The outbreak of the novel coronavirus has led to the adoption and implementation of new technologies to achieve public health outcomes. While useful, the mass surveillance and collection of data has resulted in heightened concerns regarding the sanctity of data rights and privacy. Within the ambit of the broader health v. privacy debate, this paper highlights in detail the domestic legal framework in Pakistan that empowers state authorities to protect citizens’ data and further bolster existing mechanisms to ensure the same. By tracing the constitutional rights, to analysing a myriad of federal and provincial laws and case law, the paper charts how the notion of data rights and the right to privacy have been treated in domestic law. The treatment of the same in laws specific to infectious diseases and epidemics is further assessed in light of the COVID-19 crisis to compare the protection of health-related data, along with broader laws on cyber surveillance used to collect key information from citizens. The paper further compares existing global practices enshrined in two legislations: the European Union’s General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA). Finally, the paper concludes with recommendations that can be used to further promote the adherence to data rights, including strengthening existing mechanisms, creating awareness mechanisms, and empowering citizens to file for information requests and pursue remedies in cases of breach of data.
RSIL is a private sector research and policy institution based in Pakistan whose mission is to conduct research on the intersection between international law and the Pakistani legal context