The state of data protection law in Pakistan

The effect and influence of Europe's General Data Protection Regulation (GDPR) upon the data privacy laws of swathes of countries around the world cannot be overstated. While GDPR is definitely not perfect, the laws have undoubtedly set the gold standard internationally when it comes to designating protections over personal data, whilst remaining relatively effective in holding organisations to account for any wrongdoings.

As a result, many nations - from Brazil to the United States to India - have sought to enact their own all-encompassing privacy/data protection laws, to a varying degree of success. However, there are still many countries around the world that have not successfully implemented any GDPR-like regulation and are thus falling behind on the issue of data protection when compared to many of their international counterparts.

Falling into this category is Pakistan, which despite drafting a set of data governance laws in 2018 that were clearly inspired by Europe's in many ways, has not yet managed to ratify the regulation. In assessing the state of Pakistan's data protection law as it stands right now, we look back at what the country has had up until this point and what privacy experts are saying about the latest draft of its Personal Data Protection Bill (PDPB).

 

Pakistan's existing regulation

Up until a couple of years ago, Pakistan had only taken a few, more minor steps towards bringing in official regulation to protect the privacy of its citizens. In a basic form, article 14 of the country's constitution guarantees privacy as a fundamental constitutional right, taking precedence over any other provisions of domestic law, although this had little significance in the realm of data privacy. A bill was also drafted in 2005 by the Ministry of Information Technology and Telecommunication (MOITT) that looks to specifically address data protection, although it wasn't expressly written with individual privacy issues in mind and was never actually tabled in parliament.

So essentially, Pakistan had really been lacking any kind of comprehensive or substantial regulation that governed data privacy for a considerable period. However, in July of 2018, the country signalled that it would be getting serious about data privacy when MOITT introduced a draft Personal Data Protection Bill (PDPB), which was welcomed as a positive first step by privacy advocates. PDPB was envisioned as a comprehensive, federally mandated set of regulations governing the "processing, obtaining, holding, usage and disclosure of data relating to individuals."

To continue reading this article register now