What is data?

WITH the fast paced advancements in technology and the increasing pervasiveness of information and community technologies (ICTs) in everyday life, our personal information is accessible to multiple parties including corporations, governments, hackers, stalkers and other third parties.

We have now entered what Klaus Schwab calls the fourth industrial revolution, which, he argues, is “characterised by a fusion of technologies that is blurring the lines between the physical, digital, and biological spheres”. This is causing a seismic shift in the way we live. Whereas there are multiple advantages to this that are being embraced and celebrated, like anything else, it comes with associated risks, and there is a need for law and policy to respond to these needs adequately in order to protect our personal data that is now becoming more accessible than ever before.

The role of data today — when is it used?

We give up a certain level of privacy each day to email and social media companies when we use the internet to connect and communicate with people or each time we search for something on the internet; when we use ride-hailing applications to commute as our location and movement is constantly tracked; to the government when our personal information is stored in national databases; and to banks that have access to our financial habits, and increasingly so with reliance on card and digital payments. In short, with more efficient communication, access to information, movement, governance, and financial activity, our privacy is compromised when our personal data is stored by companies and governments, as well as by individuals that may attempt unauthorised access to this information.

Our privacy is compromised when our personal data is stored by companies and governments.

What are the risks?

This is why data is now known as the most valuable resource — replacing oil and gold. Data breaches are not uncommon in Pakistan. The National Database and Registration Authority was named by WikiLeaks in June 2017 in a case where data of Pakistani citizens was shared with the US National Security Agency and the British Government Communications Headquarters, though Nadra has denied this claim. The Nadra website was also reportedly hacked in 2012, 2013, and 2015 by hackers based abroad.

Hacking of ATM machines in large Pakistani cities has also been reported this month, with customers losing thousands of rupees, and this breach has also caused losses to the banks. Further, telecom companies in Pakistan have been known to sell user data of subscribers to third parties, something that is even stated in the privacy policies of some companies. This is why most of us receive text messages advertising a wide variety of products, often time even unrelated to our consumption patterns.

Small businesses and especially technology-related start-ups are in need of data protection laws because they are susceptible to hacking and data breaches, and require legal relief in case hackers violate or steal their ideas and data.

Existing laws

In the existing legal framework of Pakistan, the right to privacy falls under Article 14 (1) of the Constitution, which states that the “dignity of man, and subject to law, the privacy of home, shall be inviolable”. However, the application of this right in the digital realm is yet to be seen. Only one section of the Electronic Transaction Ordinance, 2002, Article 43 (2) (e) recommends that the federal government may make regulations to provide for “privacy and protection of data of subscribers” but these are yet to be made. The Prevention of Electronic Crimes Act, 2016, provides for telecom and internet service providers to retain data for at least 90 days, but does not include any provisions that protect citizen’s data or privacy. A privacy commission still does not exist in Pakistan, though the IT ministry is on record saying that a draft data protection law is under way. It remains to be seen if key stakeholders including citizen groups are consulted in the drafting of this important law.

International examples

We can look to the example of the United Kingdom and India when it comes to data protection and privacy laws. The British government recently introduced a new draft data protection bill which will replace the 1998 law, and some key features include extended the “right to be forgotten” on the internet to “the right to innocence” whereby citizens can request social media sites to remove any content they posted before the age of 18. Further, the bill proposes tougher penalties on companies for data breaches, as well as a requirement by businesses to inform the UK information commissioner’s office about any breach within 72 hours. In India, the Supreme Court earlier this year ruled to recognise the right to privacy as a fundamental right linked to liberty and dignity of citizens, in a case where the constitutional validity of India’s biometric identity scheme Aadhaar was challenged.

What does a good data protection law look like?

In light of these transformative changes in the way we live and interact with one another, it is important for us to realise three important things. First, that the realm of what is private and should be protected has drastically expanded with technological advancements, and hence individual as well as legal efforts also need to expand to cover emerging aspects. Second, that the right to privacy is not a right in isolation but in fact intrinsically linked to other rights such as the freedom of speech and right to life, and this needs to be considered when any new laws and policies are promulgated. Third, the discourse on privacy itself has to be developed progressively so that corporate and state entities are mindful of privacy concerns when dealing with data, and citizens are equipped to claim justice in case of a breach.

It is high time privacy of our data was taken seriously so as to protect our digital as well as physical footprint, seeing how closely intertwined the two are becoming, not only for individuals but for small businesses and large corporations as well.

The writer is an activist and researcher, and director of Bolo Bhi, an advocacy forum for digital rights.

Twitter: @UsamaKhilji

www.usamakhilji.com

Published in Dawn, December 19th, 2017

Opinion

Sub judice rule
18 Sep 2021

Sub judice rule

It is time this objection, sub judice, is laid to rest.
The Black Caps folly
Updated 18 Sep 2021

The Black Caps folly

There is so much wrong — and worrying — about the entire sorry episode of New Zealand backing out of Pakistan tour.
CT NAP revisited
Updated 18 Sep 2021

CT NAP revisited

A policy of appeasement towards extremists has undermined the state’s writ.
Pathways for reform
Updated 17 Sep 2021

Pathways for reform

Even now the government has said they are listening, but they have not said how they are listening.

Editorial

Blinken’s remarks
Updated 18 Sep 2021

Blinken’s remarks

The US establishment cannot scapegoat Pakistan for two decades of bad policy in Afghanistan.
18 Sep 2021

Worrying survey

THE findings of the Labour Force Survey 2018-19 indicate that some important headline trends have already taken or...
18 Sep 2021

Special needs

THE fact that only 3,653 children with special needs, out of some 300,000 in Sindh, are registered with the...
TTP amnesty?
Updated 17 Sep 2021

TTP amnesty?

An amnesty should be for some individuals, not the entire outfit.
17 Sep 2021

Media regulation

THE needless controversy over media regulation may finally be heading for a resolution. In a meeting with ...
17 Sep 2021

Refusing audit

THE continuous resistance put up by several public-sector organisations to submitting their accounts for audit by ...