Islamabad, (January 29, 2018): The growing privacy concerns about the misuse of personal and private data of citizens and grey areas in the legal framework call for the need of enacting a pro-rights data protection law and setting up an independent authority, overseeing data protection compliances.
Based on the findings from the Bytes for All, Pakistan’s new research study titled “Electronic Data Protection in Pakistan” presents a comprehensive overview of the existing legal framework pertaining to right to privacy both online and offline, a critique on Electronic Data Protection Bill (EDPB) 2005, global best practices vis-a-vis data protection and the case study of Pakistan.
The study also points out the loopholes and grey areas in the existing laws including EDPB and suggests that the draft bill if implemented in its current form would fail to provide protection to private and personal data of the citizens.
Country Director, Bytes for All, Pakistan, Shahzad Ahmad says, “Like it or not, our lives are increasingly linked with digital databases, where we leave our footprints, which can be misused by a host of actors including private companies and states. At a time, where digital surveillance promotes Orwellian, STASI like oppression, there is a dire need for pro-people, human rights based principles and practices, which protect citizens online and offline. This is particularly important in the case of Pakistan, where different citizens’ databases and safe city projects pose a serious threat to civil liberties”.
The research underscores the need of establishing a system of accountability for data breaches applicable to big data repositories including National Database & Registration Authority (NADRA) and Safe City projects, which are the largest repositories of biometric and facial imprints of Pakistani citizens.
The report recommends incorporating the principles of individual’s consent for processing data in any new legislation emphasizing that it is crucial to state in an unambiguous and intelligible manner. Moreover, the requirement of consent and consent withdrawal should be part of any data collection process.