ISLAMABAD: An SMS alerting you to numerous businesses in an area you have just moved into may at first glance appear to be a coincidence on part of mass spammers. But on closer inspection, it is more than just a random message, rather it is a gross violation of one’s privacy and the power of big data.
A new report has highlighted the growing concerns surrounding privacy and the misuse of personal and private data of citizens and grey areas in the legal framework which allow data to be leaked. It calls for the need of enacting a data protection law and setting up an independent authority to oversee data protection compliances.
The “Electronic Data Protection in Pakistan” report, based on findings from Bytes for All — a human rights organisation and a research think tank with a focus on information and communication technologies (ICTs), presents a comprehensive overview of existing legal frameworks pertaining to the right to privacy by both online and offline entities, a critique on Electronic Data Protection Bill (EDPB) 2005, global best practices on data protection and Pakistan as a case study.
The study also points out the loopholes and grey areas in the existing laws including those in the EDPB and suggests that a draft bill, if implemented in its current form, would fail to provide protection to private and personal data of the citizens.
The report pointed the US government’s sweeping monitoring programme SKYNET — unveiled by former National Security Agency (NSA) contractor Edward Snowden a few years ago. The programme was used by NSA to sift through data of millions of people identifying their habits and patterns which the coders of the algorithm arbitrarily decided were traits of terrorists. One prime example was a journalist who reported on terror groups in Pakistan.
The programme was also used to identify targets for drone strikes on civilians in Pakistan and Afghanistan, out of which many individuals were feared to have nothing to do with terrorism.
“Like it or not, our lives are increasingly linked with digital databases, where we leave our footprints, which can be misused by a host of actors including private companies and states,” said Bytes for All Country Director Shahzad Ahmad.
“At a time, when digital surveillance promotes Orwellian, STASI like oppression, there is a dire need for pro-people, human rights-based principles and practices, which protect citizens online and offline. This is particularly important in the case of Pakistan, where different citizens’ databases and safe city projects pose a serious threat to civil liberties,” he added.
The research underscores the need of establishing a system of accountability for data breaches applicable to big data repositories such as the National Database and Registration Authority (NADRA) and the Safe City projects, which are the largest repositories of biometric and facial imprints of Pakistani citizens.
“Pakistan is now in urgent need of data protection legislation that is not only intelligible but also fit for purpose,” notes the report.
“Countries that respect human rights, and adhere to the rule of law will be seen as progressive and as such favouring innovation and development. This, in turn, will open Pakistan to the outside world,” it recommended.
The report recommends incorporating principles of individual’s consent for processing data in any new legislation emphasising that it is crucial to state in an unambiguous and intelligible manner. Moreover, the requirement of consent and consent withdrawal should be part of any data collection process.
Published in The Express Tribune, January 31st, 2018.