Monetary penalty up to Rs25 million recommended for unlawful personal data processing

Monetary penalty up to Rs25 million recommended for unlawful personal data processing

ISLAMABAD: The Ministry of Information Technology and Telecommunication (MoITT) has proposed a monetary penalty of up to Rs25 million for unlawful processing of personal data under the Personal Data Protection Bill, 2020. This significant step aims to safeguard individuals’ privacy and ensure compliance with data protection standards.

According to the draft bill, any individual or entity that processes, disseminates, or discloses personal data in violation of the law will face a fine of up to Rs15 million. For subsequent offenses, the fine may be increased to Rs25 million. In cases where sensitive data is involved, the penalty can reach up to Rs25 million for the first offense.

The necessity for robust data protection measures has become increasingly critical, particularly with the widespread use of information and communication technology (ICT) services during the COVID-19 pandemic. Recognizing this, the MoITT has formulated the Draft Personal Data Protection Bill 2020 and has released it for public consultation to foster a collaborative process and incorporate feedback from various stakeholders.

The Constitution of the Islamic Republic of Pakistan guarantees the right to privacy under Article 14, which underscores the importance of protecting personal data. The MoITT emphasized that the digitization of businesses and public services, which involves the processing of personal data, necessitates stringent data protection laws.

Technological advancements have facilitated the collection and processing of personal data in ways previously unimaginable. Personal data has become a valuable commodity, often being collected, processed, and sold without individuals’ knowledge. While some of this data is used for benign purposes like targeted advertising, it can also be exploited for malicious activities such as blackmail, behavior modification, and phishing scams.

To achieve the goal of comprehensive e-government services and ensure the confidentiality and integrity of government databases, it is crucial to protect users’ data from unauthorized access and misuse. The bill aims to enhance users’ confidence in the digital environment by providing remedies against the misuse of their personal data.

The proliferation of broadband technology, particularly with the introduction of 3G and 4G services in Pakistan, has increased reliance on digital platforms, making data protection even more essential.

The MoITT said although sector-specific frameworks and the Prevention of Electronic Crimes Act 2016 (Act No.XL of 2016) address some aspects of data protection, there is a pressing need for a comprehensive legal framework aligned with constitutional guarantees and international best practices.

The proposed legal framework by MoITT will delineate the responsibilities of data collectors and processors, outline the rights and privileges of data subjects, and establish institutional provisions for regulating data collection, storage, processing, and usage.

The MoITT invites all stakeholders to review the draft bill and provide feedback to ensure that the final legislation is robust, effective, and reflective of public and industry input. Protecting personal data is not only a constitutional imperative but also vital for fostering trust in digital services and ensuring legal certainty for businesses and public entities engaged in data processing activities.