On 12th February 2020, Prime Minister Imran Khan’s federal cabinet approved the Citizens Protection (Against Online Harm) Rules 2020. Unlike the Prevention of Electronic Crimes Act of 2016 (PECA-2016), which was distributed among parliamentarians for scrutiny, these new Rules have been directly enforced, raising a number of pertinent issues.
The draft document itself took everyone by surprise. The PTI government has been hinting at controlling the media and establishing ‘media courts’ since last year, generating concerns among digital rights organisations. Just recently, the Pakistan Electronic Media Regulatory Authority (PEMRA) was seen refuting reports that it intends to regulate Web TV and Over-The-Top (OTT) content services, which is clearly outside its functional mandate. Much hue and cry was raised since state control of online content was perceived as a threat to independent content creation.
Although it was drafted in January 2020, a closer inspection of the draft Rules document reveals it was last modified (amended) by Head of the Legal Cell at Ministry of IT & Telecom (MoITT) on the 10th of February.
Per the MoITT’s organisation structure, the Legal Cell is led by Director (Legal) who further reports to Member (Legal). In December 2019, the MoITT published a job advertisement to fill the slot of Member (Legal) which remained vacant till the time of publishing this article. These conspicuous loopholes substantiate concerns that the document was drafted in haste and may have overlooked critical aspects.
Broadly, the new Rules make it evident that the State of Pakistan believes in the concept of cyber sovereignty, placing strong emphasis on the management of information flows within its defined national territories (‘data localisation’). Social media platforms and OTT service providers are bound to register themselves in Pakistan, appoint a Country Representative and setup a physical office in Islamabad. A new designation of ‘National Coordinator’ would be empowered to coordinate with federal and provincial authorities and liaise with representatives of registered companies.
Some of the provisions in the Rules go beyond the scope of existing laws which it claims to complement, such as the 1996 Pakistan Telecommunication (Reorganisation) Act and PECA-2016. One of the prominent anomalies is that while the new Rules have a provision pertaining to dissemination of fake news/disinformation, these phenomena are not covered anywhere in PECA-2016.
Social media networks and OTT service providers will have to accord primary preference to Pakistan’s national laws when they assess complaints related to ‘unlawful’ content; this is why Facebook’s Community Standards and Twitter’s Rules have been discreetly downplayed in the Rules. It is clearly mentioned that the State of Pakistan’s ‘sensitivities’ related to religion, culture, ethnicity, and national security should be ‘respected’ by these companies. Unfortunately, these aspects are undefined, leaving them open to broad interpretation by complainants as well as the Office of the National Coordinator.
Governments in the UK and India have been deliberating on a framework to restrict ‘harmful content’ for some time. Just recently, a Russian court slapped fines worth $63,000 each upon Facebook and Twitter for refusing to comply with data localisation requirements. Pakistan is a rather late and odd entry into this field with a low Internet penetration rate (roughly 35% of the total population as of 2019) and institutions with weak governance structures.
Transparency issues further compound problems for the Government of Pakistan. The Asia Internet Coalition (AIC) which handles Internet policy issues in the Asia Pacific region includes notable bigwigs like Facebook, Google, and Twitter. In January 2019, AIC expressed concerns about India’s attempts to pass the IT Intermediary Guidelines (Amendment) Rules 2018, citing privacy concerns and freedom of expression. Its statement on Pakistan’s new Rules echoes similar sentiments but further includes concerns about the ‘personal safety’ of Pakistani Internet users.
Criticism of Citizens Protection (Against Online Harm) Rules 2020 will grow stronger in the coming days not as much for its ultimate objectives but because of certain extremely ambitious provisions, especially the requirement to setup data servers on Pakistani soil.
The following is a summary of locations where some of the largest social media platforms/OTT service providers have established their data centres:
- Google: US, Chile, Ireland, Belgium, The Netherlands, Denmark, Finland, Singapore, and Taiwan.
- Facebook: US, Ireland, Sweden, and Singapore (upcoming).
- Twitter: US (details of international locations unknown).
- LinkedIn: US and Singapore.
- Threema: Switzerland.
- Viber: US or Japan (since the company was purchased by Rakuten Inc).
- Snapchat: Using Google Cloud, could be hosted on any of Google’s servers worldwide.
- WeChat: China (Mainland/Hong Kong SAR) and Canada.
- LINE App: Main servers located in Japan (further locations not known).
- Telegram: UAE (as per latest information).
It is worth noting that despite having one of the world’s largest IT export industry and tech base, no prominent social media network or OTT provider has ever agreed to setup data servers on Indian soil. Prime Minister Narendra Modi’s ambitious ‘Digital India’ drive encouraged ICT giants to invest billions into the country’s domestic tech talent.”
Social media and OTT platforms will most likely refuse compliance with the Government of Pakistan’s Rules and face the music (complete access denial). A massive political, social and industry-wide upheaval against the Rules will follow. Whatever good intentions it may have, it was ill-advised for the federal government to draft the Rules by wilfully ignoring industry bodies, let alone the parliament. In the process, it has isolated itself further and buried the ‘Digital Pakistan’ programme before it could even take off.
The onus is upon the federal government to conduct credible national surveys and engage in multi-stakeholder consultations so that a proper consensus can be reached on what constitutes ‘online harm.’
It is always prudent to act upon collective wisdom.