Search
Content type: Report
The methodology employed for this report consists primarily of in-depth interviews held with grassroots political workers and representatives of collectives. The researchers interviewed 14 individuals from various social justice causes such as womens’ rights, climate change, transgender rights, students’ rights and the right to universal internet access in Pakistan. The experiences they have shared with the interviewers along with the real-time developments in the country’s law and order…
Content type: Explainer
The Free to Protest Guide Pakistan has been created by adapting Privacy International's (PI) Free to Protest Guide UK according to the laws and policies of Pakistan, in collaboration with PI and local activists in Pakistan.The Guide has been published in English, Urdu, Punjabi and Pashto.DISCLAIMER: This guide forms part of PI's global work to highlight the range of surveillance tools that law enforcement can use in the protest context, and how data protection laws can help guarantee…
Content type: News & Analysis
Privacy International (PI) is concerned by developments in Pakistan regarding the enactment of the Draft Personal Data Protection Bill, 2023 and the opaque process which will see the bill become law.
The Bill was published on 19 May 2023 by the Ministry of Information Technology and Telecommunication ('MITT'). However no open and inclusive consultation was open for comments to be submitted to the MITT. In a concerning development it was reported that the Bill was approved by the Federal…
Content type: Long Read
On 25 May 2021, the European Court of Human Rights issued its judgment in Big Brother Watch & Others v. the UK. Below, we answer some of the main questions relating to the case.
After our initial reaction, below we answer some of the main questions relating to the case.
NOTE: This post reflects our initial reaction to the judgment and may be updated.
What’s the ruling all about?
In a nutshell, one of the world’s most important courts, the Grand Chamber of the European Court of Human…
Content type: Examples
As Europeans went back to work and social spaces in early summer 2020, they discovered that these had been newly equipped with a variety of technologies that brought surveillance with them as the price of preventing a resurgence of the coronavirus. Among the tools being adopted: a Romware Covid Radius bracelet, which beeps whenever two workers get too close to each other; laser technology to ensure social distancing in shopping malls; mask detection technology, facial recognition to ensure…
Content type: Examples
When Google and Apple announced their joint platform for contact tracing, the companies said the system would not track users’ locations. By mid-July, the resulting apps had been downloaded more than 20 million times in companies such as Germany and Switzerland. However, in order for Bluetooth, which the app requires, to work on Android phones, users must enable location services, with the result that Google may be able to track their location. Governments and health officials in Germany,…
Content type: Examples
TrustNet Pakistan, the country’s only digital trust foundation, has begun work alongside many other global technology companies on a digital vaccination verification platform called CovidCreds. The initiative supports projects that use privacy-preserving verifiable credentials. TrustNet is working on a solution called Vaccify to provide verification that it’s safe for people to travel out of Pakistan. The system is expected to work via a mobile phone app that can digitally receive test results…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
Many of the technologies used to combat the coronavirus pandemic, including monitoring and analysing social media posts, telecommunications location data, and the use of sensors, were first tested on refugees during the 2015 crisis and are now being repurposed in the name of public health. In 2019, the European border security agency Frontex published a €400,000 tender for social media analysis services hoping to better predict future migration patterns; the tender was withdrawn after an…
Content type: Examples
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was originally developed by the country's Inter-Service Intelligence (ISI) to combat terrorism; it is based on a new data hub in Islamabad that will collect information from the ISI tracking system and share…
Content type: Examples
Our partners from Digital Rights Foundation in Pakistan wrote a piece analysing cases of privacy violations, misinformation, hate speech and other cases. As they said, the situation with regards to the Coronavirus is still developing in the country and Digital Rights Foundation, are keeping an eye out for the developments regarding the disease and also assessing how the digital rights sphere is being affected.
Link: https://digitalrightsfoundation.pk/protecting-your-digital-rights-during-the-…
Content type: Examples
The Pakistani government has repurposed a system designed by the country's spy agency, inter-Services Intelligence for tracking down terrorists to trace suspected COVID-19 cases. Prime minister Imran Khan has said that efficient tracking and testing of coronavirus-infected people is the only way to reopen the country's closed businesses.
Source: https://www.indiatoday.in/world/story/pakistan-government-isi-system-track-suspected-covid-19-cases-pm-imran-khan-1670378-2020-04-24
Writer: Press…
Content type: Examples
Liechtenstein is the first European country to use biometric electronic bracelets to implement a real time coronavirus tracking programme. The bracelet, which sends skin temperature, breathing, and pulse, among other metrics, for analysis in a Swiss lab, is being offered to 5% of the population. The country, which acted early to prevent the epidemic, plans to roll the bracelets out to the entire population by autumn.
Source: https://inews.co.uk/news/health/coronavirus-testing-latest-…
Content type: Examples
An Excel file containing complete data pertaining to patients tested for coronavirus in the cities Quetta and Taftan in the the Balochistan region of Pakistan has been circulating in WhatsApp groups about Balochistan. The file contains information such as names, phone numbers, age address and other identifying information for the patients. The leaked data puts the patients at risk of personal harm and social stigma, even after recovery. Balochistan government officials say the data leaked…
Content type: Examples
GDPRHub is collecting a list of projects around the world that are using personal data to combat the novel coronavirus. The list is divided into categories such as decentralised contact tracing apps and frameworks; centralised contact tracing systems; lockdown enforcement; self-assessment apps; mapping projects; and statistical analysis. The site also tracks COVID-19-releated data protection issues.
Source: https://gdprhub.eu/index.php?title=Projects_using_personal_data_to_combat_SARS-…
Content type: Examples
An official directive from the Pakistani provincial government of Sindh titled "COVID-19 Mobile Registration System for Needy People" describes its use of multiple databases to identify those in need of welfare funds and disburse cash to them by combining taxpayers' data from the Federal Board of Revenue, travel histories from the Federal Investigation Agency, and financial information from the State Bank of Pakistan. Recipients need to create cellphone accounts via the service provider Jazz in…
Content type: Examples
Mobile phone users in Pakistan have discovered that the government is accessing, without consent, their mobile phone location and call records despite legal questions about whether doing so violates the country's constitution. After users reported that patients testing positive for COVID-19 returned home, the government sent SMS "Karuna Alert" messages to some of their friends, family, and neighbours; the Pakistan Telecom Authority confirmed it had sent the messages using patients' registered…
Content type: Examples
Led by Germany's Fraunhofer Heinrich Hertz Institute for Telecoms, technologists and scientists from at least eight countries, are working on a proximity-based contact tracing technology that complies with GDPR. The Pan-European Privacy-Preserving Proximity Tracing project (PEPP-PT) is intended to leverage smartphones to help disrupt the spread of infection by notifying individuals when their smartphones are near enough to to that of another person to carry out a Bluetooth handshake - thereby…
Content type: Examples
After Pakistani residents queried whether messages labelled "CoronaALERT" sent out via SMS were legitimate, telecom authorities confirmed that it was authentic, being sent to selected individuals at the request of the Ministry of Health under the Digital Parkistan programme. Individuals were chosen because they might have come in contact with infected individuals during travel or in specific locations. It is not clear, however, what the criteria were for selecting individuals at risk,…
Content type: News & Analysis
Today, Privacy International, along with nine other NGOs including Liberty and Amnesty International, attended a hearing before the Grand Chamber of the European Court of Human Rights (ECtHR) to revisit the Court's first ruling on our case challenging UK mass surveillance and intelligence sharing. In September 2018, the First Section of the ECtHR ruled that the UK government's mass interception program violates the rights to privacy and freedom of expression. Notwithstanding the positve aspects…
Content type: Case Study
Photo by Roger H. Goun
Chloe is an investigative journalist working for an international broadcast service; we will call the TV show she works for The Inquirer. She travels around the world to work with local journalists on uncovering stories that make the headlines: from human trafficking to drug cartels and government corruption. While her documentaries are watched by many and inspire change in the countries she works in, you would not know who Chloe is if we were to tell you her real name.…
Content type: News & Analysis
According to the International Organization for Migration, an estimated 258 million people are international migrants – that is, someone who changes their country of usual residence, That’s one in every 30 people on earth.
These unprecedented movements levels show no sign of slowing down. It is predicted that by 2050, there will be 450 million migrants across the world.
Nowadays, it is politically acceptable to demonise migrants, and countless leaders have spewed divisive and xenophobic…
Content type: Long Read
Cellebrite, a surveillance firm marketing itself as the “global leader in digital intelligence”, is marketing its digital extraction devices at a new target: authorities interrogating people seeking asylum.
Israel-based Cellebrite, a subsidiary of Japan’s Sun Corporation, markets forensic tools which empower authorities to bypass passwords on digital devices, allowing them to download, analyse, and visualise data.
Its products are in wide use across the world: a 2019 marketing…
Content type: Long Read
For International Women’s Day 2019, Privacy International looks at some of the key themes around the intersection of gender rights and the right to privacy and we review the work we and our partners have done on those topics.
When dealing with cases of non-consensual sharing of intimate images, often known as ‘revenge porn,’ or doxxing, where a person’s personal details are shared publicly, the link between privacy and online-gender-based violence is very clear. Privacy…
Content type: Advocacy
UPDATE 13 February: Facebook announced that it would open up its Ad Archive API next month. Read Mozilla's statement about the response here.
On 11 February 2019, Privacy International joined Mozilla and 36 organisations in an open letter to Facebook call on Facebook to make good on its commitments to provide more transparency around political advertising ahead of the 2019 EU Parliamentary Elections.
Specifically, our open letter urges Facebook to:
Roll out a functional, open Ad…
Content type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
In the era of smart cities, the gap between the internet and the so-called physical world is closing. Gone are the days, when the internet was limited to your activities behind a desktop screen, when nobody knew you were a dog.
Today, the…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Pakistan is the result of an ongoing collaboration by Privacy International and the Digital Rights Foundation.
Between 2014-2016, Bytes for All contributed to previous versions of the 'Data Protection' sections of this briefing.
Key Privacy Facts
1. Constitutional privacy protections: Article 14(1) of…
Content type: News & Analysis
Privacy International welcomes the judgment of the European Court of Human Rights in Catt v the United Kingdom.The Court found that the UK violated the right to privacy (Article 8 of the European Convention on Human Rights) of Mr John Catt, a peace movement activist, who despite having never being convicted of any offence, had his name and other personal data included in a police database known as the “Extremism Database”. The Court found problematic "the variety of definitions of…
Content type: News & Analysis
On 22 January 2019 Google updated its Terms of Service and Privacy Policy for Europe.
The message is quite reassuring:
“Nothing about your experience in Google services will change. And nothing is changing in terms of your privacy settings, the way your data is processed, nor the purposes of its processing”.
Then it says: “However, if you don’t want to accept these changes in our terms and Privacy Policy, you can choose to stop using the applicable services.”
Simple. If you don’t like it,…