Previous 2 / 45 Next

TABLE OF CONTENTS Statement of Objectives ............................................................................................................. 4 1. Short title, extent and commencement. ........................................................................... 6 2. Definitions. ...................................................................................................................... 6 3. Scope and applicability. ................................................................................................. 11 4. Interpretation. ................................................................................................................ 12 5. Grounds for processing personal data. .......................................................................... 12 6. Consent for personal data processing. ........................................................................... 13 7. Notice to the data subject. ............................................................................................. 14 8. Non-disclosure of personal data. ................................................................................... 15 9. Security requirements. ................................................................................................... 15 10. Data retention requirements. ......................................................................................... 16 11. Data integrity. ............................................................................................................... 16 12. Record to be kept by the data controller. ....................................................................... 16 13. Personal data breach notification. .................................................................................. 17 14. Processing personal data of children. ............................................................................ 18 15. Additional requirements for processing sensitive and critical personal data. ............... 18 16. Right to access. .............................................................................................................. 20 17. Compliance with the data access request. ..................................................................... 20 18. Circumstances of refusal to comply with the data access request. ................................ 21 19. Right to correction. ........................................................................................................ 22 20. Compliance with a data correction request. .................................................................. 22 21. Circumstances of refusal to comply with the data correction request. .......................... 23 22. Notification of refusal to comply with a data correction request. ................................. 24 23. Right to the withdrawal of consent. ............................................................................... 25 24. Extent of disclosure. ...................................................................................................... 25 25. Right to prevent processing likely to cause damage or distress. ................................... 25 1

Select target paragraph3

● ● ●

Personal Data Protection Bill 2023

Law

Status of Law: Draft

Country

Pakistan

Country Location

Latitude: 30.50420402694667

Longitude: 71.31445294618544

Country Location (linked Law): Pakistan

Keywords

Data Protection and Retention
Privacy
Public Interest

Type of Law: Legislation

Research Category: III Governance of Online and Networked Spaces

Is this the Official Copy?: Yes

Source URL: Ministry of information technology and telecommunications

Notes: The latest draft of Pakistan’s Personal Data Protection Bill (PDPB) 2023 raises significant concerns regarding the autonomy of the National Commission for Personal Data Protection (NCPDP), as it places the Commission under federal government control, compromising its independence. Ambiguous terms like "legitimate interest," "public interest," and "national interest" lack clear definitions, creating scope for misuse by data controllers. The bill's requirement for data localisation is impractical given Pakistan's inadequate infrastructure and energy constraints, posing risks of data misuse or leakage. Broad exemptions under Section 4 grant undue discretion to the federal government, undermining accountability. While positive aspects, such as requiring user consent for data processing, are included, the imposition of administrative fees to access personal data contradicts international standards like the GDPR, which discourage such practices.

Related Law (self)

Pakistani Personal Data Protection Bill, 2018

Collection

Complete Name: Personal Data Protection Bill 2023

Primary Documents

Final Draft Personal Data Protection Bill May 2023.pdf
English
Download View