PAKISTAN Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, S.U.Khan Associates
3.3 Rights and Obligations Under Applicable Data Regulation Please see 3.1 Objectives and Scope of Data Regulation . 3.4 Regulators and Enforcement The Draft Bill provides for the establishment of the NCPDP. The NCPDP shall be responsible for: • protecting the interests of individuals; • enforcing protection of personal data; • preventing any misuse of personal data; • promoting awareness of data protection; and • addressing complaints. See further details in 1.2 Regulators . The Draft Bill does not specifically address requirements regarding the use of cookies; however, it has laid down the basic principles for processing, such as purpose specification, limitation, lawfulness, transparency, data reten - tion, etc. These needs to be followed by data controllers and processors while using cookies. 4.2 Personalised Advertising and Other Online Marketing Practices The Protection from Spam, Unsolicited, Fraud - ulent and Obnoxious Communication Regu - lations, 2009 require all operators (holding a licence from the PTA) to establish a standard operating procedure (duly approved by the PTA) to control spamming. Similarly, all operators are required to develop a standard operating procedure for controlling unsolicited calls. The operators are also required to establish a consolidated “Do Not Call Reg - 4. Sectoral Issues 4.1 Use of Cookies
• right to data portability and automated pro - cessing. The PTA has issued guidelines for the deploy - ment of advanced technologies such as 5G, which are critical for IOT scalability. The Pakistan Telecommunication (Re-organiza - tion) Act, 1996 regulates the telecommunica - tions sector, which provides the infrastructure for IOT services. The PECA ensures that IOT devices and net - works are protected against hacking, data breaches and unauthorised access. 3.2 Interaction of Data Regulation and Data Protection Data regulation encompasses the legal and policy frameworks that govern the use, storage, transfer and management of data across vari - ous sectors. In contrast, data protection require - ments are focused on safeguarding individuals’ personal and sensitive information from misuse, upholding privacy rights and ensuring account - ability for data controllers and processors. The interplay between these domains is rooted in the necessity to align data regulation frame - works with data protection principles rather than allowing them to conflict. Regulatory bodies such as the PTA and the SBP monitor compliance with data regulations within their domains. The NCPDP, once operational, will oversee com - pliance with the Draft Bill, impose penalties for violations and manage grievances.
338 CHAMBERS.COM
Powered by FlippingBook