July 28, 2017 - Comments Off on Why Pakistan Badly Needs A Data Protection Law
Picture someone walking into your house, recording everything you have and do, with every action, gesture, conversation you’ve made or taken part in being filed away. This person then makes a list of everything you own, what you use them for, how often, and where you keep them. When you sit down to watch television or read a book, this person records it, noting what you like to watch or read. Send a text message to a friend, chat with someone over Whatsapp, place an order over the telephone? Recorded. Imagine this person taking snapshots of baby photos, and jotting down the brand of ice-cream you like. Now imagine that the stranger holds onto that information, to use against you in the future, or to sell it on to advertising companies to make a profit, without your knowledge or consent.
Scary to imagine, isn’t it? We don’t have to imagine it, however, as this already happens. It happens every day of week of the year – it’s probably happening right now, in the time it takes to get to the end of the sentence.
Whether one is an ordinary citizen or high-flying person of influence, anyone that accesses the internet in Pakistan has had their privacy breached. From the minute that your device connects to a Wifi network, whether you are at home, at work, or at a restaurant, any information you share is no longer yours, nor does it remain private. The government, multinational corporations – they have recorded all the data that is sent and received by you and millions of other internet users across the nation and across the globe.
This is all possible thanks to the digital footprint left by anyone that uses an internet connection. Just as movements in the real world can be easily traced, your internet activity creates a history, a register of all the websites you visit, the information you input, and the links you may click on. This information, which may also be shared via internet-connected mobile apps or services, can include sensitive data such as your medical history, political and religious views, sexual orientation, interests and hobbies. All of this, however, is readily available to and easily accessible by the same corporations whose websites and applications we use frequently.
If you use Google to search for a pair of shoes, for example, the advertisements or website that may pop up could be related to a particular shoe brand or retailer. Google sells over 20 petabytes (1 petabyte = 1,000,000,000,000,000 bytes) of personal user data to advertising companies each day, making up the majority of its overall revenue stream.
Some might argue that no harm is being done here, and that it doesn’t matter if other people have access to the your online information – perhaps having advertisements directed at you makes personal shopping et al more convenient. It may be that the information is the sort that you intended to be publicly available, such as a blog post. What these do not take into account, is what could happen to information that may have been shared privately or in confidence. Access to this information could provide harmful to you as an individual and would be a clear violation of your right to privacy Imagine your visa being rejected because of something you said to a friend online, or losing out on a job on the basis of your social media history or a Facebook ‘Like’ being used against you in a court of law as ‘evidence’ that you committed blasphemy.
These are tangible harms that can arise because your private information no longer remained private. Even though there is a real and factual difference between what constitutes public data on the internet and what constitutes private data, however, there are no rights to privacy for Pakistani citizens and no safeguards to stop this data from falling into the wrong hands. That is where data protection laws come in.
Just as there are laws in every country that protect the privacy and dignity of an individual in their own home, there should be rules in place that clearly define and demarcate what digital online data is to remain private and confidential, and what constitutes public domain. Interestingly, Article 14 of Pakistan’s constitution - which guarantees a person’s right to dignity and privacy in his/her own home - is almost identical to the article that has been used by the Council of Europe to grant digital data rights . There is international precedent to support the idea that the “dignity of man and the privacy of home” extends to the digital realm and yet there has been no attempt on behalf of the legislature to recognize the protections that we as citizens are entitled to.
A data protection law regulates, defines, limits and controls the type of data that can be stored, analyzed and processed by both public and private entities and the purposes and durations for which this information may be used. It acts as a safeguard against the misuse and mishandling of private data and provides citizens with a mode of accountability. It is a check on the processors of personal data and empowers the individual. This is both legitimate and important in a world where most of our communication is non-physical and almost all of our important information is on or between servers that exist virtually.
In other words it defines what constitutes private and confidential information online and what forms part of the public sphere. If a person browses the internet using their personal computer or mobile phone, they should feel secure that the information they share will not be recorded or used without their consent. This can only be achieved, however, once a proper legal framework is set in place to allow for their data rights to be exercised.
Author: Mehboob Khan
Published by: Digital Rights Foundation in Blog