A group of Digital media giants, Asia Internet Coalition (CIA), has raised different issues regarding the “Pakistan Draft Data Protection Bill 2023”.
According to the AIC, the passed bill no does not address the industry’s substantive concerns, which include stringent limitations on cross-border data flow and mandatory data localisation.
Jeff Paine, Managing Director of AIC, expressed his worries in a letter addressed to Aminul Haque, Federal Minister for Information Technology and Telecommunication, Ministry of Information Technology and Telecommunication (MoITT). Moreover, the letter was also forwarded to Me, Shehbaz Sharif.
Jeff Paine stated that Bills’ current points would negatively impact Pakistan’s economy. Not only this, but it will also severely impact the ability of foreign internet companies to trade with and operate in Pakistan.
In addition, he also said that “local Pakistani companies may lose access to cost-efficient global cloud services, making it less competitive, as they need substantial costs to operate and maintain servers.
Moreover, Paine further notified that AIC and its members had already approached and provided recommendations on the Personal Data Protection Bill 2023. The suggestions were moved by Senator Afnan Ullah Khan as a private member Bill before Pakistan’s Senate on 13th Feb 2023.
The letter identified 16 crore issues in the Bill significantly impacting Pakistan’s business environment and industry.
The issues mentioned in the Bill are the requirements to store personal data in Pakistan and the regulator’s power to expand on the list of what constitutes “sensitive personal data” prohibitions on various types of processing for the personal data of children.
In addition, the absence of “legitimate interest” as a legal basis for processing personal data and the regulator’s residual power to generate specific regulations for large data processors, along with other categories.
According to the reports, the letter also pointed out that protecting personal data is an essential factor that needs to be considered at a high level. At the same time, the AIC appreciates the opportunity to provide feedback on the Draft Bill.
AIC and his team members have closely worked on developing National Personal Data Protection policies and legislation.
They mentioned the efforts done by the government of Pakistan and MoITT. In contrast, they continue to be concerned about the cross-border transfer of “critical” and “sensitive” data.
Moreover, the AIC has requested an industry meeting to clearly understand the issue and priorities that are important to consider from the Bill.
However, other issues were also discussed in the meeting, such as collaboration and opportunities for consultation that can help the government to review Personal Data Protection 2023.
On the other hand, the team notes that the private member’s bill does not address earlier industry concerns. Cross-border data flow and mandatory data localisation are essential factors to consider.
The Bill imposes a broad data localisation necessary on all personal data.
“Every data fiduciary shall ensure that personal data is stored on a server or data centre in Pakistan”, states Section 30(1) of the Private Member’s Bill.
The Private Member’s Bill only permits cross-border transfer if it’s determined that the jurisdiction to which data is being exported offers equivalent protection, even though both the previous and the current MoITT Draft Bill provide different legal bases for such transfers.
Alas, the coalition has recommended reducing the requirement to store personal data on a data centre or a server in Pakistan under Section 30(1)of the Bill.
Read more:
Germany Will Block ChatGPT if Needed: Says Data Protection Chief