AGL 40.00 Decreased By ▼ -0.16 (-0.4%)
AIRLINK 129.53 Decreased By ▼ -2.20 (-1.67%)
BOP 6.68 Decreased By ▼ -0.01 (-0.15%)
CNERGY 4.63 Increased By ▲ 0.16 (3.58%)
DCL 8.94 Increased By ▲ 0.12 (1.36%)
DFML 41.69 Increased By ▲ 1.08 (2.66%)
DGKC 83.77 Decreased By ▼ -0.31 (-0.37%)
FCCL 32.77 Increased By ▲ 0.43 (1.33%)
FFBL 75.47 Increased By ▲ 6.86 (10%)
FFL 11.47 Increased By ▲ 0.12 (1.06%)
HUBC 110.55 Decreased By ▼ -1.21 (-1.08%)
HUMNL 14.56 Increased By ▲ 0.25 (1.75%)
KEL 5.39 Increased By ▲ 0.17 (3.26%)
KOSM 8.40 Decreased By ▼ -0.58 (-6.46%)
MLCF 39.79 Increased By ▲ 0.36 (0.91%)
NBP 60.29 No Change ▼ 0.00 (0%)
OGDC 199.66 Increased By ▲ 4.72 (2.42%)
PAEL 26.65 Decreased By ▼ -0.04 (-0.15%)
PIBTL 7.66 Increased By ▲ 0.18 (2.41%)
PPL 157.92 Increased By ▲ 2.15 (1.38%)
PRL 26.73 Increased By ▲ 0.05 (0.19%)
PTC 18.46 Increased By ▲ 0.16 (0.87%)
SEARL 82.44 Decreased By ▼ -0.58 (-0.7%)
TELE 8.31 Increased By ▲ 0.08 (0.97%)
TOMCL 34.51 Decreased By ▼ -0.04 (-0.12%)
TPLP 9.06 Increased By ▲ 0.25 (2.84%)
TREET 17.47 Increased By ▲ 0.77 (4.61%)
TRG 61.32 Decreased By ▼ -1.13 (-1.81%)
UNITY 27.43 Decreased By ▼ -0.01 (-0.04%)
WTL 1.38 Increased By ▲ 0.10 (7.81%)
BR100 10,407 Increased By 220 (2.16%)
BR30 31,713 Increased By 377.1 (1.2%)
KSE100 97,328 Increased By 1781.9 (1.86%)
KSE30 30,192 Increased By 614.4 (2.08%)

ISLAMABAD: The Asia Internet Coalition (AIC) comprising global digital media giants raised several questions on “Pakistan Draft Data Protection Bill 2023” while saying it does not address a majority of the industry’s substantive concerns such as stringent limitations on cross-border data flows and mandatory data localisation.

“In its current form, the Bill will have a negative impact on the ability of foreign internet companies to trade with and operate in Pakistan, hindering the country’s economic recovery and deterring foreign investment. Local Pakistani companies may lose access to cost-efficient global cloud services making them less competitive as they incur substantial costs to operate and maintain servers,” said Jeff Paine Managing Director AIC in a letter addressed to Amin ul Haque, Federal Minister for Information Technology and Telecommunication. A copy of the letter is also forwarded to Prime Minister Shehbaz Sharif.

MD stated on behalf of the AIC and its members, recommendations were submitted on Personal Data Protection Bill 2023, which was moved by Senator Afnan Ullah Khan as a Private Member Bill before the Pakistani Senate on 13 February 2023 (the Bill).

There are 16 core issues which have been identified in the Bill. Out of these 16 issues, the issues that have a material impact on the industry and business operations in Pakistan include: (1) the requirement to store personal data in Pakistan; (2) the regulator’s power to expand on the list of what constitutes “sensitive personal data” and impose further conditions for the processing of sensitive personal data; (3) prohibitions on certain types of processing for personal data of children; (4) the absence of “legitimate interest” as a legal basis for processing personal data; and (5) the regulator’s residual power to formulate specific regulations for “big/large data fiduciary/processors, along with other categories”, the letter read.

“We find that the Draft Bill still does not address a majority of industry’s substantive concerns such as stringent limitations on cross-border data flows and mandatory data localization, overbroad and vague definitions of key terms such as sensitive personal data and critical personal data, and globally divergent data subject rights, as well as far-reaching powers of the Commission.

These provisions fall short of international standards for data protection (such as GDPR) and will adversely impact Pakistani consumers and businesses.

In its current form, the Bill will have a negative impact on the ability of foreign internet companies to trade with and operate in Pakistan, hindering the country’s economic recovery and deterring foreign investment. Local Pakistani companies may lose access to cost-efficient global cloud services making them less competitive as they incur substantial costs to operate and maintain servers,” MD added.

The letter further noted that the protection of personal data is an important component of any privacy framework, and we appreciate the opportunity to provide feedback on the Draft Bill. AIC and its members have worked closely with governments around the world in relation to the development of national personal data protection policies and legislation.

In doing so, we have witnessed first-hand the potential for such policies and legislation to effectively protect the privacy interests of citizens without hindering innovation and technological advancement.

We recognize the on-going efforts of the Government of Pakistan and the Ministry of Information Technology and Telecomm-unications (MOITT) in further fine-tuning the draft legislation, but we continue to have concerns, particularly on cross-border transfer of “critical” and “sensitive” personal data.

The AIC requested for an industry meeting to better understand the views and priorities stemming from the Bill.

This introductory meeting can also discuss potential areas of collaboration as well as opportunities for consultation that can further assist the government’s review of the Personal Data Protection Bill 2023. MD also welcomed a video conference meeting with the minister and his team.

The Coalition noted that the Private Member’s Bill does not address earlier industry concerns such as stringent limitations on cross-border data flows and mandatory data localisation. The Bill appears to impose a broad data localisation mandate on all personal data.

Section 30(1) of the Private Member’s Bill reads: “Every data fiduciary shall ensure personal data is stored on a server or data centre based in Pakistan.” While both previous and the latest MOITT Draft Bill provide certain additional legal bases for the cross-border transfer of personal data (e.g. explicit consent/binding contracts/international cooperation), the Private Member’s Bill only enables cross-border transfer if it is determined that the jurisdiction to which data is being exported offers equivalent protection.

The Coalition recommended for removing the requirement to store personal data on a server or data centre in Pakistan under Section 30(1) of the Bill; and b. remove the prohibition on the transfer of critical personal data and “some components of sensitive personal data” outside of Pakistan under Section 31 of the Bill.

Copyright Business Recorder, 2023

Comments

Comments are closed.