In the online space, consumers may not be the king, but their data surely is, both for legitimate and illegitimate data scavengers! Therefore, securing and maintaining user trust is critical to the expansion of online economy, which has opened up quite a few avenues for entrepreneurship, innovation and value addition at home. Pakistan’s is a low-trust market, so online platforms will need to be vigilant with users’ data privacy.

In that vein, episodes such as data breach at Careem, reported over a fortnight ago, do not help. It’s already damaging that the ride-hailing service sat, for three months, on the fact that personal data of some 14 million of its users had been hacked. More alarming is that the company didn’t tell which markets and users were particularly affected or where the hacked info had ended up.

The ensuing silence over this matter by local authorities suggests that users of online economy are pretty much on their own. Instead of accepting full responsibility for the data loss or compensating users who were exposed, Careem could only offer users an advisory on password management. A petition was filed in the Lahore High Court against the company, but so far there has been no progress.

The issue of consumer protection, of which users’ data privacy is an integral part, needs prompt attention. Users cannot be reasonably expected to decipher the entire online fine-print of terms & conditions and privacy policies. And due to the tech giants’ “all-or-nothing” approach towards which personal data they can track, keep and share with third parties, even the discerning customers have no choice but to join the ubiquitous platforms, or else feel left out. Currently, a vacuum exists in Pakistan as to which regulatory body should oversee online space, where e-commerce players (like Daraz, Home shopping and Yayvo), on-demand services (like Careem, Uber, Foodpanda, etc.), and several other intermediary platforms (e.g. OLX, PakWheels and Rozee) operate. After all, this space cuts across tech, finance and commerce. An E-commerce policy, which has long been in the works, is yet to come out.

Onto the next government passes the job of protecting consumers online. Data protection regulations need to be put in place to safeguard online users as well as address culpability of firms that fail to protect their users’ data. After such data breaches, in Pakistan and elsewhere, online companies are learning that they can get over such episodes with little to no reputational damage. This will hurt the online ecosystem going forward.