‘Consumer data protection-Are we really safe?’

0
406
  • Big Brother is watching you

By: Arham Atiq

Although he lived in an era when the idea of infringement of privacy had not been conceived, George Orwell’s magnum opus 1984 took a daunting leap into a dystopian society where nothing was ever truly hidden. Seventy years later, the reality seems much closer to what should have been nothing more than fiction at best. The recent video leaks by a cinema in Lahore sparked a furious debate online about the privacy of individuals, with parties hitting at the breach of privacy and on the morality of being engaged in such ignominious acts in the first place. The videos recorded by the “self-proclaimed champions of moralities”– the cinema staff– showed couples engaged in intimate acts with the faces of the victims clearly discernible. Having remained a hot topic following the incident, the lack of government action or a committed resolve by the private institutions, Consumer Data Privacy fades into obscurity once again.

As a matter of fact, this is not something new. Extremely intimate photos were leaked in the past by safe city cameras of Lahore and Islamabad which also drew national attention, with critics pointing out how the right to privacy had been infringed by the very authorities that were appointed to protect it, but failed to elicit government action or counter-policy making.

Firms must be bound by law to ensure that the data of individuals is kept safe from hackers or malignant staff members, with an emphasis on compensation being provided to the affected customers. Frameworks must be put in place ensuring that the sensitive data is reserved exclusively to the office system and not kept in the personal possession of the staff

Furthermore, earlier in the year, customers were horrified when they saw notifications from Careem, a prominent ride hailing company, about breach of consumer data which resulted in hackers exploiting the personal data of up to 14 million customers and 558, 000 captains. Even more surprising was the fact that the notification came more than three months after the leak had happened, and even though the company maintains it did so to make sure it was providing the most accurate information before notifying people, the question of online security protrudes to the surface yet again. This year also witnessed the inability of banks to protect their customers’ information in face of the notorious bank leaks on the dark web. The first set of card dumps appeared on the dark web on 24 January 2019 and had details of 1535 cards of which Meezan Bank issued 1457. The second dump was even greater, featuring details of more than 67,654 cards. Each card was sold at $50 and also included the PIN code. Regrettably, events like these have had their fair share of spotlight until all settled quiet again without any potent measure being established to prevent future inconvenience. It is also important to note that despite enacting cyber-crime laws in 2016, Pakistan currently has no set of laws intended to secure consumer data privacy.

The leaks have come in direct violation of The Constitution which enshrines the right to privacy as a fundamental right. Article 14(1) of the Constitution confirms that “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable”. Furthermore, Article 18 of the Cairo Declaration on Human Rights in Islam (signed in August 1990) affirms that “everyone shall have the right to privacy in the conduct of his private affairs, in his home, among his family, with regard to his property and his relationships. It is not permitted to spy on him, to place him under surveillance or to besmirch his good name.”

In the light of the aforementioned circumstances, the government took some steps to combat the anomaly. A draft bill, the Personal Data Protection Bill, was presented before Parliament in 2018 with the motive of granting greater rights to the consumers. Unfortunately, the bill stands nowhere near its European corresponding law GDPR– General Data Protection Regulation– a hallmark in granting security over a broad spectrum of threats to one’s privacy online. The draft faces various shortcomings, notably the immunity granted to government institutions possessing vast amount of consumer data. Government institutions like NADRA have already faced various data leaks, some committed by their very staff members, which brings into question the accountability of the state and public institutions in charge of such sensitive data. The exemption provided to government institutions means that in the event of a data leak, state-owned institutions cannot be held responsible. Moreover, despite having addressed the issue of timeframe for data containment under section 9, which requires data to be held no longer than needed, the bill clashes with section 32 of Prevention Of Electronic Crimes mandating service providers to preserve data for a minimum of one year. Added to that, while the GDPR requires service providers to notify customers in event of any security breach, no such obligation is due under the drafted bill meaning customers may continue to be exploited without even knowing their privacy has been compromised.

Under such circumstances, the solutions tend to be multi-layered. Firms must be bound by law to ensure that the data of individuals is kept safe from hackers or malignant staff members, with an emphasis on compensation being provided to the affected customers. Frameworks must be put in place ensuring that the sensitive data is reserved exclusively to the office system and not kept in the personal possession of the staff. A comprehensive training of staff should be in place to ensure that their work is regulated by strictly professional behavior and that the data is not misused to satiate personal senses of morality or social expectations. The government should take the initiative by reconsidering the draft bill to make it better suit the needs of the modern day, taking inspiration from the GDPR to ensure the rights guaranteed to the people by the constitution of Pakistan and broadly categorized in the United Nations Human rights charter which Pakistan is a signee to.

The writer can be reached at [email protected].