The protection of personal data in the modern world is a complicated and contentious issue, especially when there is increasing evidence not just of spyware and surveillance technology accessing our data in the most insidious ways, but of big tech companies collecting and mining user data and potentially having the power to store more personal information of a country’s citizens than their own government. After the 2018 Cambridge Analytica data scandal, there has been a growing debate on how much information is too much, and what governments can do to ensure they are able to protect the personal data of their citizens.
Against this backdrop, it is safe to say that there is a strong logic behind countries playing a more involved role in the protection of data generated within its borders and preserving data sovereignty. However, the best way to go about it is still being debated, and there are still questions of whether this is even realistic—given the nature of big data—and whether it would be ethical for governments to have more control over the personal data of its citizens either.
Now that Bangladesh is drafting a new data protection act, these differing views must be taken into account with the utmost seriousness. According to the minister of post and telecommunication, this law will address three major gaps—it will allow the authorities to take action against social media companies, fulfil the need for a law on data protection, and enable the protection of people’s privacy. Given that Bangladesh is one of the 25 countries in the world with no laws on data privacy and protection (according to the United Nations Conference on Trade and Development’s tracker), experts have recognised the need for legislation in this area.
However, experts and rights activists have also expressed concerns that the new law will focus less on data protection, and instead be used more as a tool of surveillance on social media. In India, we have already seen the authorities use similar data protection laws to infringe on individual rights—for example, by suspending Twitter accounts of journalists, media outlets, and politicians during the country’s farmer protests, and blocking hundreds of pro-farmer tweets that were deemed “controversial” by the government. What safeguards will be in place in Bangladesh to ensure that the same does not occur, especially when the draconian Digital Security Act has already been wielded by the authorities to suppress dissent?
There is definitely a lot of merit in formulating data protection laws, but there is a lot of scope for misinterpretation and misuse as well. Any such laws created in the country must have the ultimate goal of protecting the privacy and data of users from anyone, including state actors. The precedent set so far in this regard is not an encouraging one—according to experts, the existing Data Privacy and Protection Regulation 2019 does not provide enough checks and balances to protect data from state actors. We must remember that personal data of any individual is personal property that cannot be misused by private companies or by the state. Whatever steps Bangladesh takes, our government must guarantee individual rights are not infringed upon, as guaranteed by the Constitution of Bangladesh.