Monetary penalty up to Rs25 million recommended for unlawful personal data processing

Monetary penalty up to Rs25 million recommended for unlawful personal data processing

ISLAMABAD: An amount up to Rs25 million has been recommended as monetary penalty for unlawful processing of personal data under Personal Data Protection Bill, 2020.

According to the bill anyone who processes or cause to be processed, disseminates or discloses personal data in violation of any of the provisions of this law shall be punished with fine up to Rs15 million and in case of a subsequent unlawful processing of personal data, the fine may be raised up to Rs25 million.

In case the offence committed relates to sensitive data the offender may be punished with fine up to Rs25 million.

The Ministry of IT have formulated the Draft Personal Data Protection Bill 2020 as privacy of personal data of an individual has become more relevant and important than ever before because of increasing use of ICT services in view of pandemic (COVID-19).

In order to promote a broader collaborative process, MoITT has issued the draft Bill for public opinion.

Ministry of IT & Telecom invites all the stakeholders to share their feedback on the aforesaid bill for further enhancements.

The Constitution of the Islamic Republic of Pakistan guarantees privacy of home alongside dignity of every man and woman as their fundamental right under its Article 14.

The ministry said that digitization of businesses and various public services employing modern computing technologies involves processing of personal data.

The growth of technological advancements have not only made it easier to collect personal data but also enabled processing of personal data in so many ways that were not possible in the past.

“In today’s digital age, personal data has become an extremely valuable commodity and for many businesses the sole source of their income is the personal data of users they generate,” it said.

The personal data is often being collected, processed and even sold without knowledge a person, it added.

In some cases, such personal information is used for relatively less troublesome commercial purposes e.g. targeted advertising etc. However, the data so captured or generated can be misused in many ways e.g. blackmail, behavior modification, phishing scams etc.

In order to realize the goal of full scale adoption of e-government and delivery of services to the people on their doorsteps, and increase users’ confidence in the confidentiality and integrity of government databases, it is essential that the users’ data is fully protected from any unauthorized access or usage and remedies are provided to them against any misuse of their personal data.

Additionally, accelerated increase in the use of broadband with the advent of 3G/4G in Pakistan led to an increasingly enhanced reliance on technology calling for protection of people’s data against any misuse, thus maintaining their confidence in the use of new technologies without any fear.

Whereas sectoral arrangements/frameworks exist in Pakistan that provide for data protection and Prevention of Electronic Crimes Act 2016 (Act No.XL of 2016) deals with the crimes relating to unauthorized access to data, there is a need for putting in place a comprehensive legal framework in line with our Constitution and international best practices for personal data protection.

Protecting personal data is also necessary to provide legal certainty to the businesses and public functionaries with regard to processing of personal data in their activities.

The desired legal framework would clearly spell out the responsibilities of the data collectors and processors as well as rights and privileges of the data subjects along with institutional provisions for regulation of activities relating to the collections, storing, processing and usage of personal data.