Data is something that is all around us and is created in almost every action we do in the digital world. We actively exchange data online, and data is generated whenever we perform any activity only. Booking a ticket online, ordering a meal from a food delivery app, or using public transit, all contribute to exchanging data online. When data is of significant value, there is ambiguity about it, and several companies are inclined to use this approach to data.
In today’s technologically advanced world, data is the new currency. Data security and privacy are currently receiving much-needed attention, as they should be. Despite all of the information available, data’s potential is yet unknown. Given that businesses collect a large amount of sensitive user data to provide services, it is reasonable to assume that security must be a top priority.
Legal scholars all across the world are still trying to figure out what these basic data concepts mean. While other nations have enacted comprehensive data privacy laws in response to the pressing need, Pakistan lags in the race to secure the public’s data.
With the rise of user-generated data and the exponential industrial worth of data, it’s becoming increasingly important for government authorities to defend individuals’ data rights. Individuals’ personal data is protected by data-protection legislation, which governs the collection, use, transfer, and disclosure of such data. They also provide individuals access to their data and impose accountability standards on companies that collect personal data, as well as giving remedies for unauthorized or harmful processing.
Customer information, personnel records, data collecting, and transactions are all examples of vital information that should be safeguarded on your website. Identity theft, phishing, and hacking are all examples of fraudulent actions that may be prevented with data protection. Names, emails, addresses, health information, phone numbers, and a credit card or bank details may be stored by your company. Such data contains sensitive information that, if it falls into the wrong hands, might jeopardize the security of all parties concerned.
In recent years, Pakistan has had several data breaches, indicating the necessity for the nation to reassess its cyber security policy in the battle against identity theft. Pakistan must prioritize the creation of strong data protection and cybercrime laws as part of a larger cyber security policy that prioritizes citizen rights.
Cyberlaw advocates have long urged that data protection regulations must always be included in cyber security frameworks to avoid breaches and exploitation of individuals’ personal information. National identity card programs like NADRA, which is one of the world’s biggest centralized citizens’ databases, show how such systems may have large-scale and long-term privacy concerns.
In Pakistan, leaks of government-held databases and corporate-held databases continue to be the leading cause of identity theft-related crimes.
Pakistan doesn’t have any comprehensive legislation that deals with the protection of data and privacy. The Prevention of Electronic Crimes Act, 2016 (‘PECA’) is currently the primary legislation that provides a legal framework concerning various kinds of electronic crimes and also extends to the unauthorized access to personal data.
The Constitution of the Islamic Republic of Pakistan accords the right to privacy as a fundamental right. Article 14(1) of the Constitution confirms that “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable.” Pakistan’s Courts have not been able to lay down any scope for the right of one’s information privacy (which involves the establishment of rules governing the collection and handling of personal data such as credit information and medical records).
The Ministry of Information Technology and Telecommunications (‘MOITT’) has further promulgated the Removal and Blocking of Unlawful Online Content (Procedure, Oversight and Safeguard) Rules 2020 (‘Unlawful Online Content Rules’), under Section 37 of PECA. Section 37 of PECA provides that the Pakistan Telecommunication Authority (‘PTA’) will have the power to remove, block, or issue directions for the removal or blocking of access to information through any information system if it considers it necessary concerning, inter alia, incitement of any offense under PECA.
In addition to the above, MOITT had introduced the Personal Data Protection Bill 2021 (‘the Bill’), which is yet to be promulgated into law. The Bill, once enacted, will be the main legislation regulating controllers and processors of personal data in Pakistan and will apply to any person who processes, has control over, or authorizes the processing of any personal data, provided that the data subject, data controller, or data processor (either local or foreign) is located in Pakistan.
The EU had adopted the General Data Protection Regulation (GDPR) to harmonize data privacy laws across all of its member countries as well as provide greater protection and rights to individuals. GDPR was also created to alter how businesses and other organizations can handle the information of those that interact with them. There’s the potential for large fines and reputational damage for those found in breach of the rules. In addition, the US and the EU have implemented the EU-US Privacy Shield Framework outside of their respective country-specific regulations. Not to mention, while other nations are still working on their privacy laws, China released the first draft of its Personal Information Protection Law (PIPL) for public comment on October 21, 2020, as their response to GDPR, which was too specific to Chinese norms.
Various nations’ measures imply that Data Privacy legislation should be implemented. Regrettably, Pakistan’s data protection laws are almost non-existent. Pakistan to secure people’s information and defend their data privacy, regardless of developments in the digital world.
