Facebook breach shows need for data privacy law, say rights experts

Published September 30, 2018
Digital rights experts have expressed concern over the potential risks to the user’s private data.— Reuters/File
Digital rights experts have expressed concern over the potential risks to the user’s private data.— Reuters/File

KARACHI: Following the massive data breach to Facebook, digital rights experts in Pakistan have reminded authorities of the pressing need for specific laws in the country to protect private data of individuals.

On Friday, Facebook revealed that 50 million accounts were breached in a security flaw exploited by hackers, which had prompted 90 million users across the globe to change their passwords.

The breach, it said, had taken place a few days earlier, on the afternoon of Sept 25. While Facebook claims that it has plugged the loophole, it has not stated what the consequences of the hack are.

In a telephonic briefing by Facebook’s executives later, it was revealed that the flaw affected more than just Facebook. If an account was impacted it meant that a hacker could have accessed any third-party application such as Instagram that was logged in using Facebook. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

Millions of users had to change passwords after social media giant revealed that 50m accounts were breached in hack

Among the 50 million accounts comprised in the hack, various users were logged out of Facebook in Pakistan as well. According to a digital report by global social media company, We Are Social and Hootsuite, there are 35 million active Facebook users in Pakistan in 2018 — a 13 per cent rise from the previous year.

Given the popularity of the social media giant in Pakistan, digital rights experts have expressed concern over the potential risks to the user’s private data.

“Access tokens which were [potentially] stolen in the hack are used to generate uninterrupted access to accounts without having to provide passwords every time. If these tokens were compromised than that means the hackers can fully control the account, including private posts and pictures,” said Asad Baig, executive director of NGO Media Matters for Democracy.

The breach also indicated that even Facebook — one of the largest digital service providers in the world — wasn’t safe from data breaches, he added. Baig pointed out that it was too early to predict the extent of damage this breach has done in terms of user data.

Generally, users input personal information — which may be at risk — on their profile, including date of birth, phone number, family members, and credit card information for business activities as well as professional details.

Way forward

Speaking to Dawn, Director of Bolo Bhi, an advocacy forum for digital rights, Usama Khilji said the breach was a reminder for enacting data protection laws in Pakistan for it would allow the country to potentially hold companies accountable for having security loopholes that compromise private data of individuals.

“Under the law, consumers could have a legal channel to claim damages for breach of privacy, something they deserve when their data is misused without their consent,” he said.

Earlier this year in July, the Ministry of Information Tech­nology and Telecommunication drafted the Personal Data Protection Bill 2018, proposing maximum punishment of up to two years imprisonment and five million rupees fine on unlawful processing of personal data. This proposed legislation applies to processors and any person who has control over the processing of any personal data.

The Constitution, the bill highlights, grants privacy of home alongside dignity of every man and woman as their fundamental right under its Article 14.

The draft bill identifies that in today’s digital age, personal data has become an extremely valuable commodity and for many businesses the sole source of their income is the personal data of users they generate. The personal data is often being collected, processed and even sold without knowledge of the person.

Section 35 of the data protection draft titled ‘Corporate Liability’ states: “A person shall be held liable for a criminal offence committed on his instructions or for his benefit or lack of required supervision by any individual, acting either individually or as part of a group of persons, who has a leading position within it, based on a power of representation of the person; an authority to take decisions on behalf of the person; or an authority to exercise control within it. The person shall be punished with fine not exceeding five million rupees.”

The draft proposes that within six months of coming into force of the law, the federal government shall establish a Commis­sion for Personal Data Protection (CPDP), which citizens can access easily in case of data breach.

“We need to consider an Asian Data Protection Regulation ratified and implemented by Asian countries, on the design of the General Data Protection Regulation (GDPR) (which standardises data protection law across 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information),” Baig suggested, adding this way if the Asian market was at risk from Facebook, it was likely that data protection and privacy would be taken seriously by and for the region’s users.

Published in Dawn, September 30th, 2018

Opinion

Editorial

Mental wellness
Updated 10 Oct, 2024

Mental wellness

On this World Mental Health Day, the message is clear: mental health at work must become a priority.
IHK poll results
10 Oct, 2024

IHK poll results

AN interesting political arrangement has emerged after polls concluded in India-held Kashmir. It appears that the...
Demonstrating intent
10 Oct, 2024

Demonstrating intent

THE finance minister appears confident about the direction his ministry is taking and seems firmly committed to...
Palestine MPC
Updated 09 Oct, 2024

Palestine MPC

It's a matter of concern that PTI did not attend the Palestine MPC. Political differences should be put aside when showing solidarity with Palestine.
A welcome reform
09 Oct, 2024

A welcome reform

THE Punjab government’s decision to abolish the corruption-ridden and inefficient food department, and replace it...
Water paradox
09 Oct, 2024

Water paradox

A FULLY fledged water crisis is unfolding across the world, with 2023 recorded as the driest year for rivers in over...