How to Legally Protect Your Mobile Data in Pakistan: Know Your Privacy Rights

Learning and Resources
1

Mobile data has become an indispensable part of modern life, with smartphones serving as repositories of personal, financial, and professional information. In Pakistan, the legal landscape provides a framework for safeguarding this data. This article will provide a detailed explanation of these protections, including the relevant laws, practical steps to secure your rights, necessary documentation, and pertinent case laws.

Relevant Laws and Statutes

Several laws in Pakistan address the protection of mobile data, focusing on unauthorized access, data interception, and privacy rights:

  • The Prevention of Electronic Crimes Act, 2016 (PECA): This is the primary legislation concerning electronic crimes in Pakistan. PECA addresses various offenses related to mobile data, including:
    • Section 3: Unauthorized Access to Information System or Data: Penalizes unauthorized access to any information system or data with dishonest intention.
    • Section 4: Unauthorized Copying or Transmission of Data: Addresses the unauthorized copying or transmission of data with dishonest intention.
    • Section 16: Unauthorized Use of Identity Information: Concerns the unauthorized acquisition, sale, possession, transmission, or use of another person’s identity information.
    • Section 17: Unauthorized Issuance of SIM Cards: Addresses the illegal sale or provision of SIM cards without proper verification.
    • Section 19: Unauthorized Interception: Deals with the unauthorized interception of any transmission that is not intended to be public.
    • Section 31: Expedited Preservation and Acquisition of Data: It allows authorized officers to acquire and preserve specific data required for criminal investigations
    • Section 32: Retention of Traffic Data: Requires service providers to retain traffic data for a minimum period.
    • Section 33: Warrant for Search or Seizure: It allows authorized officers to search premises to get data for criminal investigations after getting warrant from court.
    • Section 34: Warrant for Disclosure of Content Data: Allows Courts after reviewing the case to order information system controller to provide data to authorized officers.
  • The Pakistan Telecommunication (Re-organization) Act, 1996: This act provides regulatory framework for telecommunication services in Pakistan.
    • Section 21: Exclusive power of the Authority to grant licenses: Grants PTA exclusive power for licensees to comply with the rules.
  • The National Database and Registration Authority Ordinance, 2000:
    • Section 29: Security, secrecy, etc. of data not to be breached: Protects the data collected by NADRA and prevents unauthorized use or breach.
  • The Electronic Transactions Ordinance, 2002:
    • This ordinance provides legal recognition to electronic documents and transactions
    • Section 5 and 6: It defines the data retention and originality that has to be followed by service providers.
  • The Criminal Laws (Amendment) Act, 2023:
    • Section 22C: Use of information system for kidnapping, abduction, or trafficking of minors: Penalizes contacting a minor for the intent of kidnapping, abducting, or trafficking.

Steps to Secure Your Rights

To legally protect your mobile data in Pakistan, consider the following steps:

  1. Use Strong Passcodes: Set strong, unique passwords for your mobile devices and online accounts.
  2. Enable Encryption: Utilize encryption features on your smartphone to protect data at rest.
  3. Secure Your SIM Card: Ensure your SIM card is registered under your name and report any unauthorized use immediately.
  4. Be Cautious with Apps: Only download apps from trusted sources and review their permission settings.
  5. Monitor Data Usage: Keep an eye on your data usage to detect any unusual activity that may indicate unauthorized access.
  6. Use VPNs: Utilize Virtual Private Networks (VPNs) to encrypt your internet traffic, especially on public Wi-Fi networks.
  7. Keep Software Updated: Regularly update your device’s operating system and apps to patch security vulnerabilities.
  8. Report Cybercrimes: Report any incidents of cybercrime to the relevant authorities, such as the Federal Investigation Agency (FIA).
  9. Awareness and Education: Stay informed about the latest cyber threats and security measures. Educate family members and colleagues about safe mobile practices.
  10. Service Provider Agreements: Review the terms and conditions of your mobile service provider to understand their data protection policies and practices.

Required Documents and Evidence

If your mobile data is compromised, gathering the following documents and evidence is crucial for legal recourse:

  1. Mobile Phone Records: Obtain call logs, SMS records, and data usage history from your service provider.
  2. Screenshots: Take screenshots of any unauthorized access, data breaches, or cyber stalking incidents
  3. Cybercrime Reports: File a formal cybercrime complaint with the FIA or local police, keeping a copy of the report.
  4. Service Provider Correspondence: Save any communication with your mobile service provider regarding the data breach.
  5. Financial Records: If financial information was compromised, collect bank statements and credit card transaction records.

Case Laws

While specific case laws directly addressing mobile data protection are still evolving in Pakistan, several judgments provide relevant context:

  • Pakistan Mobile Communication Ltd. v. Judge Consumer Court (2016 CLC Note 1): This case highlights the importance of producing documents in consumer protection cases, which can be relevant in disputes involving mobile data breaches.
  • Human Rights Case No.18877 of 2018 (PLD 2019 Supreme Court 645): This case examined the Supreme Court’s role in intervening in matters of taxation related to mobile phone usage, underscoring the importance of protecting citizens’ fundamental rights.
  • CM PAK LIMITED Versus PAKISTAN TELECOMMUNICATION AUTHORITY (PLD 2018 Islamabad 243): This case emphasizes the PTA’s limitations in suspending mobile services and protects service providers and customers from arbitrary suspensions based on security concerns.
  • Dr. SHAHNAWAZ MUNAMI and others Versus The FEDERAL GOVERNMENT OF PAKISTAN and others (2020 SCMR 1713): This case is related implementing rehabilitation and employment laws.

Conclusion

Protecting your mobile data in Pakistan requires a combination of legal awareness, proactive security measures, and diligent documentation. By understanding the relevant laws, taking steps to secure your data, and knowing how to report incidents, you can safeguard your privacy and seek legal remedies if your rights are violated. The legal landscape is continuously developing, so staying informed about the latest legislative changes and case laws is essential.

Relevant Judgments and Statutes

  • Pakistan Mobile Communication Ltd. v. Judge Consumer Court, 2016 CLC Note 1: This judgment clarifies the procedure for challenging interim orders of the Consumer Court under the Punjab Consumer Protection Act, 2005, emphasizing the maintainability of a constitutional petition. It’s applicable as mobile data breaches often lead to consumer complaints.
  • Human Rights Case No.18877 of 2018, PLD 2019 Supreme Court 645: This case underscores the balance between taxation and protecting the fundamental rights of citizens concerning mobile phone usage. It is relevant as it addresses the constitutional dimensions of mobile user rights.
  • CM PAK LIMITED Versus PAKISTAN TELECOMMUNICATION AUTHORITY, PLD 2018 Islamabad 243: This judgment clarifies the scope of powers of the Federal Government and PTA regarding the suspension of cellular services, restricting it to situations explicitly outlined in Pakistan Telecommunication (Reorganization) Act 1996, particularly sections 7, 8, 23(2)(c)(ii) & 54(3). It’s relevant as it addresses the privacy and consistent use of communication services
  • Dr. SHAHNAWAZ MUNAMI and others Versus The FEDERAL GOVERNMENT OF PAKISTAN and others, 2020 SCMR 1713: This judgment reinforces the commitment to uphold the fundamental rights of persons with disabilities and provides specific directions for the Federal and Provincial Governments to improve their welfare by collection of data. This can be relevant in understanding the role of federal and provisional government
  • The Prevention of Electronic Crimes Act, 2016: Sections 3, 4, 16, 17, 19, 31, 32, 33, and 34 define and penalize various electronic crimes related to data access, transmission, identity theft, and interception. This is foundational for understanding legal protections.
  • Section 21, The Pakistan Telecommunication (Re-organization) Act, 1996: States that the power to grant licenses lays with the Authority and compliance with the rules. It’s relevant as compliance to PTA rules is key for the legal process.
  • Section 29, The National Database and Registration Authority Ordinance, 2000: Prohibits the breach of security and secrecy of data, crucial for understanding the protection of personal data.
  • Section 5 and 6, The Electronic Transactions Ordinance, 2002:It defines the data retention and originality that has to be followed by service providers. This is key in determining the legitimacy of data
  • Section 22C, The Criminal Laws (Amendment) Act, 2023: Penalizes contacting a minor for the intent of kidnapping, abducting, or trafficking. Which is relevant in determining which provisions of law have been violated.