Published: 20 September 2023
In the age of data, establishing a legal framework for personal data protection is inevitable. The Government of Bangladesh has commendably involved stakeholders in the drafting of the Data Protection Act. However, concerns linger over the ambiguous definitions of legal and natural persons, provisions for arbitrary rule-setting, and the independence of the proposed data protection authority.
During a press conference, Transparency International Bangladesh (TIB) expressed concerns that the draft law leans more towards data regulation rather than personal data protection. Dr. Md. Toriqul Islam, TIB's Data Protection Officer, noted that while some previous TIB recommendations were integrated, others were dismissed by the government.
According to TIB's review of the draft law, a primary concern is the broad definition of "personal data." This definition could encompass a wide range of information, including political views, religious beliefs, and health records. TIB warns that this might enable the government and other powerful entities to collect and use personal data for surveillance and repression. TIB urges the government to provide clear definitions of natural and legal persons, data processors, and authorities to prevent arbitrary law enforcement.
Addressing the issue, Sheikh Manjur-E-Alam, TIB's Director of Outreach and Communication, emphasized that the government needs to decide whether it aims to protect the data of citizens or companies. He added, "The current draft is based on some perplexing ideas that blur the lines between legal and natural persons. Without clarity on data protection concepts, we cannot ascertain who, under what authority, will safeguard whose data under the law."
Another concern is the draft law's inadequate safeguards against government access to personal data. The proposed law grants the government and the data protection authority broad powers to access personal data without requiring a warrant or judicial oversight. This opens the door to potential misuse against political opponents, journalists, and civil society activists. Sheikh Manjur-E-Alam pointed out that granting ultimate authority to the government and the data protection board creates provisions for arbitrary regulation and conflicts of interest. TIB suggests that making the proposed data authority independent from government control could eliminate such conflicts and ensure it protects the data of all citizens.
TIB also raised concerns about the draft law's lack of transparency and accountability. The law does not mandate the government to disclose how it collects or uses personal data, nor does it establish a clear mechanism for holding the government accountable for data breaches or privacy violations.
Dr. Iftekharuzzaman, TIB's Executive Director, stated during the press conference, "If the law passes without necessary amendments, it will emphasize data regulation over personal data protection. To ensure accountability and prevent misuse of personal data, the proposed data protection board must operate independently from the government. We urge the government to carefully and inclusively legislate the law by maintaining continuous discussions with stakeholders to avoid any missteps."
TIB calls on the government to revise the draft Data Protection Act to address these concerns. This legislation is pivotal and will significantly impact the lives of Bangladesh's citizens. It is crucial to meticulously review the draft law and address potential concerns.
To see TIB’s full review and presentation, click here.
