ISLAMABAD: The privacy policies of telecommunications providers in Pakistan are inconsistent, lack adequate oversight and updates and are not always readily available to the public, research has found.

The Digital Rights Foundation (DRF) on Friday released a report on ‘Telecoms Privacy and Data Protection Policies in Pakistan’, in which the NGO studied the country’s major telecommunications companies: Mobilink, Telenor Pakistan, Ufone, Warid and Zong, and found that their privacy policies have not met privacy and customers’ data protection standards.

The study found that none of the available privacy policies indicated an awareness of the provisions of the Prevention of Electronic Crimes Act (PECA) passed earlier this year.

The report stated: “Where provisions in the policies indicated that customers could contact the companies concerning possible privacy breaches, there were again inconsistencies, with Mobilink, for example, being unable to provide a privacy breach form on its website, despite stating so only a few paragraphs earlier.”


‘Policies and their public availability are inconsistent, lack oversight and updates’


DRF also noted instances where a telecommunications provider’s parent company had clear privacy policies and safeguards “in the event of requests made by government or non-government entities” while their Pakistani subsidiaries had only generic privacy policies “if at all”.

The study noted the case of Telenor Pakistan, which lacked clear and detailed privacy policies for dealing with cellular telecommunications data while its parent company the Telenor Group had detailed measures in this regard.

The study also found that while other companies did have some policies “gathered or compiled in one location or webpage”, Zong did not have “clearly defined or easy to find” privacy policies.

According to the study’s main findings, published on the DRF website, the closest Zong came to a privacy policy was “a section of the company’s Code of Commercial Conduct section, which listed the laws of Pakistan that Zong and its parent, China Mobile Pakistan, must adhere to”.

The study also stated that telecommunication companies must not only develop in-depth privacy policies, but should also make them “readily and widely available to citizens that may not speak English” but speak Urdu, Punjabi or other regional languages widely spoken in the country.

Research methodology

“It took six months to complete the study, as Pakistan’s cellular companies were not at all ready to cooperate despite a number of attempts and appointments sought with them,” DRF Executive Director Nighat Dad told Dawn.

According to the report, a series of questions were to be given to officials at each telecommunications company responsible for the creation and development of each privacy policy.

There were two batches of questions; the first was to be given to the officials, which covered whether the company had a privacy policy that was easily accessible to customers and the public, what safeguards were in place to protect customer data, what were the standard operating procedures and framework for local or foreign government requests for user data and the ramifications for the company after the passing of the Prevention of Electronic Crimes Act.

The report stated that there was to be a series of follow-up questions after the initial set, which “never came to pass”. “Despite numerous attempts to either make initial or follow-up contact with the major cellular telecoms companies in Pakistan, we were left with a total lack of responses...even in cases where companies we reached out to had initially agreed to get back to us with answers.”

“In the first step, we tried to search the companies’ websites and tried to contact them. The policies were not mentioned on the websites, and companies could not be contacted through their websites – whenever we tried to send complaints, we received messages saying ‘that link is not available’,” Ms Dad said.

“In the second step we tried to reach out to cellular companies’ representatives, who deal with the policies, but they did not meet with us or respond to us. After that, we had no choice but to form a report based on the information available on their websites.”

Scorecard

The report also included a scorecard that rated the privacy and data protection policies of the aforementioned companies, and ranked them according to the language of the policies, ease of understanding and accessibility, clarity concerning what data is collected and how it is it stored, the purpose of storing the data and the circumstances under which it is shared with third parties.

The report’s summary stated that Mobilink and Warid’s privacy and data protection policies were “good, with room for improvement”, Ufone’s need improvement and Telenor and Zong’s are “concerning”.

Published in Dawn December 31st, 2016

Opinion

Editorial

More pledges
25 May, 2024

More pledges

THE administration’s campaign to bring Gulf investment to Pakistan continues apace, with the prime minister...
Pemra overreach
25 May, 2024

Pemra overreach

IT seems, at best, a misguided measure and, at worst, an attempt to abuse regulatory power to silence the media. A...
Enduring threat
25 May, 2024

Enduring threat

THE death this week of journalist Nasrullah Gadani, who succumbed to injuries after being attacked by gunmen, is yet...
IMF’s unease
Updated 24 May, 2024

IMF’s unease

It is clear that the next phase of economic stabilisation will be very tough for most of the population.
Belated recognition
24 May, 2024

Belated recognition

WITH Wednesday’s announcement by three European states that they intend to recognise Palestine as a state later...
App for GBV survivors
24 May, 2024

App for GBV survivors

GENDER-based violence is caught between two worlds: one sees it as a crime, the other as ‘convention’. The ...