LAW
There is, at the date of publication, no legislation regulating the protection of data in Pakistan. A draft Electronic Data Protection Bill, limited to protection of electronic data was circulated by the Ministry of Information in 2005.
DEFINITION OF PERSONAL DATA
In the absence of any legislation regulating the protection of data in Pakistan, the term "personal data" is undefined.
DEFINITION OF SENSITIVE PERSONAL DATA
In the absence of any legislation regulating the protection of data in Pakistan, the term "sensitive personal data" is undefined.
NATIONAL DATA PROTECTION AUTHORITY
There is no national data protection authority in Pakistan.
REGISTRATION
Data controllers or collectors do not need to register with any authority.
DATA PROTECTION OFFICERS
Organisations in Pakistan are not required to appoint a data protection officer.
COLLECTION AND PROCESSING
Data controllers can collect and process personal data under any conditions.
TRANSFER
Although the transfer of data to third parties is not specifically regulated under the laws of Pakistan, data cannot be transferred from Pakistan to a country which is not recognised by Pakistan. Pakistan currently does not recognize Israel, Taiwan, Kosovo, Somaliland, Nagorno Karabakh, Transnistria, Abkhazia, Northern Cyprus, Sahrawi Arab Democratic Republic, South Ossetia and Armenia. This list may change from time to time. Furthermore, data can only be transferred to India if such a transfer can be justified by the transferor.
Besides being regulated by contractual terms, data collated by, inter alia, banks, insurance firms, hospitals, defence establishments and other "sensitive" installations/institutions cannot be transferred to any individual/body unless it is transferred with the permission of the relevant regulator or similar bodies on a confidential basis. Additionally, in certain cases data cannot be transferred without the permission of the relevant client/customer.
SECURITY
Data controllers do not have to fulfil any security requirements.
BREACH NOTIFICATION
Data security breaches or losses do not have to be reported or notified to anybody or individual.
ENFORCEMENT
In the absence of any legislation in the sphere of data protection no body or entity enforces any law. Enforcement and appropriate relief may however be sought through courts of law having jurisdiction in the matter.
ELECTRONIC MARKETING
There is, at the date of publication, no legislation regulating electronic marketing in Pakistan. Please note that an earlier law promulgated in this regard has since lapsed. A draft Prevention of Electronic Crimes Bill which may potentially deal with electronic marketing is currently under consideration of a select committee of the National Assembly. This draft law is more wide ranging in nature than its predecessor.
ONLINE PRIVACY (INCLUDING COOKIES AND LOCATION DATA)
There is, at the date of publication, no legislation regulating online privacy in Pakistan. Please note that an earlier law promulgated in this regard has since lapsed. A draft Prevention of Electronic Crimes Bill which may potentially deal with online privacy is currently under consideration of a select committee of the National Assembly. This draft law is more wide ranging in nature than its predecessor.
© DLA Piper
This publication is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not used as, a substitute for taking legal advice in any specific situation. DLA Piper Australia will accept no responsibility for any actions taken or not taken on the basis of this publication.
DLA Piper Australia is part of DLA Piper, a global law firm, operating through various separate and distinct legal entities. For further information, please refer to www.dlapiper.com
