What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Pakistan does not currently have an overarching personal information protection law. The Constitution of the Islamic Republic of Pakistan gives individuals the right to the privacy of home and the dignity of man (Art 14(1)). Case law interprets this right to include data information and privacy.
In May 2020, the draft Personal Data Protection Bill 2020 (Bill 2020) was published, and in November 2021 it was reintroduced as the updated Personal Data Protection Bill 2021 (Bill 2021). If the Bill passes, it will come into force between one and two years after approval.
The Prevention of Electronic Crimes Act 2016 (Act No. XL of 2016) (PECA) addresses crimes relating to unauthorized access to data.
In addition, there is some sector-specific legislation relating to data protection. For example, the Payment Systems and Electronic Funds Transfers Act 2007, provides for the secrecy of financial institutions and protection of customer information.
There is no overarching authority relating to personal data protection. If the Personal Data Protection Bill 2021 passes, the Personal Data Protection Authority of Pakistan would be responsible for data protection.