldwide have internet access, while global internet traffic exceeds 100 GB/s. Platforms like search engines and social media thrive on maximising user engagement through personalised profiling based on an ever-expanding trove of personal data. Once online, such data attains near-permanence and visibility irrespective of individual wishes, with privacy implications unforeseeable during initial disclosure.

Consequently, countries like France argued for user empowerment. This sparked the “right to be forgotten,” enabling citizens to have some control over outdated information and trailing them indefinitely without legitimate grounds. The right empowers individuals to request the removal of outdated or irrelevant personal information from public access. As vast amounts of our data—photos, posts and histories—are collected online, this right lets individuals curate their digital identities. If granted, search engines and websites remove links to the targeted information. This concept originated in Europe with strong data protection laws, but many countries, including Nepal, still lack it.

Nepal’s case

Nepal’s constitution guarantees the right to privacy under Article 28. Citizens are protected from unauthorised interference in their homes, properties and communications. However, the right to privacy differs fundamentally from the right to be forgotten.

The privacy rights prevent unwanted access to personal information but do not enable individuals to request the deletion of data that is already publicly available or require third parties to remove content mentioning them. The right to be forgotten functions as an additional layer of personal data protection, granting citizens control over obsolete information about themselves rather than just restricting real-time interference. As such, even robust constitutional privacy protections cannot substitute concrete recognition of the right to be forgotten.

Introducing the right to be forgotten expands citizens’ autonomy over their digital identities and data trails. While privacy only prevents unwanted intrusion into private life, the right to be forgotten allows control over past information made public, perhaps even legitimately. Nepal, in its third constitutional amendment, can dignify this right to expand citizen autonomy. The government should define clear erasure protocols, establish an independent data governance committee and limit commercial data retention for an ethical digital future.

Inspired by the European Union’s landmark Costeja Gonzalez case, Asia is increasingly recognising this right. India, Thailand, Taiwan, the Philippines and South Korea have similar data protection laws, demonstrating a shift toward giving people control over their digital footprints. Nepal should also join this ethical trend, aligning with progressive governance and pan-Asian norms. The country can champion privacy, ethics and individual progress only by introducing the right to be forgotten.

Supporting the right

Just as we accept people’s capacity to learn, grow and change with time offline, so should legal frameworks empower individuals to curate digital records to reflect their evolution. More specifically, the right to be forgotten upholds privacy and data protection, especially of sensitive information, by facilitating the removal of data trails revealing health issues, financial troubles, youthful indiscretions or other details an individual may prefer not to remain permanently searchable. It enables minimising discrimination based on stale or contextualised data that unfairly surface during key junctures like seeking jobs, insurance or loans even years after the incident. Permitting citizens to delete old data minimises security risks from potential leaks of unnecessary archives. It grants individuals reasonable control over digital records from their past while allowing genuine and public-interest information to remain available.

However, critics worry that enabling the unqualified erasure of publicly posted valid information could lend itself to censorship and undermine free speech principles. Additionally, the operational burdens and expenses involved in implementing automated data removal systems at scale cannot be dismissed and must be balanced against individual rights. Another concern is that although we must respect individuals’ consent and dignity, retaining anonymised psycho-social insights derived from human activities can benefit future generations.

As with all rights, the potential for misuse, such as public figures selectively deleting facts to evade accountability, cannot be ignored. The calls for indiscriminate and unqualified “right to be forgotten” measures also require a closer re-examination of whose rights and interests are being upheld. Therefore, a balanced regulatory approach can be prudent.

The solution likely entails developing nuanced policies codifying baseline control rights while retaining appropriate oversight safeguards. The right should balance privacy with public interest. Citizens must control outdated personal data, especially sensitive information, while preserving information like convictions or political decisions. Collaboration between regulators and tech experts could create efficient data management solutions.