ISLAMABAD: The Asia Internet Coalition (AIC) comprising global digital media giants raised several questions on “Pakistan Draft Data Protection Bill 2023” while saying it does not address a majority of the industry’s substantive concerns such as stringent limitations on cross-border data flows and mandatory data localisation.

“In its current form, the Bill will have a negative impact on the ability of foreign internet companies to trade with and operate in Pakistan, hindering the country’s economic recovery and deterring foreign investment.

Local Pakistani companies may lose access to cost-efficient global cloud services making them less competitive as they incur substantial costs to operate and maintain servers,” said Jeff Paine Managing Director AIC in a letter addressed to Amin ul Haque, Federal Minister for Information Technology and Telecommunication.

Paine stated that on behalf of AIC and its members, they are submitting their recommendations on Draft Personal Data Protection Bill 2023, which was published by the Ministry of Information Technology and Telecommunication (MoITT), dated 19 May 2023.

There are four key issues with the latest Draft Personal Data Protection Bill 2023, released in May 2023 (the Bill): (1) the Bill mandates that critical personal data must only be processed in Pakistan (the Data Localisation requirement) and the definition of critical personal data is broadly defined such that it may negatively impact private companies; (2) the Bill introduces a requirement to share sensitive personal data with the Government; (3) the age of a child under the Bill should be thirteen, not eighteen; and (4) there should be a set maximum fine payable for breaches of the Bill.

“We find that the Draft Bill still does not address a majority of industry’s substantive concerns such as stringent limitations on cross-border data flows and mandatory data localisation, overbroad and vague definitions of key terms such as sensitive personal data and critical personal data, and globally divergent data subject rights, as well as, far-reaching powers of the Commission.

“These provisions fall short of international standards for data protection (such as GDPR) and will adversely impact Pakistani consumers and businesses,” he added.

He further stated that the protection of personal data is an important component of any privacy framework, and they appreciate the opportunity to provide feedback on the Draft Bill.

AIC and its members have worked closely with governments around the world in relation to the development of national personal data protection policies and legislation. “In doing so, we have witnessed first-hand the potential for such policies and legislation to effectively protect the privacy interests of citizens without hindering innovation and technological advancement.

We recognize the ongoing efforts of the Government of Pakistan and the Ministry of Information Technology and Telecommunications (“MOITT”) in further fine-tuning the draft legislation, but we continue to have concerns, particularly on cross-border transfer of “critical” and “sensitive” personal data,” the letter noted.

AIC requested for an industry meeting to better understand the views and priorities stemming from the Bill. “We also propose to discuss potential areas of collaboration, as well as, opportunities for consultation that can further assist the Government’s review of the Personal Data Protection Bill 2023. As such, we welcome a video conference meeting with you or your team at a date and time of your convenience”, the letter noted.

Copyright Business Recorder, 2023