Prevention of Electronic Crimes Act 2016 (PK)
The advent of the digital age has created the need for a robust cybercrime legislation to be formulated by nation-states. However, many countries around the world are struggling with drafting comprehensive laws in this regard. Technological developments are outpacing the solutions proposed by state institutions, which aim to address the new challenges arising from the increasing use of digital media. Governments are also struggling to amend existing laws that seek to ensure the regulation of ‘cybersecurity’. In Pakistan, prior to the promulgation of the Prevention of Electronic Crimes Act (‘PECA’) in 2016, the Electronic Transactions Ordinance 2002 (‘ETO’) criminalised unlawful and unauthorised access to information. In the absence of a direct data protection legislation, the ETO provisions theoretically regulated data privacy and protection. It, however, does not regulate data protection directly but criminalises unlawful or unauthorised access to information. It also envisages the establishment of a governmental authority to certify electronic documents and makes regulations for the privacy and protection of its users.
The issues that have currently emerged due to the increasing usage of digital media call for the creation and implementation of a suitable legal framework that strives to protect the ‘digital rights’ of individuals. It must not be forgotten that such laws are ultimately enacted for the protection of citizens. Any draconian provision that curtails the constitutional rights of citizens and bolsters tyrannical governmental power would defeat the spirit and letter of the law.
Despite near universal condemnation from alarmed human rights activists and politicians, the PECA came into effect in August 2016. The enactment of this controversial statute ended a lengthy and fraught battle between the government and the various stakeholders who denounced it as “an incoherent mix of anti-speech, anti-privacy and anti-Internet provisions”. In a country like Pakistan, where there is relatively low digital literacy, an effective law dealing with cybercrimes should have been drafted and enforced, with the requisite acumen and insight to ensure that it remains within the constitutional framework.
This review aims to analyse the PECA by placing it within Pakistan’s constitutional framework and evaluating certain provisions which are most likely to be in violation of fundamental rights granted in the Constitution of the Islamic Republic of Pakistan (‘Constitution’). While there are several provisions in the PECA that are problematic, this review only focuses on a selected few. Firstly, the PECA is analysed in light of the due process provisions in the Constitution. Secondly, the restrictions which the PECA imposes on free speech are analysed. Lastly, the review expounds the concept of the right to privacy in Pakistan and the potential harm that the PECA poses in this regard.