Protecting personal data

Published April 25, 2018

ON Monday, ride-hailing company Careem, which has been operating in Pakistan since 2015, announced a massive security breach had occurred in January, potentially compromising the personal data, collected through its app and stored on its computer systems, of over 14m users (riders and drivers alike) across 13 countries. Such a major cyberattack has once again exposed vulnerabilities in protecting individuals’ digital identities, particularly in Pakistan where, despite a burgeoning internet user base, there is as yet no legal framework for data protection. Such protection places limits on what, how, and for what purpose data is harvested by private and state entities. Although one of the stated objectives of the flawed Prevention of Electronic Crimes Act, 2016, is to “afford protection to citizens”, the law addresses cyber security from a distinctly national security, not digital privacy, perspective. And despite the IT ministry’s repeated claims last year to introduce a data protection bill, it has yet to materialise.

Pakistan is not an island; our digital footprints extend to, and are affected by attacks on, international databases. While enacting data protection legislation will not, ipso facto, protect the country from such breaches, it is nonetheless essential for ensuring transparency, legitimacy and accountability for all stakeholders. Consider how, here at home, we have experienced a major ATM skimming scandal in recent months, Punjab’s land holdings records were hacked last year, and Nadra’s database has reportedly been compromised on several occasions in recent years. Yet our government continues to fail to recognise the magnitude of this emergent threat and, consequently, has failed to guarantee its citizens’ fundamental right to privacy. The realm of privacy has rapidly expanded with increased ICT use, and the lack of legal safeguards can hurt consumer and investor confidence in the country, especially in our nascent e-commerce and online banking regimes. A law that prioritises protecting citizens’ personal information, places effective limits on corporate interests and state security imperatives for data mining, and adopts safeguards against unauthorised data collection and use, is crucial in this day and age. Unlike the case with Peca, where recommendations made by digital advocacy experts, civil society and private companies were ultimately ignored, the government might hopefully engage more meaningfully with such consultations, improve the national discourse on digital privacy, and introduce a bill that reflects the best interests of its citizens.

Published in Dawn, April 25th, 2018

Opinion

Editorial

Afghan turbulence
Updated 19 Mar, 2024

Afghan turbulence

RELATIONS between the newly formed government and Afghanistan’s de facto Taliban rulers have begun on an...
In disarray
19 Mar, 2024

In disarray

IT is clear that there is some bad blood within the PTI’s ranks. Ever since the PTI lost a key battle over ...
Festering wound
19 Mar, 2024

Festering wound

PROTESTS unfolded once more in Gwadar, this time against the alleged enforced disappearances of two young men, who...
Defining extremism
Updated 18 Mar, 2024

Defining extremism

Redefining extremism may well be the first step to clamping down on advocacy for Palestine.
Climate in focus
18 Mar, 2024

Climate in focus

IN a welcome order by the Supreme Court, the new government has been tasked with providing a report on actions taken...
Growing rabies concern
18 Mar, 2024

Growing rabies concern

DOG-BITE is an old problem in Pakistan. Amid a surfeit of public health challenges, rabies now seems poised to ...