October 17, 2017 - Comments Off on Digital Rights Foundation in Hong Kong: Conversations on Data Protection, Gender, and Privacy
Late last month, Digital Rights Foundation was in Hong Kong, taking part in two events concerning privacy - the 39th International Conference of Data Protection and Privacy Commissioners (ICDPPC), and the 3rd Edition of the Privacy, Personality and Flows of Information (PPFI) workshop conference. DRF took part in a panel on Gender and Privacy in Asia at the PPFI workshop.
What is the ICDPPC & why did we go?
Inaugurated in 1979, the ICDPPC, according to Access Now, is a “forum which brings together a membership of 100 data protection authorities (DPAs) from more than 70 countries across the globe” with the decisions made at the forum being “influential” as “they shape data protection policy globally by providing guidance and tools for DPAs to fulfill their mandates.”
As we have highlighted through our advocacy campaigns and articles, Pakistan does not have data protection authorities or indeed data protection legislation, despite an overly broad cybercrime law - the Prevention of Electronic Crimes Act, passed in August 2016 - and a desire to be a new South Asian tech hub. DRF has been pushing for data protection provisions in the PECA both prior to and after its passage, to ensure that the private data of Pakistani citizens is protected. We went to Hong Kong to discern current global trends concerning data privacy, the nuances in a world where governments demand more surveillance and data retention powers, and what it all means for human rights, particularly in the Global South. The Office of the Privacy Commissioner for Personal Data, the DPA for Hong Kong, hosted this year’s forum, with the theme “Connecting West with East in Protecting and Respecting Data Privacy.”
The ICDPPC being held in Hong Kong is an interesting choice of location, given the Chinese government’s interest in bringing Hong Kong judiciary et al in line with Beijing, something that has given independence and civil rights activists and lawyers concern. Given that the Government of Pakistan has signed up to be part of CPEC, as well as Shenzen-based Huawei being given the contract for Pakistan’s ambitious Safe Cities project, Digital Rights Foundation and other rights organisations should share that concern as well with the citizens of Pakistan.
At the ICDPPC there were recurring conversations being held, including: Internet of Things (IoT), the impact of data collection by Facebook, et al on personal privacy across international borders, biotech, the European Union’s General Data Protection Regulation (GDPR, to come into effect early 2018), and the evergreen concern of security versus privacy. There were calls by panelists at the ICDPPC to respect the necessity of strong encryption protocols, even in the face of calls by politicians for a loosening of encryption - e.g. the UK and US government calling for “backdoors” into encryption software and encrypted messengers such as WhatsApp.
Legislation as it stands in Pakistan does not permit encryption without prior permissions from and application to regulatory bodies, specifically the Pakistan Telecommunication Authority. Article 4 of the 2010 Monitoring and Reconciliation of Telephone Traffic Regulations (MTTR) requires that network operators allow for the monitoring and recording of real-time traffic both by and to be forwarded to the PTA. In July 2011 the PTA directed that encryption software and mechanisms that in its eyes contravene Article 4 of the MTTR to be banned. This condition of the PTA - which technically means that WhatsApp is some ways prohibited, yet widely used in Pakistan - is also one that a proposed digital protection authority and legislation in Pakistan may come up against, which in in turn is why the latter two are necessary, more now than ever.
What DRF hoped to see was more civil society involvement at the ICDPPC, with their concerns taken onboard. While there were civil society panelists - such as DRF partner Privacy International - the role of civil society in the development and larger discussions by the DPAs did not appear to be a large one.
Following the ICDPPC, DRF took part in the 3rd Edition of the Privacy, Personality and Flows of Information (PPFI) workshop conference, co-organised by the Office of the UN Special Rapporteur, Digital Asia Hub, and the University of Hong Kong. The workshop focused on Asian perspectives for privacy as a global human right, with us taking part in a panel that focused on Gender and Privacy in Asia.
An interesting observation by other participants - which also factored into our involvement on the panel - was the recurring trend of “honour” or “shame” being at the heard of privacy violation in Asian societies. A number of Asian countries, including Pakistan, do not have a word that directly translates into “privacy”, with some, such as Pakistan having synonyms for “personal”, which is telling in of itself.
DRF discussed what we observed through our training sessions and via our cyber harassment helpline, wherein the theft (and in some cases manipulation) of personal data would lead to young women being blackmailed, or else the perpetrators threatened to release their personal information to their families. It is the the fear of the latter, and how the family may react, that leads many victims to not come forward. When or if they do, however, there has been noticeable victim-blaming, even by officers of government authorities such as the Federal Investigation Agency, leading to further discouragement and disillusionment.
A key focus of our panel participation was the tragic case study of Qandeel Baloch, the Pakistani social media personality, on whom the Guardian had recently released a short documentary earlier last month. We highlighted that overarching patriarchal sensitivity and misogynist attitudes led to her personal information - her Pakistani passport and national ID card - being broadcast by media outlets, and journalists - some of whom whose own privacy had been attacked by the government - tweeting out her personal details. These directly led to her murder by her brother. What happened to Qandeel Baloch was, for lack of a better word, a perfect case study for the need for data protection legislation in Pakistan.
Written by Adnan Chaudhri