News, Technology

Data Protection Act & Privacy: Pakistan needs it badly

Mohammad Farooq Written by Mohammad Farooq ·  3 min read >

In this digital day and age, when everything is getting transformed by technology and revolutionizing the world, Pakistan still lacks a Data Protection Act and Privacy Laws to protect its citizens. It is a pity that the Data Protection Act 2005 is still in a draft form and has not been promulgated into law since the last 9 years. Considering the changes that have taken place starting from the evolution of smartphones and tablets to the Snowden revelations, it is baffling to see the Government being so naive and failing miserably to implement the draft DPA 2005 with much-needed alterations.

The enactment of the DPA 2005 into law is an absolute necessity for starters sake. In the absence of any Data Protection Act, our data being held by companies and others alike is vulnerable to being breached and misused. With the enactment of a DPA, it can enshrine the basic right of privacy guaranteed to any Pakistani citizen by our Constitution. After all, online secrecy is a globally acknowledged right of every citizen under the Article 12 of the United Nations International Declaration of Human Rights, 1948.

We need Data Protection more than ever now

With the advent of 3G & 4G services in Pakistan, and the availability of high speed internet increasing every given month, the lack of a Data Protection Act is a violation of privacy principles worldwide. The increase in internet usage is leading to a massive expansion in flow of information and data for companies to collect and collate. Which then leads to the question, in absence of any Data Protection Act how is our data being stored and collected being used? Isn’t it synonymous with our identity being stolen and used without our prior knowledge and consent?

Are Telecom Operators protecting our data?

The information being collected by telecom companies for example, includes our personal details having our address, telephone numbers and of course our NIC, biometric identification at their disposal. Due to the lack of a Data Protection Act, we can neither sue the companies for any breach of data that occurs and how can they be held them liable? Which then leads to the question how are these companies protecting our data, because confidential information is at risk of being leaked out. Is the data being stored on their servers, encrypted in any given way?

Without prior user consent, data should not be shared with third parties. The aim of a Data Protection Act is to create a balance between the rights of individuals and competing interests of those with legitimate reasons for using personal information. The fast moving pace at which technology is innovating, advancing and accelerating, the data protection policies and guidelines are failing to keep up to date.

Why should Pakistan be left behind?

It’s worrisome to see that as Pakistan makes the foray into the digital age, with a growing percentage of work being done online, from banking, marketing, and management to technology outsourcing; we have no law to address data protection and privacy. The issue being faced worldwide with data protection & privacy laws are their in-adeptness to protect individuals from the privacy implications that upcoming technologies present.

Take for example, the Internet of Things! Pakistan is lacking behind its peers in terms of providing adequate protection for the data and privacy of individuals online in the digital sphere. As more internet startups gear up and with the rise of entrepreneurship in Pakistan, businesses going into the e-commerce line and so much flow and exchange of information taking place it is imperative a Data Protection Act is promulgated.

All mega corporations or big businesses have to legally comply with data protection and privacy laws in their respective jurisdictions. It is part of essential business ethics and practice to develop a bond of trust with their customers. In case of a Data Protection Act being promulgated in Pakistan, all these companies will be contractually bound to comply with the law in place. There can be implications in cases of a data breach and organizations can be held liable for it, be heavily fined which can hamper their reputation, goodwill and business relationships. Lackluster controls in terms of data protection can be catastrophic for companies and can leave them open to being sued by customers for the confidential information that is leaked out.

How is Data Protection a hurdle for online startups in Pakistan?

One of the biggest obstacles to doing online business in Pakistan is the lack of data protection. Because confidential business and customer data can easily get hacked and leaked, many Internet startups in Pakistan are being faced with a growing concern. Companies doing business in Pakistan, should take the lead in enacting data protection and privacy policies at an organizational level. In absence of a Data Protection Act, all these companies need to form a consortium and formulate data protection guidelines, frameworks and privacy policies upon which they agree.

For example, a consortium of telecom companies or those involved in collating health data comes to mind! Data protection and privacy frameworks, policies and guidelines that get formulated need to have a firm foundation. They should be flexible and open to adaptation for any emerging trends in technology. The premise of digital evolution is ever growing and wieldy in Pakistan, it is of great importance to enact Data protection and Privacy laws to protect the consumers at large.

Written by Mohammad Farooq
Farooq is currently writing for Dawn and TechJuice. He is also volunteering for Digital Rights Pakistan. Profile