Law is often conceptualised to protect human rights from the ruling forces of its time. While it safeguards rights, it keeps those forces under scrutiny. In the digital age, the right to privacy is the most important and easy-to-violate human right. Thus, its protection remains a daunting task. Unfortunately, in Pakistan, the lack of regulatory measures for corporations, coupled with power asymmetry, poses a real threat to the protection of the right to privacy. In addition, the idea of consent is paradoxical. Though it theoretically protects the right to privacy, in practice, it has transformed into a legal instrument that has normalised surveillance.
Amidst the digital revolution, Google engineers invented a mechanism to process random trails of the user data to predict human behavior, turning the user data into a new revenue-generating tool. By the time this invention became known to the public, many digital platforms had incorporated it into their digital ecosystems. This sort of data extraction was defined as surveillance capitalism.
To be more precise, the term surveillance capitalism — coined by Shoshana Zuboff — refers to an economic system that treats human experience as a fuel for capitalistic profit. It allows digital platforms to access user data, break down behavioral patterns, and deploy it to enhance user experience. In essence, it describes a surveillance tactic imitating technological advancement, which results in pecuniary benefit for the digital platform at the expense of the breach of user privacy.
To regulate such commercial practices, the EU enacted the General Data Protection Regulation (GDPR). As per Articles 6 and 7 of the GDPR, an online platform can process user data if the user has consented to it. More specifically, article 6 entails the requirement of consent, and article 7 describes the features of a valid consent in this regard. Unlike the EU GDPR, the data protection landscape of Pakistan is highly complex. Thus, it merits attention.
In Pakistan, Article 14(1) of the Constitution of the Islamic Republic of Pakistan 1973 protects individual privacy as well as the privacy of the home from being breached. Despite the protections afforded by the Constitution, the right to privacy is highly susceptible to breaches by digital platforms. There are several reasons for that: first, the implementation of the right to privacy requires expansive data protection legislative regimes. Secondly, in the present condition, data processing is guarded by the idea of consent — mutual agreement between social media networks and ordinary users.
To enforce the right to privacy, there are two primary routes: first, to invoke Article 14(1) of the Constitution through courts. Second, legislate a specific data protection law that safeguards individual privacy from market-driven intrusion. The idea of knocking on the court’s door to enforce the right to privacy is often conceived as a remedy of last resort.
While an enactment regarding specific data protection seems an elusive dream. However, in 2023, an attempt to enact the Personal Data Protection Bill 2023 was made, which went in vain due to several reasons. Though the letter of the law was allowing much discretion to law-enforcement agencies, it fostered the perception that individual privacy was insulated from capitalistic encroachment.
In Pakistan, the impugned digital institutions currently operate by characterising the ‘I agree’ prompt as the user’s consent. Even though this characterisation frames data surveillance as consensual data-gathering, it inherently lacks globally accepted standards of consent. The global standards require consent to be freely given and informed. Given the power imbalance between an ordinary user and a structured corporate entity, consent is not freely given, as it becomes a precondition for access, effectively turning it into a form of data extraction.
In addition, consent may be deemed informed if the user is aware of the processes of accumulation, processing, and deployment of data. Unfortunately, these phenomena are far more complex to be understood by an ordinary user due to the following reasons: one, the knowledge required to understand mechanisms that govern them is technical, allowing only an expert to be aware of what really lies beneath the fancy words appearing in the ‘I agree’ prompt. Two, since the agreement appears as a lengthy terms and services agreement, it is difficult for the user to read it. Taken together, the agreement containing consent appears as convenience-induced forced consent.
In the midst of all this uncertainty, one thing is certain: the status quo vis-à-vis the protection of privacy is nothing short of a circus: the law stays ambivalent; digital platforms disguise surveillance as efficiency and so-called consent as transparency, and the user pretends to be informed. While this circus seems fascinating, it opens up a Pandora’s box that debunks the reality of the protection of privacy in this age of technological advancement.
If you want to submit your articles and/or research papers, please visit the Submissions page.
To stay updated with the latest jobs, CSS news, internships, scholarships, and current affairs articles, join our Community Forum!
The views and opinions expressed in this article/paper are the author’s own and do not necessarily reflect the editorial position of Paradigm Shift.
Haris Ikram is a lawyer. He writes on international relations, foreign policy, global political economy, and comparative law.
