Public Perceptions of Privacy, Data Protection, and Cybercrime Vulnerability in Pakistan: An Empirical Inquiry
Author: Uzair Junaid
Abstract
Rapid digitization has expanded the attack surface through which personal information can be harvested, traded, and misused. Because most consumer devices and platforms are not designed with privacy safeguards built in, and because users routinely accept terms of service without reading them, commercial intermediaries and criminal networks alike gain access to troves of personal data. This study examines how Pakistani internet users understand and respond to questions of privacy, data protection, and cybercrime, drawing on two original surveys: a 2019 pilot among educated residents of Islamabad and a larger national survey carried out in 2023. The findings show that awareness of data protection terminology and legal frameworks remains shallow even among literate respondents, although familiarity with specific protective tools such as two-factor authentication is comparatively high. Roughly one in three respondents reported having been victimized by some form of cybercrime, a proportion likely to understate the true scale of the problem once Pakistan’s large unschooled population is taken into account. The paper situates these findings within the broader scholarship on data localization, surveillance, and digital governance, and argues that the absence of a functioning data protection statute leaves Pakistani citizens with few institutional remedies when their information is compromised.
Keywords
Cybercrime victimization, Digital literacy, Internet governance, Personal Data Protection Bill, Data breach, South Asia, Information privacy, Cybersecurity awareness
References
Ali, J. (2023, June 26). Data protection law in Pakistan: Policy recommendations by DRF. Digital
Rights Foundation. https://digitalrightsfoundation.pk/data-protection-law-in-pakistan-policyrecommendations-by-drf/
Amin, T. (2023, June 24). Personal data protection bill finalised. Brecorder.
https://www.brecorder.com/news/40243443
Arab News PK. (2023, June 27). Businesses in Pakistan bear the brunt of mobile internet suspension
amid protests. Arab News. https://arab.news/vyjc4
Ashraf, A., König, C. J., Javed, M., & Mustafa, M. (2023). ” Stalking is immoral but not illegal”:
Understanding Security, Cyber Crimes and Threats in Pakistan. In the Nineteenth Symposium
on Usable Privacy and Security (SOUPS 2023) (pp. 37-56).
Association for Progressive Communications. (2023). Data protection in Pakistan.
https://www.apc.org/sites/default/files/Data_Protection_in_Pakistan.pdf
Atlas VPN. (2021). VPN usage by country 2023. https://atlasvpn.com/vpn-adoption-index
Baig, A. (2021). Privacy in the digital age. The News on Sunday.
https://www.thenews.com.pk/tns/detail/568763-privacy-digital-age
Cadwalladr, C., & Graham-Harrison, E. (2018, March 17). Revealed: 50 million Facebook profiles
harvested for Cambridge Analytica in major data breach. The Guardian.
http://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influenceus-election
Centre for Internet and Society. (2019). The localisation gambit: Unpacking policy measures for
sovereign control of data in India. https://cis-india.org/internet-governance/resources/thelocalisation-gambit.pdf
Chander, A., & Lê, U. P. (2015). Data nationalism. Emory Law Journal, 64(3).
Cory, N. (2017). Cross-border data flows: Where are the barriers, and what do they cost?.
Information Technology and Innovation Foundation. https://www2.itif.org/2017-crossborder-data-flows.pdf
Erie, M. S., & Streinz, T. (2021). The Beijing effect: China’s “Digital Silk Road” as transnational
data governance. New York University Journal of International Law and Politics, 54(1), 1–
58. https://ssrn.com/abstract=3810256
Fareedi, T. (2017, June 26). Cybercriminal network expanding fast. The Express Tribune.
https://tribune.com.pk/story/2085145/cybercriminal-network-expanding-fast
Federal Aviation Administration. (2010). FAA FG Cert 2010 exhibit F: Foreign power list.
https://s3.documentcloud.org/documents/1211015/faa-fg-cert-2010-a-exhibit-f-foreignpower-list.pdf
Federal Bureau of Investigation. (2019). 2018 Internet Crime Report. Internet Crime Complaint
Center. https://www.fbi.gov/news/stories/ic3-releases-2018-internet-crime-report-042219
Feng, Y. (2019). The future of China’s personal data protection law: challenges and prospects. Asia
Pacific Law Review, 27(1), 62-82.
Government of Pakistan, Finance Division. (2023). Pakistan Economic Survey 2021–22.
https://www.finance.gov.pk/survey_2022.html
Greenwald, G. (2015, June 22). Spies hacked computers thanks to sweeping, secret warrants. The
Intercept. https://theintercept.com/2015/06/22/gchq-reverse-engineering-warrants/
GSMA. (2018). Regional privacy frameworks and cross-border data flows: How ASEAN and APEC
can protect data and drive innovation. https://www.gsma.com/publicpolicy/wpcontent/uploads/2018/09/GSMA-Regional-Privacy-Frameworks-and-Cross-Border-DataFlows_Full-Report_Sept-2018.pdf
Hayat, M. A. (2007). Privacy and Islam: From the Quran to data protection in Pakistan. Information
& Communications Technology Law, 16(2), 137-148.
Hong, Y. (2019, June 10). Construction of the framework for security review of the cross-border data
flow under the Cyber Security Law in the balance of security and development. SSRN.
https://doi.org/10.2139/ssrn.3401610
International Telecommunication Union. (2021). Global Cybersecurity Index 2020.
https://www.itu.int/epublications/publication/D-STR-GCI.01-2021-HTM-E
Javed, Y., Salehin, K. M., & Shehab, M. (2020). A study of South Asian websites on privacy
compliance. IEEE Access, 8, 156067-156083.
Khilji, U. (2018). Data protection law. DAWN. https://www.dawn.com/news/1455963
Lawler, R. (2021, October 5). Google is about to turn on two-factor authentication by default for
millions of users. The Verge. https://www.theverge.com/2021/10/5/22710421/googlesecurity-2fa-inactive-account-management
Mahmood, Z. (2018). Why Pakistan needs a cyber army? Global Village Space.
https://www.globalvillagespace.com/why-pakistan-needs-a-cyber-army/
Mattoo, A., & Meltzer, J. P. (2018). International data flows and privacy: The conflict and its
resolution. Journal of International Economic Law, 21(4), 769-789.
McKinsey & Company. (2023). The US economy: An agenda for inclusive growth. McKinsey Global
Institute.
Media Matters for Democracy. (2021). Protecting the data: A comparative analysis of Pakistan’s
Personal Data Protection Bill, 2020. https://mediamatters.pk/wpcontent/uploads/2021/02/Comparative-Analysis-of-Personal-Data-Protection-Bill-2020.pdf
Nawaz, Q. (2021). No more delays: Need for data protection regulations in Pakistan. Hilal.
https://www.hilal.gov.pk/eng-article/detail/MjA5Mw==.html
Page, C. (2021, December 2). Facebook is making two-factor mandatory for high-risk accounts.
TechCrunch. https://techcrunch.com/2021/12/02/facebook-two-factor-mandatory/
Pakistan Telecommunication Authority. (2023). Telecom indicators.
https://www.pta.gov.pk/en/telecom-indicators
Palmer, M. (2006). Data is the new oil. ANA Marketing Maestros.
https://ana.blogs.com/maestros/2006/11/data_is_the_new.html
Panday, J., & Malcolm, J. (2018). The political economy of data localization. Partecipazione e
conflitto, 11(2), 511-527.
Prasad, S. K., & Aravindakshan, S. (2021). Playing catch-up–privacy regimes in South Asia. In The
Right to Privacy Revisited (pp. 83-120). Routledge.
Privacy International. (2023). State of privacy: Pakistan. https://privacyinternational.org/stateprivacy/1008/state-privacy-pakistan
Sanger, D. E. (2019). The perfect weapon: War, sabotage, and fear in the cyber age. Crown.
Sargsyan, T. (2016). Data localization and the role of infrastructure for surveillance, privacy, and
security. International Journal of Communication, 10, 17-17.
Shahid, J. (2023, June 24). Senate panel directs PTA to provide telcos’ income details. DAWN.
https://www.dawn.com/news/1756116
Sharma, U., & Bhandari, A. (2023). How would data localization benefit India? Carnegie India.
https://carnegieindia.org/2021/04/14/how-would-data-localization-benefit-india-pub-84291
Siddiqui, S. (2018). Another bank faces data theft. The Express Tribune.
https://tribune.com.pk/story/2354210/another-bank-faces-data-theft-1
Singh, M. (2022). How billion-dollar caller ID app, Truecaller, knows so much about you. Rest of
World. https://restofworld.org/2022/how-truecaller-built-a-billion-dollar-id-data-empire-inindia/
Sombatpoonsiri, J., & Mahapatra, S. (2021). COVID-19 intensifies digital repression in South and
Southeast Asia. Carnegie Endowment for International Peace.
https://carnegieendowment.org/2021/10/19/covid-19-intensifies-digital-repression-in-southand-southeast-asia-pub-85507
Statista. (2019). Data protection and privacy rule awareness by country.
https://www.statista.com/statistics/1015277/data-protection-and-privacy-rule-awareness-bycountry/
Stevens Institute of Technology. (n.d.). Countries ranked by internet privacy.
https://online.stevens.edu/info/countries-ranked-by-internet-privacy/
Sun, L. (2023). Overview of regulations on cross-border data flow. Academic Journal of Science and
Technology, 8(1), 171-176.
Surfshark. (2023). Data breach monitoring. https://surfshark.com/research/data-breach-monitoring
Teitcher, J. E., Bockting, W. O., Bauermeister, J. A., Hoefer, C. J., Miner, M. H., & Klitzman, R. L.
(2015). Detecting, preventing, and responding to “fraudsters” in internet research: ethics and
tradeoffs. Journal of Law, Medicine & Ethics, 43(1), 116-133.
The Guardian. (2013a, June 8). Boundless Informant: NSA’s secret tool to track global surveillance
data. The Guardian. https://www.theguardian.com/us-news/boundless-informant
The Irish Times. (2018). What Netflix, Spotify, and YouTube know about you.
https://www.irishtimes.com/culture/what-netflix-spotify-and-youtube-know-about-you1.3444260
Top10VPN. (2023). VPN demand statistics: VPN demand surges around the world.
https://www.top10vpn.com/research/vpn-demand-statistics/
United Nations Conference on Trade and Development. (2024). Data protection and privacy
legislation worldwide. https://unctad.org/page/data-protection-and-privacy-legislationworldwide
Vox. (2018). The Facebook and Cambridge Analytica scandal, explained with a simple diagram.
https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-cambridgeanalytica-trump-diagram
Zhang, D. (2018, October). Big data security and privacy protection. In 8th International Conference
on Management and Computer Science (ICMCS 2018) (pp. 275-278). Atlantis Press.
DOI: 10.52279/jlss.08.02.221234 | 221-234 | PDF
Journal of Law and Social Studies (JLSS) is proudly powered by WordPress
