The Asia Internet Coalition (AIC), a regional ICT policy group, has raised concerns about the government’s data localisation plans, stating they could have negative economic impacts.
This was highlighted in AIC’s report, “Data Localisation in Pakistan,” presented at a roundtable on data protection and the digital economy at the Ministry of IT and Telecommunication on Thursday.
The AIC report suggested that the government’s plan to mandate local data centres for IT companies could lower productivity, increase business costs, and lead to significant job losses.
However, the IT ministry’s statement after the meeting, attended by representatives from AIC, Google, and Meta, did not mention the report’s findings. Instead, it focused on discussions about data localisation and recommendations for data hosting and sensitivity.
Minister of State for IT and Telecommunication Shaza Fatima Khawaja emphasised that data regulation and cybersecurity are top priorities for the government, reiterating the commitment to achieving a $25 billion target in IT exports.
The report, authored by Rohan Samarajiva, estimated that data localisation could reduce labour productivity by 4.7% by 2025 if the Personal Data Protection Bill is enacted this year. It also predicted a potential loss of 3.2 million jobs and a GDP reduction of $16.5 billion.
Samarajiva highlighted that local companies would struggle to compete with global cloud service providers like Google and Amazon, given the existing skill gap in data handling and management in Pakistan.
The report also noted that establishing and operating data centres requires significant competence in various tasks, including ensuring security and managing demand surges.
Another major concern raised in the report is the increased vulnerability to cyber threats that data localisation could bring. Concentrating all key public and private data in local centres could make them attractive targets for hackers.
The report referred to past cyber attacks on Pakistan’s public IT infrastructure, including breaches at Nadra and the Federal Board of Revenue (FBR), which compromised the data of millions of citizens.