The Asia Internet Coalition has submitted recommendations regarding the Pakistan Personal Data Protection Bill 2021 that was published on 25 August 2021 (the “Draft Bill”). The protection of personal data is an important component of any privacy framework, and we appreciate the opportunity to provide additional feedback on the Draft Bill. AIC and its members have worked closely with governments around the world in relation to the development of national personal data protection policies and legislation. In doing so, we have witnessed first-hand the potential for such policies and legislation to effectively protect the privacy interests of citizens without hindering innovation and technological advancement. We recognize the on-going efforts of the Ministry of Information Technology and Telecommunications (“MOITT”) in further fine-tuning the draft legislation, but we continue to have concerns, particularly on cross-border transfer of “critical” and “sensitive” personal data.
Properly constituted data protection legislation has the potential to provide reliable standards for businesses and consumers and ensure the secure and responsible handling of personal data. As Pakistan’s digital economy continues to grow, it is important that the country’s privacy laws take into consideration three key goals: (1) the value of data protection in enabling a dynamic digital economy that protects consumers and facilitates Pakistani enterprise; (2) the need to promote data-driven innovation; and (3) consistency with global standards for data protection, such as the European Union’s General Data Protection Regulation (“GDPR”), Organization for Economic Co-operation and Development (“OECD”) Privacy Principles, and Singapore’s Personal Data Protection Act (“PDPA”) (together, examples of “International Benchmarks”).