PAKISTAN Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, S.U.Khan Associates
2. Privacy Litigation 2.1 General Overview
3. Data Regulation on IoT Providers, Data Holders and Data Processing Services 3.1 Objectives and Scope of Data Regulation Currently, Pakistan does not have a specific, standalone regulation dedicated exclusively to governing the use of Internet of Things (IOT) ser - vices. However, the regulatory landscape indi - rectly addresses aspects of IOT services through broader frameworks that focus on data protec - tion, cybersecurity and telecommunications. Under the Draft Bill, data controllers and proces - sors are to abide by the following obligations while they process personal data: • obtaining consent for personal data process - ing; • a notice to the data subject of the personal data processing; • securing personal data; • non-disclosure of personal data; • a data retention policy; • protecting data integrity; • keeping a record of personal data processing; and • serving a personal data breach notification. The following rights are vested with data sub - jects under the Draft Bill: • right to access; • right to correction; • right to withdrawal of consent; • right to prevent processing likely to cause damage or distress; • right to erasure; • right to nominate in the event of death or dis - ability; • right to redressal for grievance; and
As the Draft Bill has not become law, no litigation has been forthcoming with respect to data priva - cy. However, the subject of privacy has been dis - cussed in various cases, and certain principles have been set forth considering the fundamental right to privacy enshrined in the Constitution. International developments have had no such impact on domestic litigation, owing to the non- existence of a law devoted to personal data pri - vacy. 2.2 Recent Case Law In Muhammad Rahmatullah v The State (2024 PCr.lj 1), while deciding an appeal against a bail petition, the Lahore High Court looked into the infringement of the privacy of the appellant/ accused. The Court held that extracting the information from the accused’s mobile without his consent went against the constitutional guar - antee of right to privacy. The Court held that, if the accused was not ready to provide such consent, at least permission from the magistrate should have been received. The Court further noted that “as a fundamental Constitutional right, the right to privacy is meant to take prec - edence over other inconsistent provisions of domestic law”. 2.3 Collective Redress Mechanisms A collective redress mechanism has not been provided for in the Draft Bill.
337 CHAMBERS.COM
Powered by FlippingBook