Please note that on our website we use cookies to enhance your experience, and for analytics purposes. To learn more about our cookies, please read our privacy policy. By clicking ‘Allow cookies’, you agree to our use of cookies. By clicking ‘Decline’, you don’t agree to our Privacy Policy.

No translations available

Religious Minorities, Privacy and Data Protection in the Fight Against Covid-19

5 May 2020

By Haroon Baloch, Program Manager at Bytes for All in Pakistan. He can be reached on Twitter at @advertbalcha  

The world is faced with an unprecedented challenge and many argue that every resource we have should be deployed as fast and as fully as possible in order to save lives. Equally, governments are urged to minimize the economic disruption which may cost lives due to poverty and hunger long after the pandemic itself is over.  But members of religious minority communities fear that the apparent “carte blanche” to use all data and every technology in this context may lead to serious problems both now and after the pandemic is over.

The novel coronavirus disease-2019 (Covid-19) is turning out to be an opportunity for many governments and big corporates, telecommunications companies and social media companies such as Google, Facebook, Twitter, etc. to collect copious amounts of personal data, citing the urgent need to fight the pandemic. Both state and non-state actors have joined hands to work collaboratively and benefit from personal data as much as they can.

Authoritarian states aside, established democracies like the United Kingdom have astonishingly also been working to develop tech solutions based on surveillance technologies, similar to what regimes more generally considered autocratic have done recently.

In South Asia, Pakistan, India, Sri Lanka and other countries have also been busy accessing the personal data of smartphone users apparently without their consent but with the help of telecommunications companies.

In Pakistan, the government has been using Cell Site Location Information (CSLI) and Call Details Record (CDR) technologies to access the personal data of citizens from their cell phones and sending out Covid-19 alert messages. An application has also been developed and launched, enabled through geotagging services, to send Covid-19 alerts to citizens who are entering or resident in vicinities with known cases of Covid-19.

Just weeks ago, social media companies were meeting with the authorities to protest at a sweeping new law aiming to control their activities in Pakistan, give authorities access to their data and fine companies that did not comply. We understood that companies were threatening to withdraw from Pakistan as they said that they could not function under the new legislation.

I was so worried about these problematic new regulations approved by the Cabinet  that I petitioned the Islamabad High Court to disallow the measure as I felt that it would have such a severe impact on the right to privacy and freedom of speech for all citizens of Pakistan, but in particular for the most vulnerable groups, including those of minority faiths, minority sects of Islam and those of no faith. That case is still pending.

Just a few weeks later, and the virus has turned every facet of life upside down including the relationships between social media and communications companies and the authorities.

Telecommunications and social media companies have worked hand-in-hand with governments in this challenging time to convert the pandemic into opportunities to further target the public with advertising. While governments, aside from Covid-19, have also been interested in collecting citizens’ data to use it for their national security related interests.

The entire stream of massive data collection by governments with the help of telecommunications companies and social media giants is a shady exercise – and entails lots of privacy related implications. Aside from the fact that most of the data is being collected without seeking prior informed consent, there are serious concerns about the integrity of data controllers and data processors, data retention,  security protocols employed by the data controller and processor, oversight, and remedial mechanisms.

From the perspective of religious minority communities in Pakistan (i.e. minority sects of Islam, minority religions and atheists), the idea that all their data is to be made available to the state is terrifying. Pakistan has openly discriminatory laws concerning blasphemy and directly discriminates in advertising for low paid workers to be “non-Muslim”. Restrictions on the operations of non-governmental organisations are already very tight.  Multiple serious and violent attacks on minority religious communities are common in Pakistan, and minority communities do not believe that the state’s data processing measures will ensure that their data cannot reach those who may have supported such attacks in the past. Already in a vulnerable position in society, a new dispensation regarding data available to the state post the pandemic might mean that these communities feel the need to retreat further into isolation, trading only amongst their own communities and no longer able to feel part of Pakistan’s society as a whole.

So, whilst the need to use the tools we have to save lives, may be correct, this should not be done without safeguards and limits, and without considering the long-term future implications which may be much harder to roll back than seems immediately apparent at this time of crisis.