Regulation and control of personal information:
data protection, defamation and related issues
Introduction
With the convenience of the internet comes many dangers. Hackers and malicious programs can cause threat
to your computer and the information it contains.
Whether you're conducting business online or merely managing your emails,
LEARNING TO PRACTICE SAFE COMPUTING IS A MUST.
Everything you need can now be accessed in the comfort of your own home, right from the computer.
Shopping for apparel, electronics, and even real estate can all be done comfortably online.
Download your favorite songs, movies and games from the internet.
Transfer money online.
We can not deny the dramatic impact which increasing computerization has had on the storage,
processing, retention and release of information and data. Computerization has revolutionized the
handling and processing of information to such an extent that the data itself has now become a
commodity(product) which possesses commercial value and can be traded on the market in the same way
as any other commodity. The value to businesses is also enhanced by the fact that how easily and safely
data can be transferred around the globe.
There is by no means a straightforward answer to this question, complicated as the issues are by
rapidly advancing technology, the global nature of the activities to be regulated and the variety of
possible regulatory approaches to be found in the various legal traditions within the world
Formidable problems of policy and implementation are presented by the attempt to regulate
systems and practices that are technologically advanced, widely professional issues in software
engineering dispersed, rapidly changing and employed by powerful economic and government
interests
Data Protection refers to how your personal information is used by the organization or being
an organization, how you would make sure to protect data of your customers, employees etc
Privacy refers to the privilege provided to an individual by law or by the organizational policy
where the individual can keep the information secret to or from a specific group.
Introduction To Data Protection
• There are a number of issues and concerns for the protection of individual privacy and integrity
arising out of the use of computer and computer networks.
• In just a few years, privacy and data protection has become one of the most important topics in the
information society for businesses, governments and consumers.
• In a society where social networks such as Facebook, Twitter, LinkedIn, YouTube are
becoming abundant, the right of every person to their privacy is being significantly challenged,
so adequate legal protection is absolutely necessary.
Data Protection
• Data protection is the process of safeguarding important information from corruption and loss.
• Data protection is the legal control over access to and use of data stored in computers.
• It includes laws and regulations that make it illegal to store or share some types of information about
people without their knowledge or permission
Data Protection & Privacy
• The challenge of data privacy is to utilize data while protecting an individual's privacy preferences
and their personally identifiable information.
• The fields of computer security, data security, and information security design and utilize software,
hardware, and human resources to address this issue.
Data Protection Concerns
• The ability to control the information one reveals about oneself over the internet, and who can access
that information, has become a growing concern.
• These concerns include whether email can be stored or read by third parties without consent,
or whether third parties can continue to track the websites that someone has visited.
• Another concern is if the websites that are visited can collect, store, and possibly share personally
identifiable information about users.
• The advent of various search engines and the use of data mining created a capability for data about
individuals to be collected and combined from a wide variety of sources very easily.
Data Mining
• Data mining is the process of finding anomalies, patterns and correlations within large data sets to
predict outcomes. Using a broad range of techniques, you can use this information to increase
revenues, cut costs, improve customer relationships, reduce risks and more.
Data Protection Challenges
• Email isn't the only internet content with privacy concerns.
• In an age where increasing amounts of information are going online, social networking sites
pose additional privacy challenges.
� • People may be tagged in photos or have valuable information exposed about themselves either by
choice or unexpectedly by others.
• Caution should be exercised with what information is being posted, as social networks vary in
what they allow users to make private and what remains publicly accessible.
• Without strong security settings in place and careful attention to what remains public, a person
can be profiled by searching for and collecting different pieces of information, worst case leading
to cases of cyberstalking or reputational damage.
Data Protection Laws
• These laws are based on Fair Information Practice that was first developed in the United States in
the 1970s. The basic principles of data protection are:
• For all data collected there should be a stated purpose.
• Information collected by an individual cannot be disclosed to other organizations or
individuals unless specifically authorized by law or by consent of the individual
• Records kept on an individual should be accurate and up to date
• There should be mechanisms for individuals to review data about them, to ensure accuracy.
This may include periodic reporting
• Data should be deleted when it is no longer needed for the stated purpose
• Transmission of personal information to locations where "equivalent" personal data
protection cannot be assured is prohibited
• Some data is too sensitive to be collected, unless there are extreme circumstances (e.g.
religion)
• Data protection laws prohibit the disclosure or misuse of information about private individuals.
• Over 80 countries and independent territories, including nearly every country in Europe and many in
Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data
protection laws.
• The European Union has the General Data Protection Regulation(GDPR), in force since May 25,
2018.
Data Protection Laws in Pakistan
• Pakistan to date doesn’t had a dedicated law on Data Protection till 2018.
• Pakistan promulgated the Prevention of Electronic Crimes Act 2016 (“PECA”) which amongst
protecting people against cybercrimes also provides for protection of identity data of citizens.
• The Act provides that any identity data may only be processed, stored, transmitted with the
permission of the owner of the data which would mean the citizen whose data is being used.
PERSONAL DATA PROTECTION BILL 2018
• A new Personal Data Protection Bill 2018 Draft (the “Bill”) had been proposed by the Ministry of
Information Technology and Telecommunication (“MOITT”) of Pakistan.
• With this Bill, Pakistan may soon join the wave of new data protection laws that have been drafted or
passed since Europe’s General Data Protection Regulation (GDPR).
• If passed, the Bill will give organizations one to two years from its declaration date to prepare for
compliance depending on the choice of the Federal Government.
• A new enforcement body, the National Commission for Personal Data Protection (NCPDP), will be
established under the Bill. (The Federal Government has proposed the establishment of a National
Commission for Personal Data Protection (NCPDP) in 2022)
• NCPDP will receive and decide complaints from individuals, as well as engage, support, guide,
facilitate, train and persuade data controllers, data processors to ensure protection of personal data.
• The current draft of the Bill has 25 pages with requirements and individual rights similar to the
GDPR.(Review PDP 2018, and GDPR 2018)
• The original challenge of data protection law was to provide a suitable mechanism for dealing
with the perceived threat to individual privacy of large centralized data banks
• The development of global information networks has changed and intensified(strengthen) the
character of the privacy protection problem
• The question which is inevitably being asked is whether the original formulation of data protection
law is capable of controlling the amorphous(shapeless) decentralized activities which occur through
the medium of the Internet and World Wide Web
• It is an observed fact that, at the level of international agreements and national legislation, the
requirements imposed by this particular type of technology have resulted in a convergence of the
rules made to ensure good data management
• An example in this respect is the emergence of data protection principles or fair use guidelines
which have created a consistent effect on national legislation on data protection
• Even without the cover of anonymity,(secrecy) the various methods available for the dissemination
of information on computer networks provide abundant ground for the propagation of information
about others
• what redress(compensation) is available for those who feel that untrue and unwarranted statements
have been circulated about them
Defamation
• Defamation is a legal term that refers to any statement made by a person, whether verbal or printed,
that causes harm to another person’s reputation or character.
� • A defamatory statement made in writing, or “published,” it is considered “libel,” a defamatory
statement that is spoken is considered “slander.”
• Defamation is not considered a criminal act, but a civil wrong.
• As the Constitution of the majority of countries promise their citizens freedom of speech, there is
often a fine line between exercising that right and making defamatory statements that harm another
person.
Defamation and the Law
• According to Article 17 of the United Nations International Covenant on Civil and Political
Rights, no person may be subjected to unlawful interference with his family, home, privacy, honor,
or reputation.
• It also specifies that every person has the right to be protected against such interference.
• While defamation of character is not considered a criminal act , a person accused of making
defamatory statements can be sued in civil court for monetary damages.
• They may also be forced to retract the statements made, especially if they were published in a public
forum, such as a newspaper or online.
Elements of a Defamation Lawsuit
• Defamation laws differ for various countries, but commonly, there are accepted standards that are
universal.
• When a person believes he has been a victim of character assassination , filing a civil lawsuit may
help him obtain a court order for the defendant to withdraw the defamatory remarks, and perhaps to
issue a public apology.
• If the victim proves his defamation case, he may be awarded monetary damages for his pain and
suffering, as well as any monetary losses he may have suffered as a result of the libel or slander.
• Required elements of a defamation lawsuit include:
• A defamatory statement was made.
• The statement made was published in some fashion, meaning it was told to others either
verbally or in writing.
• The statement was not true, and the person who published the statement knew that it
was not true.
• The statement caused the victim harm or injury, emotionally or financially.
Injury Caused by a Defamatory Statement
• The Statement must have directly caused harm or injury to the victim. Defamation can cause two
main types of injury:
• Harm to reputation – the loss of a job, loss of customers, causing the victim to become a
social outcast.
• Financial harm – the victim, whether personally or as a business owner, experiences loss of
business or money, or incurs expenses in the attempt to repair his reputation.
Defenses to a Claim of Defamation
• When a person is accused of defamation, the law looks at many factors. Some common defenses to a
claim of defamation may include:
• Statements made in good faith – the person who made the statements reasonably believed
that the statements were true.
• Opinion – because opinions are considered subjective, and not necessarily false, they are not
considered defamatory.
• Verbal abuse– if a statement made may not to be taken literally or believed, such as name-
calling in anger, it may not considered defamatory.
• Unbelieved statement – if the person hearing the defamatory statement does not believe it,
or does not take an interest in it, the statement is considered not to have harmed the victim’s
reputation in any way.
Internet Defamation and Social Media
• With the expansion of social media and the public’s heavy reliance on the Internet, the opportunity
for publishing defamatory statements, or internet defamation, has grown immensely.
• With outlets such as Facebook and Twitter, people can instantly publish statements that reach
thousands of people.
• For this reason, the laws concerning defamation apply to statements made online, where private
individuals or the public as a whole can view them.
• Other common outlets/ways for internet defamation include private and public blogs.
• Defamation in social medial and on the internet are generally easy to track, making it important that
people carefully consider what they post concerning other people.
