Download This PaperPakistan's Data Privacy Bill: Dpa Will Have Powers, But Lack Independence
(2020) 165 Privacy Laws & Business International Report 20-23
6 Pages Posted: 17 Sep 2020
Date Written: June 5, 2020
Abstract
Pakistan's draft Personal Data Protection Bill 2020 (PDPB) was released for consultation by the IT Ministry on 9 April 2020. This article considers the main features of the Bill, and in particular the extent to which it is influenced by the EU’s GDPR. The content of the rights and obligations in the Bill show many EU influences, though closer to the standards of the 1995 Directive than the stronger GDPR provisions. Chinese influence is also present in data localisation provisions.
The government is required to establish a Personal Data Protection Authority of Pakistan (PDPAP). Its structure and powers are the most contentious aspect of the Bill.Civil society NGOs criticise the proposed DPA as too powerful and not independent enough.
This Bill has the ingredients to give Pakistan a data privacy law of medium strength (in both principles and enforcement) by international standards. However, these benefits are undermined by a data protection authority lacking some key elements of independence, and a combination of it and the government having between them far too much discretionary power.
Keywords: privacy, data protection, Pakistan, Asia, GDPR
Suggested Citation: Suggested Citation