Data Protection Act: New draft includes issues of concern

Representational imageProthom Alo illustration

Although the issue of keeping the data within the country has been a bit relaxed in the new draft of the data protection law proposed by the government, there are still some issues of concern, including the limitless power of the executive, authority of the government in acquiring data and several other issues which contradict human rights and freedom of expression. People have expressed their concern over these issues. 

The Information, Communication and Technology (ICT) division published the new draft of the law on their website on Tuesday. Earlier, in March last year, the ICT division published the draft of the law for the first time on their website for opinions from the stakeholders. Several drafts have been developed since then. Opinions regarding the law have been taken from several organisations from the country and outside, human rights agencies, different high commissions, financial institutions, social media and e-commerce agencies.

Reviewing the new draft, Muhammad Ershadul Karim, senior lecturer of the law and upcoming technologies department at the Universiti Malaya in Malaysia, told Prothom Alo, “There is some hope that the government has considered some changes in the draft. However, the draft is still too restrictive. It is worrisome when a law is too restrictive. Besides, the definition of data must be clearer. In addition to that, there is no mention of the definition and standard of privacy in the draft.”

The definition of data must be clearer. In addition to that, there is no mention of the definition and standard of privacy in the draft
Muhammad Ershadul Karim, senior lecturer, law and upcoming technologies department, Universiti Malaya

The new draft mentions localisation of data, that is keeping the data within the country. However, there is also scope of transferring data in case of international trade, international relations or for any other issues specified by the government. It has also been mentioned that the government will have the authority to join an international alliance or multilateral agency if needed.

One of the demands of the stakeholders was giving them time before the implementation of the law. A three year time period has been given for the implementation of the law in the new draft.

The draft has some concerning sections as well. For instance, according to the new draft of the data protection law, the director general will have the authority to order the people affiliated with data processing and other concerned people to provide him with any data he needs. The data analyst or the controller must abide by the order. It means that the government can get any data whenever it wants.

According to the section 10/A of the draft, the people concerned can collect data from the analysts in case of threat to national security, prevent crimes, identify criminals and for investigation.

The United Nations expressed concern over this provision saying, if this provision stands, then the data stored in the server or in the data centre will always be under government vigilance. There will be pressure on the private companies to leak confidential data. Therefore, this section of the proposed data protection law may weaken the democratic governance in the country.

There were recommendations from different organisations for the formation of an independent data protection agency under the data protection law. The draft states that the government will form a separate agency in this regard. And the government will recruit the manpower needed for that agency.

The new draft further states that the government can ask the director general for reports on any data processed under this law if needed and the director general will be bound to provide that.

Besides, no one can file any complaint to the court directly if his or her right to privacy is breached, according to the provisions mentioned in the new draft.

Five representatives from the civil society met with law minister Anisul Huq regarding the Digital Security Act and the proposed data protection law. However, there was no discussion on the data protection law.

Speaking to the newspersons after the meeting, Iftekharuzzaman, executive director of Transparency International Bangladesh (TIB), said they would review the draft first and would hold a meeting with the law minister in this regard on 6 April.