Scribd
Upload
41 views8 pages

PECA

The Prevention of Electronic Crimes Act (PECA) 2016 in Pakistan aims to address various cybercrimes while empowering the Federal Investigation Agency (FIA) to enforce these laws. Key provisions include penalties for online defamation, unauthorized data use, and broad powers for content regulation and data seizure, raising concerns about individual rights and privacy. While citizens retain constitutional rights, the act lacks comprehensive data protection measures, leaving users with limited control over their personal information.

Uploaded by

NasrumMinallah Manzoor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Topics covered

  • NCCIA,
  • digital identity,
  • enforcement agencies,
  • data misuse,
  • social media regulation,
  • personal data rights,
  • PECA 2016,
  • identity theft,
  • constitutional safeguards,
  • electronic fraud
41 views8 pages

PECA

The Prevention of Electronic Crimes Act (PECA) 2016 in Pakistan aims to address various cybercrimes while empowering the Federal Investigation Agency (FIA) to enforce these laws. Key provisions include penalties for online defamation, unauthorized data use, and broad powers for content regulation and data seizure, raising concerns about individual rights and privacy. While citizens retain constitutional rights, the act lacks comprehensive data protection measures, leaving users with limited control over their personal information.

Uploaded by

NasrumMinallah Manzoor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Topics covered

  • NCCIA,
  • digital identity,
  • enforcement agencies,
  • data misuse,
  • social media regulation,
  • personal data rights,
  • PECA 2016,
  • identity theft,
  • constitutional safeguards,
  • electronic fraud

PAKISTAN’S PREVENTION OF ELECTRONIC CRIMES ACT (PECA) 2016 –

INDIVIDUAL RIGHTS & PRIVACY

A brief overview of the act and how it effects an average Pakistani


Background & Objectives

 Legislative intent: The law was touted as a comprehensive cybercrime


framework – tackling hacking, online fraud, cyberstalking, child pornography,
hate speech and attacks on critical infrastructure.

 Counter‑terrorism origins: Enacted on 19 August 2016 under Nawaz


Sharif’s government, PECA was introduced as part of Pakistan’s National
Action Plan after the 2014 Army Public School (APS) Peshawar massacre.

 Enforcement mandate: PECA empowered the Federal Investigation Agency


(FIA) and other agencies to investigate “electronic crimes” across Pakistan. In
practice, the FIA’s Cyber Crime Wing (through its National Response Centre for
Cyber Crime, NR3C) became the designated enforcement body.
Key Provisions Affecting Digital Rights &
Privacy

■ Wide range of offenses: PECA’s chapters define dozens of cybercrimes.


These include unauthorized access to data/systems (hacking), identity theft
(unauthorized use of personal identity information), electronic fraud,
cyberbullying, cyberterrorism, and dissemination of pornography or false
information. Penalties vary (e.g. up to 3 years for online defamation, 7 years
for hate speech or cyberterrorism, life for large‑scale terrorism).
■ Data and identity protection: PECA criminalizes unauthorized use of
another person’s identifying information (digital identity). Under Section
16(1), obtaining, selling or using someone’s ID info without consent is
punishable by up to 3 years’ jail and large. Section 16(2) specifically
authorizes the FIA and the Pakistan Telecommunication Authority (PTA) to act
against data breaches and identity crimes. These provisions aim to protect
personal data against unauthorized exploitation.
Key Provisions Affecting Digital Rights &
Privacy

■ Online defamation: This controversial provision makes it a crime to


“intentionally and publicly” transmit any information known to be false that
“intimidates or harms the reputation or privacy” of a natural person.
Convictions carry up to 3 years. In practice, Section 20 has been used to
target journalists and critics by alleging “harm to reputation”.
■ Interception and seizure: PECA allows warrantless data seizure in certain
cases. For instance, under Section 31, law enforcement officers may require a
person to hand over data without prior court permission if it is “reasonably
required” for an investigation – provided a court is notified within 24 hours.
Critics argue this is akin to allowing searches without a warrant. Section 32
requires Internet Service Providers to retain user traffic data for one year and
hand it over upon official requests – a blanket retention period much longer than
most international norms, raising mass‑surveillance concerns.
Key Provisions Affecting Digital Rights &
Privacy

■ Content regulation: The PTA is empowered to block or remove


“prohibited” online content without a court order. Section 37 allows PTA to
unilaterally decide that certain websites or services must be blocked to
protect public order, morality or sovereignty. Appeals against such blocks lie
with the Lahore High Court, but the initial power is broad. Overall, these rules
mean the government can censor web content in real time – a power human
rights groups say is subject to abuse.
■ Service‑provider obligations: Amendments have mandated that social
media platforms register with Pakistani authorities and appoint local officers
to handle government takedown requests. Under the 2025 amendments,
platforms must respond to “illegal content” removal orders or face ban. These
provisions tie global tech firms to local regulation but also underscore that
platforms must comply with state directives or risk being blocked.
Law Enforcement & Investigation Agencies

■ Federal Investigation Agency (FIA): PECA names the FIA’s Cyber Crime Wing as the lead
agency. Authorized FIA officers (per PECA Investigation Rules 2018) have powers to investigate
offenses (search and seizure, seize electronics, trace IP addresses, etc.). Citizens lodge cybercrime
complaints with the FIA’s NR3C, which files FIRs under PECA sections. Over time, the FIA has used
PECA to pursue a wide range of cases – from traditional hackers to political critics on social media.
■ Pakistan Telecommunication Authority (PTA): PTA is the telecom regulator empowered by
PECA to enforce content restrictions. It can order ISPs to block content or throttle services under
Sections 37–39. In practice, PTA often executes government orders to shut down websites,
messaging apps (e.g. WhatsApp call bans), and social media content. Under PECA, PTA also liaises
with police and intelligence on data requests, though it lacks judicial oversight over initial blocks.
■ Other agencies (post‑2025 amendment): The 2025 law creates new bodies – the Social Media
Protection & Regulatory Authority (SMPRA), the Social Media Protection Tribunal, and the National
Cyber Crime Investigation Agency (NCCIA). These entities will coordinate social media oversight
(e.g. SMPRA can order immediate takedown of “unlawful” online content and force registration of
platforms and handle appeals. Media reports note these bodies are government‑appointed and
bring online media firmly under state control.
Users’ Rights & Protections

■ Constitutional safeguards: Pakistani citizens retain constitutional rights even under


PECA prosecutions. Article 14(1) guarantees privacy of the home, and Article 10-A
ensures a fair trial. In Benazir Bhutto v. President (1988) the Supreme Court interpreted
Article 14 as protecting personal dignity and privacy “regardless of the location”. These
precedents imply that invasive PECA powers (e.g. searches without warrants) must still
meet constitutional reasonableness. Courts have, for example, struck down
anti‑terrorism search powers for violating privacy, a principle now relevant to PECA’s
similar provisions.
■ Due process: All criminal charges under PECA are subject to normal legal procedures.
Accused individuals have the right to legal counsel, to challenge evidence, and (for
bailable offenses) to bail. Section 54 of PECA provides a specific appeal right (e.g.
against PTA blocking orders) to the Lahore High Court. Notably, the Supreme Court held
in 2024 that PECA cannot be applied retroactively: acts done before PECA’s enactment
cannot be prosecuted under it. This protects citizens from ex post facto punishment.
Users’ Rights & Protections

■ Data protection: While PECA penalizes misuse of personal data (e.g. Section 16), it does not
grant affirmative data‑protection rights to users. Legal analysts note PECA lacks any framework
for data privacy rights – no right to access one’s data, no consent requirement, no data deletion
right. Unlike a modern data protection law, PECA is reactive and punitive. In effect, users have
no statutory control over how their data is collected or shared; instead the state can compel
data retention and disclosure (Section 32, 42) while ordinary citizens have no similar privileges.

■ Recourse against misuse: A user who feels PECA was applied improperly can petition the
courts. In several cases journalists have challenged FIA action as unlawful (see Rana Arshad
below). In 2022 the Islamabad High Court struck down parts of Section 20 (defamation) as
unconstitutional. The Supreme Court is currently reviewing Section 20’s validity. Thus, judicial
review acts as a check: courts can nullify overbroad provisions or punish wrongful enforcement.
However, rights groups warn that vague wording often lets authorities bypass due process, and
they urge stronger safeguards (clear laws, warrants, oversight)

You might also like