The government, in its new data protection bill, focuses on preventing citizens’ data from abroad, as certain types of data “must physically remain within borders”.
However, stakeholders fear that this will serve to tighten control over domestic and foreign organizations and international companies.
For all the latest news, follow the Daily Star’s Google News channel.
The observations were made during a meeting held at the capital‘s Radisson Blu Water Garden Hotel yesterday, where the government’s Information and Communication Technology (ICT) Division unveiled the latest project.
With this bill, Bangladesh joins the ranks of countries, including India, Russia, China and, to some extent, Spain, Indonesia and Australia, which are already implementing or considering to the implementation of the localization of personal data.
According to the latest draft, the government will set up a data protection office, which will be responsible for the implementation of this law.
This office will have the right to access all forms of data, to order any “data controller” in any organization to “provide all data required by it to perform its duties”, and to physically enter any space or to access any equipment where the data is stored.
The draft also includes a provision stipulating that domestic and foreign organizations must store certain types of data locally.
This means that no data transfer can take place without the consent of the chief executive of the digital security agency.
“We want to secure our citizens’ data,” said Zunaid Ahmed Palak, Minister of State for ICT Division, who chaired the event.
Foreign Minister Masud Bin Momen said, “Data protection is a serious strategic intention. Data sovereignty is at the very center of the debate. And data localization is important. Democratic content moderation is important.
Huma Khan, senior human rights adviser with the Office of the United Nations Resident Coordinator, expressed concern about a provision of the draft.
The provision would allow the government to direct the CEO in charge of this law to act “in the interest of the sovereignty and integrity of Bangladesh, state security, friendly relations with foreign states or of public order”.
She said: “We have seen how such provisions have been abused in the case of the Digital Security Act.”
Representatives from the business sector have expressed concerns about how the provision will affect international business and trade.
Stakeholders from Mastercard and the US Chamber of Commerce said cross-border transfer of financial data is necessary for businesses.
Nihad Kabir, President of the Metropolitan Chamber of Commerce and Industry, said, “We would get lost in the woods about data transfer, data storage, etc.
State Minister Palak said stakeholders had negotiated and debated with the government, but not with big tech companies.
Iftekharuzzaman, executive director of Transparency International Bangladesh, said the government is a user of data and therefore cannot be the enforcer of this law.
“The implementation must be done by an independent authority or a commission created by the government.”
The purpose of the law should be protection, not control, he added.
Justice Minister Anisul Huq said: “All future global developments will require data protection legislation to ensure the privacy, security and protection of individuals and organizations in the new digital world.”
The ICT Division incorporated comments from 17 organizations for this draft and revised 40 articles of the law, including the removal of a provision that previously granted the DG impunity from prosecution.
NM Zeaul Alam, Principal Secretary of the ICT Division, M Shahidul Haque, its Senior Legislative Expert, and Tarique M Barkatullah, Director of the National Data Center were present at the event.