Privacy Law at Pakistan
Pakistan's data protection landscape is evolving with the introduction of the Personal Data Protection Bill, 2023, which aims to establish a comprehensive framework for safeguarding personal data and privacy.
Key Provisions of the Personal Data Protection Bill, 2023
1. *Establishment of the National Commission for Personal Data Protection (NCPDP)
The bill proposes the creation of the NCPDP, a regulatory body responsible for overseeing data processing activities, ensuring compliance, and protecting individuals' privacy right.
2. *Individual Rights
Individuals are granted several rights concerning their personal data, including:
Right to Access Obtain copies of personal data held by data controller.
Right to Rectification Request corrections to inaccurate or incomplete data.
Right to Erasure Request deletion of data under certain condition.
Right to Restrict Processing Limit the processing of personal data.
Right to Data Portability Transfer data to another controlle.
Right to Object Object to data processing based on legitimate interest.
3. *Obligations of Data Controllers and Processors
Entities handling personal data must.Implement appropriate security measures to protect data. Notify the NCPDP and affected individuals within 72 hours of a data breach.Obtain explicit consent from individuals before processing sensitive data. Ensure that critical personal data is stored and processed within Pakistan's border.
4. *Penalties for Non-Compliance
Violations of the bill's provisions may result in fines, with penalties escalating based on the severity of the breach:
Non-sensitive Data Up to $125,00.
Sensitive Data Up to $500,00.
Critical Data Up to $1,000,00.
Non-compliance with Security Measures Up to $50,00.
Failure to Comply with Commission Orders Up to $50,00.
5. *Cross-Border Data Transfers
The bill imposes restrictions on transferring personal data outside Pakistan. Transfers are permitted only in the destination country provides an adequate level of data protection. There is explicit consent from the data subject. Necessary safeguards, such as binding agreements, are in place.he transfer does not conflict with Pakistan's public interest or national security.
⚖️ Industry Concerns and Criticisms
The bill has faced criticism from various stakeholders, including international companies and privacy advocate:
Mandatory Data Localization The requirement to store critical personal data within Pakistan's borders has raised concerns about increased operational costs and potential barriers to international busines.
Broad Definitions Terms such as "critical personal data" and "sensitive data" are broadly defined, leading to uncertainties regarding compliance obligation.
Government Access Provisions allowing government access to sensitive data have been criticized for lacking sufficient safeguards against potential misuse.
Enforcement Powers The bill grants extensive powers to the NCPDP, including the authority to impose substantial fines, which some argue could be exercised arbitrarily.
📌 Summar
Pakistan's Personal Data Protection Bill, 2023, represents a significant step toward enhancing data privacy and protection. While it aims to align with international standards, the bill's provisions on data localization, government access, and enforcement powers have sparked debate among industry stakeholders. As the legislative process progresses, it will be crucial to address these concerns to balance privacy protection with economic and operational consideratios.
0 comments