KARACHI: A day after digital and human rights groups urged the government to protect the public’s right to privacy while adopting technological solutions to the Covid-19 outbreak, the authorities released a draft personal data protection bill for consultation.

In a press release issued on Friday, the Ministry of Information Technology and Telecommunication (MoITT) said it had formulated a draft ‘Personal Data Protection Bill, 2020’ as privacy of personal data of an individual had become more relevant and important than ever because of the increasing use of ICT (information and communications technology) services during the Covid-19 pandemic.

“In order to promote a broader collaborative process, the MoITT has placed the draft bill on its website for public opinion. The Ministry of IT and Telecom invites all the stakeholders to share their feedback on the aforesaid bill for further enhancements,” it said.

The bill is available to download from the IT ministry’s official website. According to details on the website, the stakeholders can share their feedback via email at info@moitt.gov.pk before May 15.

Rights groups want public’s right to privacy protected during Covid outbreak

However, MoITT secretary Shoaib Siddique told Dawn that there was no deadline for the consultation process at the moment and the process was open-ended for now. “We will decide the timeline for implementation depending on the feedback,” he said.

This is not Pakistan’s first data protection draft. In July 2018, the Ministry of Information Technology and Telecommunication had drafted the Personal Data Protection Bill, 2018, proposing maximum punishment of up to two years imprisonment and Rs5 million fine on unlawful processing of personal data.

According to the recent draft, the purpose of the legislation will be to govern the collection, processing, use and disclosure of personal data and to establish and making provisions about offenses relating to violation of the right to data privacy of individuals by collecting, obtaining or processing of personal data by any means.

The desired legal framework would clearly spell out the responsibilities of the data collectors and processors as well as rights and privileges of the data subjects along with institutional provisions for regulation of activities relating to the collections, storing, processing and usage of personal data.

Rights groups call for close introspection

Earlier on Thursday, digital and human rights groups in a joint statement to the government raised their concerns regarding the “excessive usage of digital surveillance measures” during the Covid-19 outbreak in the absence of a data protection law.

The groups urged the government to ensure that the use of technology in these times did not go unchecked, particularly by limiting the scope of data collection during the Covid-19 pandemic. The statement also requested the government to employ transparency in its process of collecting, storing and processing public data.

As the government has employed digital measures such as cell phone tracking for containing the virus, rights groups said it must ensure that the process of data collection during the coronavirus outbreak must be solely for the purpose of controlling the spread, and must, therefore, be time-bound.

The government must ensure that the collected data, and all of its copies, would be deleted within a given time frame, they said.

Following the IT ministry’s announcement for consultation on its draft bill, digital rights groups said they appreciated and welcomed the step to make data protection and privacy of citizens a priority.

“It is encouraging that the government is thinking about a data protection law that is long overdue in Pakistan. However, only a month for consultation when we are under lockdown makes the consultation process very rushed for a critical law,” Bolo Bhi’s director Usama Khilji told Dawn.

Mr Khilji said at a time when the government was mass tracking cell phones without any transparency or accountability, there was a greater need for conversation around protection of privacy rights.

Sharing concerns on the existing draft, he feared the law could be linked to the controversial online harms rules, especially Section 15 of the consultation draft.

According to Nighat Dad of the Digital Rights Foundation (DRF), the most prominent issue in the draft was the exemption and wide-ranging power given to the federal government under Sections 31 and 38.

“Given that the government bodies collect and process vast amounts of personal data, the bill will be rendered toothless in those contexts as it does not bring authorities under the ambit of the law,” she said while speaking to Dawn.

The rights groups also expressed concern that the data protection authority, proposed in the law, required multi-stakeholder members who were expected to be full time members of the commission.

“The PDPA authority to be created under the bill should be made firmly independent, which would be difficult given the provisions allowing the federal government to issue policy directives that they will have to comply with,” said Ms Dad.

“It would be wiser to have independent members rather than those paid by the state for this authority to ensure fairness, as is practice in the ombudsperson office,” added Mr Khilji.

Published in Dawn, April 11th, 2020