Search
Content type: Report
The methodology employed for this report consists primarily of in-depth interviews held with grassroots political workers and representatives of collectives. The researchers interviewed 14 individuals from various social justice causes such as womens’ rights, climate change, transgender rights, students’ rights and the right to universal internet access in Pakistan. The experiences they have shared with the interviewers along with the real-time developments in the country’s law and order…
Content type: Explainer
The Free to Protest Guide Pakistan has been created by adapting Privacy International's (PI) Free to Protest Guide UK according to the laws and policies of Pakistan, in collaboration with PI and local activists in Pakistan.The Guide has been published in English, Urdu, Punjabi and Pashto.DISCLAIMER: This guide forms part of PI's global work to highlight the range of surveillance tools that law enforcement can use in the protest context, and how data protection laws can help guarantee…
Content type: News & Analysis
Privacy International (PI) is concerned by developments in Pakistan regarding the enactment of the Draft Personal Data Protection Bill, 2023 and the opaque process which will see the bill become law.
The Bill was published on 19 May 2023 by the Ministry of Information Technology and Telecommunication ('MITT'). However no open and inclusive consultation was open for comments to be submitted to the MITT. In a concerning development it was reported that the Bill was approved by the Federal…
Content type: Examples
TrustNet Pakistan, the country’s only digital trust foundation, has begun work alongside many other global technology companies on a digital vaccination verification platform called CovidCreds. The initiative supports projects that use privacy-preserving verifiable credentials. TrustNet is working on a solution called Vaccify to provide verification that it’s safe for people to travel out of Pakistan. The system is expected to work via a mobile phone app that can digitally receive test results…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was originally developed by the country's Inter-Service Intelligence (ISI) to combat terrorism; it is based on a new data hub in Islamabad that will collect information from the ISI tracking system and share…
Content type: Examples
Our partners from Digital Rights Foundation in Pakistan wrote a piece analysing cases of privacy violations, misinformation, hate speech and other cases. As they said, the situation with regards to the Coronavirus is still developing in the country and Digital Rights Foundation, are keeping an eye out for the developments regarding the disease and also assessing how the digital rights sphere is being affected.
Link: https://digitalrightsfoundation.pk/protecting-your-digital-rights-during-the-…
Content type: Examples
The Pakistani government has repurposed a system designed by the country's spy agency, inter-Services Intelligence for tracking down terrorists to trace suspected COVID-19 cases. Prime minister Imran Khan has said that efficient tracking and testing of coronavirus-infected people is the only way to reopen the country's closed businesses.
Source: https://www.indiatoday.in/world/story/pakistan-government-isi-system-track-suspected-covid-19-cases-pm-imran-khan-1670378-2020-04-24
Writer: Press…
Content type: Examples
Numerous efforts to create apps to help monitor and map the spread of COVID-19 rely on satnav-based location data from Galileo. The CovTrack app developed on a pro-bono basis by the Romanian company RISE, for example, uses Bluetooth connections between mobile phones to store identification data the user can access to very if any contacts have subsequently tested positive for COVID-19. CovTrack is a spin-off of the AGORA project for festival management, which is supposed by the European Space…
Content type: Examples
An Excel file containing complete data pertaining to patients tested for coronavirus in the cities Quetta and Taftan in the the Balochistan region of Pakistan has been circulating in WhatsApp groups about Balochistan. The file contains information such as names, phone numbers, age address and other identifying information for the patients. The leaked data puts the patients at risk of personal harm and social stigma, even after recovery. Balochistan government officials say the data leaked…
Content type: Examples
An official directive from the Pakistani provincial government of Sindh titled "COVID-19 Mobile Registration System for Needy People" describes its use of multiple databases to identify those in need of welfare funds and disburse cash to them by combining taxpayers' data from the Federal Board of Revenue, travel histories from the Federal Investigation Agency, and financial information from the State Bank of Pakistan. Recipients need to create cellphone accounts via the service provider Jazz in…
Content type: Examples
Mobile phone users in Pakistan have discovered that the government is accessing, without consent, their mobile phone location and call records despite legal questions about whether doing so violates the country's constitution. After users reported that patients testing positive for COVID-19 returned home, the government sent SMS "Karuna Alert" messages to some of their friends, family, and neighbours; the Pakistan Telecom Authority confirmed it had sent the messages using patients' registered…
Content type: Examples
The Romanian government has formally notified the Council of Europe under Article 15, paragraph 3 of the ECHR of the country's state of emergency decree, noting that some of the measures being taken involve derogations from the obligations under the Convention.
Source: https://rm.coe.int/09000016809cee30
Writer: Permanent Representation of Romania
Publication: Official letter
Content type: Examples
On March 14, Romanian president Klaus Iohannis announced a state of emergency to make it possible to allocate new resources for crisis management, and urged the public to follow isolation guidelines and hygiene rules. The Parliament must approve within five days, and the state of emergency lasts 30 days. The decree allows the government to carry out checks on persons and places, order temporary closures of shops and other public places, halt the distribution of publications or broadcasts, and…
Content type: Examples
After Pakistani residents queried whether messages labelled "CoronaALERT" sent out via SMS were legitimate, telecom authorities confirmed that it was authentic, being sent to selected individuals at the request of the Ministry of Health under the Digital Parkistan programme. Individuals were chosen because they might have come in contact with infected individuals during travel or in specific locations. It is not clear, however, what the criteria were for selecting individuals at risk,…
Content type: Examples
Four members of the Council of Europe - Romania, Latvia, Moldova, and Armenia - have activated Article 15 of the European Convention on Human Rights, which allows derogations in cases of public emergency. Derogation allows Member States to take measures to the extent required by the situation as long as those do not contravene other obligations such as the articles that prohibit torture and slavery and protect the right to life.
Source: https://www.g4media.ro/romania-moldova-letonia-si-…
Content type: Case Study
Photo by Roger H. Goun
Chloe is an investigative journalist working for an international broadcast service; we will call the TV show she works for The Inquirer. She travels around the world to work with local journalists on uncovering stories that make the headlines: from human trafficking to drug cartels and government corruption. While her documentaries are watched by many and inspire change in the countries she works in, you would not know who Chloe is if we were to tell you her real name.…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: Long Read
For International Women’s Day 2019, Privacy International looks at some of the key themes around the intersection of gender rights and the right to privacy and we review the work we and our partners have done on those topics.
When dealing with cases of non-consensual sharing of intimate images, often known as ‘revenge porn,’ or doxxing, where a person’s personal details are shared publicly, the link between privacy and online-gender-based violence is very clear. Privacy…
Content type: News & Analysis
At the beginning of November 2018, the first GDPR-related privacy and freedom of expression case arose in Romania in connection to the publication by the RISE Project of several articles about a corruption investigation. The articles reported a close relationship between a road construction company that is currently under investigation for fraud, European funds, and a high-profile politician.
Shortly after the first article was published, the Romanian data protection authority (“ANSPDCP”) sent…
Content type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
In the era of smart cities, the gap between the internet and the so-called physical world is closing. Gone are the days, when the internet was limited to your activities behind a desktop screen, when nobody knew you were a dog.
Today, the…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Pakistan is the result of an ongoing collaboration by Privacy International and the Digital Rights Foundation.
Between 2014-2016, Bytes for All contributed to previous versions of the 'Data Protection' sections of this briefing.
Key Privacy Facts
1. Constitutional privacy protections: Article 14(1) of…
Content type: News & Analysis
We found this here.
The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is being tested across Europe. The first GDPR privacy case in Romania began with an investigation that was published on November 5 about a corruption scandal involving a politician and his close relationships to a company being investigated for fraud. The Romanian data protection authority (ANSPDCP) sent a series of questions to the journalists who authored the article and asked for…
Content type: Advocacy
Privacy International, European Digital Rights, and the Association for Technology and Internet (ApTI) together with 15 other digital rights organisations sent a letter on Monday 21 November 2018, to the European Data Protection Board (EDPB), with copies to the Romanian Data Protection Authority (ANSPDCP), and the European Commission, asking for the General Data Protection Regulation (GDPR) not to be misused in order to threaten media freedom in Romania.
Shortly after a journalistic…
Content type: Long Read
The idea of a “smart city” is primarily a marketing concept, used to sell data-intensive technologies under the pretext of improving the functioning of cities. This could include injecting ‘smart’ tech into delivering services, public safety, environmental monitoring, traffic control, among other possible applications.
One in particular aspect of smart cities has been consistently problematic: how these projects are used to boost law enforcement and policing under the guise of public safety.…
Content type: Advocacy
We welcome the effort by the Pakistani Ministry of Information Technology and Telecommunications to regulate the processing of personal data in Pakistan, and take measures to guarantee the right to privacy as guaranteed under Article 14(1) of the Constitution: “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable.”
This legislative development is crucial and timely as Pakistan continues to embrace innovative governance initiatives and deploy data-intensive systems…
Content type: News & Analysis
By Digital Rights Foundation, Pakistan
What is a safe city?
The answer to this question is not uniform; in fact it varies according to who you ask.
In a focus group conducted by Digital Rights Foundation in May of last year, consisting of women rights activists from across Pakistan, the answer meant imagining a city that was not only safe for women, in terms of their physical safety, but also welcoming for women and non-binary individuals in its architecture and facilities. Women expressed…
Content type: Press release
Below is a joint statement from Privacy International and Bytes for All.
This Friday, 27 September, marks the conclusion of the 24th session of the UN Human Rights Council, a session which has, for the first time, seen issues of internet surveillance in the spotlight. Privacy International and Bytes for All welcome the attention given at the Human Rights Council to this issue. However, we are concerned about developments which took place that threaten privacy rights and freedom of…
Content type: Long Read
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
According to the World Bank, identity “provides a foundation for other rights and gives a voice to the voiceless”. The UN Deputy Secretary-General has called it a tool for “advancing…