Facebook breach shows need for data privacy law, say rights experts

Published September 30, 2018
Digital rights experts have expressed concern over the potential risks to the user’s private data.— Reuters/File
Digital rights experts have expressed concern over the potential risks to the user’s private data.— Reuters/File

KARACHI: Following the massive data breach to Facebook, digital rights experts in Pakistan have reminded authorities of the pressing need for specific laws in the country to protect private data of individuals.

On Friday, Facebook revealed that 50 million accounts were breached in a security flaw exploited by hackers, which had prompted 90 million users across the globe to change their passwords.

The breach, it said, had taken place a few days earlier, on the afternoon of Sept 25. While Facebook claims that it has plugged the loophole, it has not stated what the consequences of the hack are.

In a telephonic briefing by Facebook’s executives later, it was revealed that the flaw affected more than just Facebook. If an account was impacted it meant that a hacker could have accessed any third-party application such as Instagram that was logged in using Facebook. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

Millions of users had to change passwords after social media giant revealed that 50m accounts were breached in hack

Among the 50 million accounts comprised in the hack, various users were logged out of Facebook in Pakistan as well. According to a digital report by global social media company, We Are Social and Hootsuite, there are 35 million active Facebook users in Pakistan in 2018 — a 13 per cent rise from the previous year.

Given the popularity of the social media giant in Pakistan, digital rights experts have expressed concern over the potential risks to the user’s private data.

“Access tokens which were [potentially] stolen in the hack are used to generate uninterrupted access to accounts without having to provide passwords every time. If these tokens were compromised than that means the hackers can fully control the account, including private posts and pictures,” said Asad Baig, executive director of NGO Media Matters for Democracy.

The breach also indicated that even Facebook — one of the largest digital service providers in the world — wasn’t safe from data breaches, he added. Baig pointed out that it was too early to predict the extent of damage this breach has done in terms of user data.

Generally, users input personal information — which may be at risk — on their profile, including date of birth, phone number, family members, and credit card information for business activities as well as professional details.

Way forward

Speaking to Dawn, Director of Bolo Bhi, an advocacy forum for digital rights, Usama Khilji said the breach was a reminder for enacting data protection laws in Pakistan for it would allow the country to potentially hold companies accountable for having security loopholes that compromise private data of individuals.

“Under the law, consumers could have a legal channel to claim damages for breach of privacy, something they deserve when their data is misused without their consent,” he said.

Earlier this year in July, the Ministry of Information Tech­nology and Telecommunication drafted the Personal Data Protection Bill 2018, proposing maximum punishment of up to two years imprisonment and five million rupees fine on unlawful processing of personal data. This proposed legislation applies to processors and any person who has control over the processing of any personal data.

The Constitution, the bill highlights, grants privacy of home alongside dignity of every man and woman as their fundamental right under its Article 14.

The draft bill identifies that in today’s digital age, personal data has become an extremely valuable commodity and for many businesses the sole source of their income is the personal data of users they generate. The personal data is often being collected, processed and even sold without knowledge of the person.

Section 35 of the data protection draft titled ‘Corporate Liability’ states: “A person shall be held liable for a criminal offence committed on his instructions or for his benefit or lack of required supervision by any individual, acting either individually or as part of a group of persons, who has a leading position within it, based on a power of representation of the person; an authority to take decisions on behalf of the person; or an authority to exercise control within it. The person shall be punished with fine not exceeding five million rupees.”

The draft proposes that within six months of coming into force of the law, the federal government shall establish a Commis­sion for Personal Data Protection (CPDP), which citizens can access easily in case of data breach.

“We need to consider an Asian Data Protection Regulation ratified and implemented by Asian countries, on the design of the General Data Protection Regulation (GDPR) (which standardises data protection law across 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information),” Baig suggested, adding this way if the Asian market was at risk from Facebook, it was likely that data protection and privacy would be taken seriously by and for the region’s users.

Published in Dawn, September 30th, 2018

Opinion

Editorial

Back to bedlam
Updated 25 May, 2022

Back to bedlam

FEAR tactics have never worked in the past, and most likely will not this time either. The government’s ...
25 May, 2022

Balochistan blaze

THE forest fire on the Koh-i-Sulaiman range in Balochistan’s Shirani area is among a series of blazes to have...
25 May, 2022

Unequal citizens

INDIFFERENCE would have been bad enough, but the state’s attitude towards non-Muslims falls squarely in the...
Updated 24 May, 2022

Marching in May

MORE unrest. That is the forecast for the weeks ahead as the PTI formally proceeds with its planned march on...
24 May, 2022

Policy rate hike

THE State Bank has raised its policy rate by 150bps to 13.75pc, hoping that its latest monetary-tightening action...
24 May, 2022

Questionable campaign

OVER the past couple of days, a number of cases have been registered in different parts of the country against...