The Government of Pakistan has recently passed new laws to regulate social media. However, these laws been the subject of much criticism by digital activists and major social media companies. The Asia Internet Coalition (AIC) said, “The Rules would make it extremely difficult for AIC members to make their services available to Pakistani users and businesses,”, which represents companies like Amazon, AirBnb, Apple, Booking.com, Expedia Group, Facebook, Grab, Google, LinkedIn, LINE, Rakuten, Twitter and Yahoo, etc. What are the new rules called? Pakistan’s new social media laws can be found on the Ministry of Information Technology and Telecommunications’ website. These new rules are called the Removal and Blocking of Unlawful Online Content (Procedure, Oversight and Safeguards), Rules 2020. The rules have already been put into implementation. They were made by the Pakistan Telecommunication Authority (PTA), under Sub-section (2) of Section 37 of the Prevention of Electronic Crimes Act, 2016, which deals with “unlawful online content”.
What is meant by unlawful content? Under the new guidelines no social media company or user, internet service provider, information systems owner and owner of a website can display, host, publish, modify, transmit, share, update or upload any content that:
- Is blasphemous, obscene, pornograpic, paedophilic, defamatory or invasive of another’s privacy.
- Affects or violates the religious, ethnic and cultural sensitivities of Pakistan.
- Is harmful to minors in anyway.
- Is the property of someone else, or that the user does not have any rights to.
- Impersonates someone.
- Threatens the security, integrity or defence of Pakistan, or public order, or is the cause of incitement to any offences under this Act.
Despite the wide scope of these rules they are still vague and confusing on some very important points. For instance, the rules state that content which is ‘invasive of another’s privacy’ is unlawful and subject to removal and or punishment, however it does not specify what constitutes as privacy. In the online sphere who has access to what data is the determinant of privacy. But, Pakistan still has no specific definition of what data privacy is or any laws that deal with data privacy alone. Normally, in other parts of the world, data privacy covers information that a person can be identified with, like location data, credit card details, bank account numbers, addresses, physical appearance and names, etc.
How will content be regulated? Social media companies, service providers, website owners and information system owners will have to remove any content if the PTA sends them a notice asking them to do so. Content removal will be subject to the following timeline:
- Ordinarily, removal is to be completed in 24 hours.
- In case of emergency, removal is to be done in 6 hours.
In the event of non-compliance with removal requests the PTA has the power to fine up to Rs. 500 million. Social media company specific content regulation:
- Companies must provide traffic data, content data, subscriber information and any other information data in a readable and encrypted form to the government.
- Companies will establish a data centre in Pakistan, and store data within Pakistan.
This means that the government will have access to all of a user’s data or private chats. For example, Whatsapp messages are encrypted end to end but under the new rules the government would be able to see and read all messages– provided Whatsapp bows to the Pakistani government and follows the new rules. The ability to have access to a wide range of information, that it currently does not, is why the government has asked companies to set up local data centres in Pakistan. These centres store the digital information of a country and if they are located within the territorial boundaries of Pakistan then the laws of the land become applicable to all the stored data.
What rules, specifically, apply to social media companies? Service providers with more than half a million users shall:
- Have to register with the PTA within 9 months of these rules coming into force.
- Appoint a focal person based in Pakistan within 3 months, to coordinate with the PTA to ensure compliance to the rules. And, receive any notices from the PTA/ government on behalf of their company.
- Establish a permanent registered office in Pakistan with a physical address, preferably in Islamabad, within 9 months.
The opening of such offices has already been rejected by major social media companies, back when a draft version of these rules was being talked about. Major companies, through the AIC, have already made it clear that it will be very difficult for them to continue to operate in Pakistan if the government tries to force them to obey these rules and refuses to work with them to come up with “practical, clear rules that protect the benefits of the internet and keep people safe from harm.”. How do the new rules differ from their parent Act? According to digital rights experts and commentators the new rules differ from the Prevention of Electronic Crimes Act, in the following ways:
- The Act requires a warrant from the Federal Investigation Agency (FIA) in order to approach social media companies to get data about a user. The new rules, however, allow for direct complaints or requests for data to the companies.
- The Act has limited intermediary liabilities on social media companies. Meaning it does not implicate the social media companies for the existence of objectionable content on its platform. But these new rules put criminal liability directly on the companies.
- The new rules also have a portion relating to the “intimidation” or any harm to the reputation of federal or provincial government or a public office holder. They designate that as objectionable content, but this contravenes Article 19 (freedom of speech) of the constitution of Pakistan.