Data Protection Act: Prison sentence dropped in new draft, only fine kept
The new draft has a definition of personal data. It states that data through which anyone can be identified is personal data. Financial and business data has been dropped from the definition of sensitive data
In response to objections from various local and foreign organisations and stakeholders, the government has relaxed certain sections in the new draft of the Data Protection Act. Criminal offence has been completely dropped from this law. Imposition of fine has been retained as punishment.
However, the stakeholders feel there is still cause for concern about some of the sections that remain in the draft. They say, there are apprehensions that the Data Protection Board mentioned in the act, will be subservient to the government.
Also, information will be taken from the government and non-government organisations that collect data, in the name of national security and crime prevention. The stakeholders said that access to data should be conditional to court approval.
The new draft of the Data Protection Act was uploaded yesterday, Thursday, on the website of the Information and Communication Technology (ICT) Division. Feedback from the stakeholders was also sought.
State minister for ICT affairs, Zunaid Ahmed, speaking about the Cyber Security Act at a press briefing held at the ICT Bhaban in Agargaon of the capital on Thursday, said that prison sentence has not been kept in the draft Data Protection Act.
Various local and foreign organisations, business institutions and exports had expressed concern about the previous drafts of the Data Protection Act. The US resident coordinator's office on 10 August submitted 10 observations last year to the government.
In Article 33, exemption from the law has been given in the case of collecting data for the purpose of preventing crime. The draft also says that the government will issue a notice about the degree of exemption
Foreign multinational companies were concerned about the restrictions in data storage and transfer. The new draft has made significant concessions in that area. Human rights activists had raised question about government access to data. Certain safeguards have been placed there too. But the scope has not been totally dropped.
The significant change in the new draft of the law is the dropping of prison sentence. It has been said that if a foreign company violates this law, they will be fined 5 per cent of their annual turnover in Bangladesh or 150 per cent of the losses caused by the violation of the rules. Fines have been put in place for local companies too. Anyone can approach the appeal authority against the fine in they deem necessary. The government will form a five-member appeal authority.
About data transfer, the new content says that data can be transferred in the case of trade, international relations or due to contracts.
The earlier draft spoke of constituting a 'Data Protection Agency'. This time, instead, it talks of the 'Bangladesh Data Protection Board'. The government will create this board with a chairman and four members. The board will adhere to the government policies and directives.
The new draft has a definition of personal data. It states that data through which anyone can be identified is personal data. Financial and business data has been dropped from the definition of sensitive data.
the definition of personal data needs to be more detailed and specific. If not, those using data will have limitless power. There will be risk of using the data without understanding which is personal and which is not
Executive director of Transparency International Bangladesh (TIB), Iftekharuzzaman, speaking to Prothom Alo, said that the definition of personal data needs to be more detailed and specific. If not, those using data will have limitless power. There will be risk of using the data without understanding which is personal and which is not.
Iftekharuzzaman sees the dropping of prison sentence on the new draft as positive. He says, the government itself is a data user. The board to be formed should be completely out of government control. If not, there is fear of misuse.
Section 65 of the new draft says that the government can give any directives to the board concerning the sovereignty and integrity of Bangladesh, state security, friendly relations with foreign states or in the interests of public order. The board will be obliged to follow these directives without breaching the other provisions of the law.
Section 10 of the new draft says data can be collected in accordance to the given method from the data creator, for the purpose of protecting national security, and preventing, identifying or investigating any crime.
In Article 33, exemption from the law has been given in the case of collecting data for the purpose of preventing crime. The draft also says that the government will issue a notice about the degree of exemption.
Commenting on this, Iftekharuzzaman said that this can create the scope of misusing data by those who can are granted this this exemption. This is a cause of alarm for the common citizens.
Under the Data Protection Act, the government-formed board can provide written orders to the data custodian or the data processer and they are obliged to obey this. And they are also bound to provide necessary data is ordered.
The draft said that the data which the government declares to be 'classified', must be kept within Bangladesh.
Senior lecturer of the law department at BRAC University, Saimum Reza Talukdar, has told Prothom Alo that if there was a provision for permission from the judiciary in the case of keeping classified data in Bangladesh, the people's rights would have been better protected.
He also said there needs to be further details about the areas where more exemption is to be given. He said that along with a clause for approval from the judiciary, if the area of accountability was expanded further, then the fear of misuse would decrease.