The novel coronavirus, COVID-19 is a highly communicable disease, labelled as a modern-era pandemic and a public health emergency by the World Health Organization. Spreading throughout the world, it has infected millions, and claimed the lives of more than 170,000 people. Countries all over are faced with the unenviable challenge of balancing the health of their citizens — with stay-at-home orders, closure of industries, etc — and the need to ensure that social safety nets to maintain the livelihoods of the poorest demographics.
The outbreak of the novel coronavirus has led to the adoption and implementation of new technologies to achieve public health outcomes. While useful, the mass surveillance and collection of data has resulted in heightened concerns regarding the sanctity of data rights and privacy. Within the ambit of the broader health v. privacy debate, this paper highlights in detail the domestic legal framework in Pakistan that empowers state authorities to protect citizens’ data and further bolster existing mechanisms to ensure the same. By tracing the constitutional rights, to analysing a myriad of federal and provincial laws and case law, the paper charts how the notion of data rights and the right to privacy have been treated in domestic law. The treatment of the same in laws specific to infectious diseases and epidemics is further assessed in light of the COVID-19 crisis to compare the protection of health-related data, along with broader laws on cyber surveillance used to collect key information from citizens. The paper further compares existing global practices enshrined in two legislations: the European Union’s General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA). Finally, the paper concludes with recommendations that can be used to further promote the adherence to data rights, including strengthening existing mechanisms, creating awareness mechanisms and empowering citizens to file for information requests and pursue remedies in cases of breach of data.