OPINION
Sehar Raothar
Why isn’t the PTA worried about the data of Pakistani citizens being misused?
data. A more comprehensive definition is that provided by the European Union’s General Data Protection Regulation (GDPR), which came into effect in April 2016. Personal data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online digital app like Chinese TikTok or Indian MX TAKATAK which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. As Pakistanis continue to use apps like these, the fear is that since governments often have strange level of control on apps running in their countries, As Pakistanis’ digital footprint grows, so they might try to use information gathered on the citizens of other countries for nefarious purposes. do the threats to the confidential details of As digital transformations take over government processes, its citizens. Without data protection laws almost each and every one of us has a digital footprint — whether in place, bad actors in India may be able to we notice it or not. Take, for example, the information entered into misuse Pakistani citizens’ private data that your Android phone. These details include your name, telephone number, addresses, etc. In a way, we voluntarily hand over personal they should not even have access to data with some degree of confidence that our details will not be used or abused. here was a time when linking to a national identity card But things do not always pan out that way. and a passport was the most popular and accessible A bigger moment of reckoning arrived recently when the FIA means to have private data stored in one place. And as announced that the data of millions of customers from “almost all” NADRA came into being, much of this, as well as data banks operating in the country was stolen and allegedly dumped on child registration certificates or family registration on the ‘dark web’ — a collection of websites that exist on an encertificates was computerized and added to a central crypted network and cannot be found by using traditional search storage. engines or visited by using traditional browsers. It was the biggest According to Privacy International, any data which can be used data breach to hit the banking industry in the country. According to identify an individual directly or indirectly can be termed personal to the FIA, an international company named Group-IB, which was working in Pakistan to prevent cyberattacks had discovered the payment details of 177,878 plastic cards from Pakistani and other international banks. None of the companies or organizations that had data leaks had to face any repercussions or even tough questions about putSehar Raothar ting sensitive user data at risk. There remains a lot of obscurity about whether proper mechanisms leads strategy for the BL are in place to prevent such incidents in the future and, for that matter, details about the nature of Group Of Companies and attacks and what is done to address them. In the absence of any legislation on data protection, a common citizen has no way to legally can be reached on sehar. ask questions from the government departments and private companies as to how and why their raothar@gmail.com data is being held, retained, processed, and shared. The first real debate about privacy and data protection after the telco and digital boom in Pakistan started in 2012 when the Pakistan Telecommunication Authority (PTA) ordered telecom
T 32
