September 28, 2020

The new draft of Pakistan’s Data Protection Law hints at government’s attempt to control citizens’ data

Photo by Philipp Katzenberger on Unsplash

The Ministry of Information Technology and Telecommunications (MoITT) has shared the new draft of Personal Data Protection Bill 2020, and has opened it for public consultation. The bill is the first update since the previous version in 2018, that various civil society organisations  sent recommendations on. The recent version of the Bill is aimed to be collecting recommendations from stakeholders until May 15.

Media Matters for Democracy (MMfD) released a statement highlighting that while they appreciate that the bill has been opened for consultation, it also empasises the shortcomings of the new draft, and mentions that it introduces “measures that are not only anti-democratic but also a negation of international best practices.”

The bill, that has been under the process of drafting since 2017, poses to be protecting citizens’ right to privacy when the intention of the draft seems to be giving excessive powers to the authorities to control citizens’ data. The statement by MMfD further highlights the key concerns that the organisation has based on the initial analysis of the bill.

Apart from being ambiguous in how it defines terms, the bill requires the formation of a seven-member Personal Data Protection Authority of Pakistan that will oversee the implementation of the law once passed. MMfD highlights this as one of their key concerns on the bill, and points out that with this Authority, the government has attempted to centralise all powers which is against the constitution of Pakistan that mandates separation of power. The bill further grants sweeping powers to this Authority to determine what constitutes ‘Critical Data’ and whether it should be protected.

The statement also points out that the bill suggests personal data of the citizens as the property of the government, resulting in lesser control of the citizens on their data saved on public and private servers.

Sadaf Khan, Director Programs at MMfD, says, “While the process of drafting this legislation has been going on since 2017, the authorities shared this update during a pandemic when all energies and attention is invested on dealing with various challenges that are coming with the healthcare emergency. However, this time also highlights why it should have been passed earlier.” She adds, “As the government is employing surveillance technology to control the spread of COVID-19 in the country, citizens’ right to privacy is increasingly being neglected, a practice that will have long-term impact on this fundamental right. The need is to act in the interests of the citizens and their rights instead of how more control can be exerted on their information.”

Earlier, the MoITT passed a set of rules called Citizens Protection (Against Online Harm) Rules, 2020 that were intended to regulate social media companies in the country. The Rules were passed under two Acts, the Prevention of Electronic Crimes Act (PECA) 2016, and Pakistan Telecommunication (Re-Organisation) Act of 1996, without prior consultation with stakeholders. The undertone of these rules, also, suggested the authorities’ attempt to control citizens’ data that would further violate right to privacy, data protection and freedom of expression in the country. The status of the Rules are currently unknown.

Written by

Hija is a Programs Manager at Media Matters for Democracy. She combines her experience in digital rights in Pakistan to lead digital rights and internet governance advocacy of MMfD. She tweets at @hijakamran

No comments

leave a comment