IT ministry drafts bill for personal data protection
Uploads proposed legislation on website for public, stakeholder feedback
ISLAMABAD:
In today’s digital age, personal data has become an extremely valuable commodity and for many businesses the sole source of their income is the personal data of users they generate. Personal data is often collected, processed and even sold without the knowledge of the person it belongs to.
In some cases, such personal information is used for relatively less troublesome commercial purposes like targeted advertising. However, the data so captured or generated can be misused in many ways, including blackmailing, observing behavior modification and phishing scams.
Knowing the power of data and its other aspects like privacy, confidentiality and integrity, the Ministry of Information Technology (IT) and Telecommunication has prepared a draft bill seeking to ensure privacy of personal data of an individual.
The ministry has also put the proposed legislation on its website to invite public and the stakeholders to share their feedback on the bill for further enhancements in the future. The bill was drafted by officials of the ministry on direction of the Secretary Information Technology Shoaib Ahmad Siddiqui.
“Data, technology and accessibility have become more important in day-to-day personal and business activities,” Siddiqui said, adding that privacy of personal data has become even more relevant and important than ever before because of the increasing use of IT services in the current pandemic.
According to the ‘statement of objects’ of the draft, digitization of businesses and various public services employing modern computing technologies involve processing of personal data and the growth of technological advancements have not only made it easier to collect personal data but also enabled processing of personal data in so many ways that were not possible in the past.
“In order to realize the goal of full scale adoption of e-government and delivery of services to the people at their doorsteps, and increase users’ confidence in the confidentiality and integrity of government databases, it is essential that the users’ data is fully protected from any unauthorized access or usage and remedies are provided to them against any misuse of their personal data.”
Additionally, it said, accelerated increase in the use of broadband with the advent of 3G/4G in Pakistan led to an increasingly enhanced reliance on technology calling for the protection of people’s data against any misuse, thus maintaining their confidence in the use of new technologies without any fear.
Frameworks that provide for data protection already exist in Pakistan and the Prevention of Electronic Crimes Act, 2016 (Peca) specifically deals with the crimes relating to unauthorized access to data.
However, it read: “there is a need for putting in place a comprehensive legal framework in line with our Constitution and international best practices for personal data protection.”
The proposed law would provide legal certainty to the businesses and public functionaries with regard to the processing of personal data in their activities.
In addition, the desired legal framework would clearly spell out the responsibilities of the data collectors and processors as well as rights and privileges of the data subjects along with institutional provisions for the regulation of activities relating to the collections, storing, processing and usage of personal data.
In today’s digital age, personal data has become an extremely valuable commodity and for many businesses the sole source of their income is the personal data of users they generate. Personal data is often collected, processed and even sold without the knowledge of the person it belongs to.
In some cases, such personal information is used for relatively less troublesome commercial purposes like targeted advertising. However, the data so captured or generated can be misused in many ways, including blackmailing, observing behavior modification and phishing scams.
Knowing the power of data and its other aspects like privacy, confidentiality and integrity, the Ministry of Information Technology (IT) and Telecommunication has prepared a draft bill seeking to ensure privacy of personal data of an individual.
The ministry has also put the proposed legislation on its website to invite public and the stakeholders to share their feedback on the bill for further enhancements in the future. The bill was drafted by officials of the ministry on direction of the Secretary Information Technology Shoaib Ahmad Siddiqui.
“Data, technology and accessibility have become more important in day-to-day personal and business activities,” Siddiqui said, adding that privacy of personal data has become even more relevant and important than ever before because of the increasing use of IT services in the current pandemic.
According to the ‘statement of objects’ of the draft, digitization of businesses and various public services employing modern computing technologies involve processing of personal data and the growth of technological advancements have not only made it easier to collect personal data but also enabled processing of personal data in so many ways that were not possible in the past.
“In order to realize the goal of full scale adoption of e-government and delivery of services to the people at their doorsteps, and increase users’ confidence in the confidentiality and integrity of government databases, it is essential that the users’ data is fully protected from any unauthorized access or usage and remedies are provided to them against any misuse of their personal data.”
Additionally, it said, accelerated increase in the use of broadband with the advent of 3G/4G in Pakistan led to an increasingly enhanced reliance on technology calling for the protection of people’s data against any misuse, thus maintaining their confidence in the use of new technologies without any fear.
Frameworks that provide for data protection already exist in Pakistan and the Prevention of Electronic Crimes Act, 2016 (Peca) specifically deals with the crimes relating to unauthorized access to data.
However, it read: “there is a need for putting in place a comprehensive legal framework in line with our Constitution and international best practices for personal data protection.”
The proposed law would provide legal certainty to the businesses and public functionaries with regard to the processing of personal data in their activities.
In addition, the desired legal framework would clearly spell out the responsibilities of the data collectors and processors as well as rights and privileges of the data subjects along with institutional provisions for the regulation of activities relating to the collections, storing, processing and usage of personal data.