Pakistan does not have a privacy statute of the general application nor has a national consumer protection statute that applies directly to electronic commerce, says the Asian Development Bank (ADB).
ADB, in its report “E-commerce in CAREC countries, laws and policies,” stated that as a national priority, Pakistan adopted an e-commerce policy in 2019 to create an enabling environment for holistic growth of e-commerce across all sectors of the country, including plans for national single window and cross-border e-commerce.
ALSO READ
PM Imran to Launch Ehsaas Food Trucks in 3 More Cities
Pakistan adopted an Electronic Transactions Ordinance in 2002; there is no available information of any update during this study. The ordinance is quite different from the laws of other CAREC members. It adopts large parts of the Model Law on Electronic Commerce (MLEC). The ordinance indicates that the requirement for signatures “shall be deemed satisfied” where electronic signatures or advanced electronic signatures are applied.”
The report further noted that the ordinance does not require either evidence of intention or any degree of reliability. However, reliability is supported by the use of an “advanced electronic signature.” With such a signature, it is presumed that the signed document is authentic and has integrity, or that the signature is that of the person to whom it correlates, it was affixed for the purpose of signing or approving the document, and the e-document has not been altered since it was signed.
ALSO READ
An advanced e-signature can be made in two ways. The first is to create it in the circumstances which the MLES says makes for a reliable signature. The second is to have it created by an accredited CSP considered by a government supervisory agency—the Electronic Certification Accreditation Council (ECAC)—to be capable of establishing authenticity and integrity. Not all CSPs need to be accredited.
Detailed regulations govern the accreditation process
The ordinance describes in detail the composition of the ECAC and its functions. Public bodies—known as “appropriate authority” in the ordinance—may accept or reject electronic documents and payments. If they decide to accept them, the authorities may specify the technology and the process to ensure the integrity of the information received. They are not in a position to negotiate the format, so the ordinance gives them the power to impose it.
Foreign signatures and certificates
The regulator of the accreditation system, the ECAC, is allowed to recognize or accredit foreign CSPs. The ordinance does not indicate the grounds on which such arrangements might be made or whether they should be reciprocated. The ECAC’s Accreditation Regulations say that a CSP formed in another country can get permission under corporate law to carry on business in Pakistan, and then apply for accreditation.
ALSO READ
Pakistan’s Sazgar Engineering to Export Its First Batch of Rickshaws to Ethiopia
The report stated that Pakistan does not have a privacy statute of general application. The ordinance allows the ECAC to make regulations about privacy and the protection of personal data of subscribers to signature certificates from CSPs.
The Prevention of Electronic Crimes Act of 2016 prohibits the unauthorized obtaining, sale, possession, transmission, or use of a person’s “identity information.” A person who has been the victim of such activities may apply to the Pakistan Telecommunication Authority to have the information secured, blocked, or prevented from being further transmitted. The National Database and Registration Authority, which maintains records for all citizens of Pakistan and runs the national identity card program, has strict rules about keeping its information confidential.
Cross-border sharing of personal data is more likely to be focused on the same security priorities than on protecting individuals from undue commercial exploitation. The ordinance prohibits entering computer systems to see or take the information in them— a provision headed “violation of the privacy of information,” even though it is not in the nature of personal data protection. It also bans and penalizes, causing damage to information systems.
ALSO READ
All Binance Users Will Now Undergo KYC Scrutiny
The principal source of cybercrime law is the Prevention of Electronic Crimes Act of 2016. This statute prohibits most or all of the activities that the Budapest Convention of 2001 requires member states to ban:
- Unauthorized access to information systems
- Unauthorized copying of data
- Interference with an information system (particularly with regard to critical infrastructure systems)
- Forgery
- Fraud
- Supplying of malware devices
- Spamming
- Spoofing and several others
It focuses as well on offenses relating to terrorism, including “cyber-terrorism”—that is, using e-communications for spreading fear or inciting hate, “glorification” of terrorism, hate speech, and recruiting for terrorism. The act contains an array of procedural rights and techniques used to fight cybercrime. It is by far the most extensive legislation on this topic among CAREC members. It allows for anticipatory action and censorship, including removing content from information systems by the decision of the Pakistan Telecommunication Authority. The act contains a substantial set of provisions about cooperating with foreign countries (both for collecting information and for sharing it) for the purpose of investigation or prosecution of electronic crimes.
ALSO READ
SMEs Growth To Alleviate Poverty In The Country: Minister Industries & Production
Pakistan may also refuse to accede to a foreign government’s request for several reasons, including that Pakistan’s interests would be prejudiced and that the request was made for an improper purpose.
Pakistan has no national consumer protection statute. Each of its provinces, including the capital region, has a statute on the topic, but most of them were enacted in the 1990s or earlier and do not apply directly to electronic commerce. The legislation focuses mainly on the safety of consumer products being sold in the provinces.
ALSO READ
SECP Approves New Tech-Driven Solutions Under 2nd Cohort Of Regulatory Sandbox
The province of Sindh is the exception, with a consumer protection statute enacted in 2015. It deals with safety issues but also with misrepresentation and warranties. It was drafted in media-neutral language so it could be applied to e-commerce transactions. However, the only express reference to such transactions is in the definition of “advertising,” which includes internet communications, short message service, and other electronic media.
Typical online consumer protection measures found elsewhere, like the right to receive a contract within a short time of the transaction or rescission rights, are not mentioned, it added.
