The International Telecommunication Union’s (ITU) ranking of Pakistan as a fourth-generation regulator (G4) is welcome news. But what it really only tells us is that our ICT regulations are led by economic and social considerations, which on its own, is not saying much. Pakistan is ranked 48 out of 93 and is the only South Asian country that has been given the designation of a G4 country – ranked 94, India is a G3 country.

The G4 category should spur policy regulators and institutions related to digital enforcement to take their progress up a notch further. Currently, the Ministry of Information Technology and Telecommunication (MoITT) is seeking recommendations on the Personal Data Protection Bill 2020, which is needed to ensure that data privacy as a right is protected in Pakistan. Their invitation for constructive criticism on the bill is most welcome, but more must be done to actually use the critique that comes in improving this draft.

Data privacy is concerned with protecting private online information, and not allow for regulatory authorities to gain access to the data of private individuals more freely. This law potentially stands to give the Data Protection Authority unfettered powers over online content; protecting the data of citizens does not require for the DPA to have complete access.

Not just this, but this law also reintroduces many of the same old issues that have existed in legislations concerning data and online content in Pakistan. For instance, this draft also expects international technology companies to localise their servers, a demand that is just as impractical now as it was when the Citizen’s Protection Against Online Harm Rules were being drafted.

The G4 status is indicative of our institutions being genuinely interested in making laws that govern the online space. But more work is needed to make these rules more citizen-friendly and geared towards protection instead of control.