Abstract
Pakistan's draft Personal Data Protection Bill 2020 (PDPB) was released for consultation by the IT Ministry on 9 April 2020. This article considers the main features of the Bill, and in particular the extent to which it is influenced by the EU’s GDPR. The content of the rights and obligations in the Bill show many EU influences, though closer to the standards of the 1995 Directive than the stronger GDPR provisions. Chinese influence is also present in data localisation provisions. The government is required to establish a Personal Data Protection Authority of Pakistan (PDPAP). Its structure and powers are the most contentious aspect of the Bill.Civil society NGOs criticise the proposed DPA as too powerful and not independent enough. This Bill has the ingredients to give Pakistan a data privacy law of medium strength (in both principles and enforcement) by international standards. However, these benefits are undermined by a data protection authority lacking some key elements of independence, and a combination of it and the government having between them far too much discretionary power.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
