Published: 28 April 2024
The two right-based organizations Article 19 and TIB reviewed the Personal Data Protection Act, 2024 (Draft). The draft act aims to control personal data through surveillance rather than protecting it, an extraction from international best practices.
The review highlighted seven key areas, including a lack of a rights-based approach, vague definitions of 'personal data,' a lack of expertise and resources for the Bangladesh government, and a lack of independent Data Protection Authority. The draft act also includes provisions for unrestricted access to personal data by government agencies, insufficient judicial oversight, and wide-ranging exceptions for activities in the 'public interest'. The review also found that Section 1(2) of the draft act stipulates immediate enforcement upon publication in the gazette notification, which undermines the practical implementation of data protection laws. The review aims to address these issues and ensure the protection of personal data in the country.
The speakers also highlighted the need for the formation of an independent data protection authority, as the PDPA proposes a government-appointed board. They feared that a government-controlled board could be biased and unable to hold the government accountable.
On the other hand, government agencies would be granted authority to utilize personal information under the guise of safeguarding national security and public interest, terming it an exception. Both the organizations said granting government agencies unrestricted access to data servers without judicial oversight poses a risk of potential misuse.
Therefore, Article 19 and TIB are urging the government to reform the draft act through discussions with the relevant stakeholders to protect the freedom of expression and privacy as recognized by our constitution.
