Data Protection Act: Take views of stakeholders into consideration
The world is going through a digital transformation. Digital practice is now a reality in business, communications, education and all areas of life. New problems, crises and challenges crop up regularly in these transformative times. That is why there is need for a law, outside of the existing laws, that will be compatible with the digital system. Data is the most valuable and the most sensitive resource in the digital world. This is creating concern and conflict over personal and institutional data, how it is being used, whether state authorities or multinationals intervene or whether data is being abused and so on.
The government recently drew up the Data Protection Act and preparations are on to have it passed in the parliament towards the end of this year. Various concerns have arisen about this. The final draft of the law includes issues of protection of sensitive data, data created by users and classified data.
Speaking to data experts, law teachers and business establishments, Prothom Alo has determined two broad areas of concern. Firstly, in countries where democracy is not strong, the protected data can be used to suppress differing opinions and views. Secondly, strict data protection regulations in the country may harm business and also increase costs.
The question of experts is who will be in control of the data that will be kept at the data centre? If the authorities have access to the protected data, the large IT companies will have to flout client confidentiality and so may not want to provide services in Bangladesh. The business community in Bangladesh feels that such a law will have a negative impact on business and Bangladesh will fall back in global business. According to a report of Research and Policy Integration for Development, if there are restrictions to the flow of data, digital services export from Bangladesh may drop by 29 to 44 per cent.
IT experts feel that data, that is of state importance and that is sensitive, should be protected within the country. But it is clear from the statement of the ICT state minister that there is a glaring lack of competence in this area. He said, if it takes two to three years for a cloud or data centre infrastructure and capacity to be built up in Bangladesh, that time will be given. This seems like putting the cart before the horse. The concern is not just about creating infrastructure or a data centre, but also about having a skilled workforce for the purpose. And in the regard, the question of security cannot be overlooked.
Protection of personal data is a part of the right to privacy, a right recognised by the constitution of Bangladesh. But the draft of the law states that an authority will be created under the Data Protection Act and the government from time to time can issue any directives to the Data Protection director general for various requirements including state security and public order.
Such clauses create the scope for government intervention in the personal information of the citizens. Repressive laws and regulations such as the Digital Security Act, the Mass Media Employees Act, the Press Council (Amendment) Act, a regulation of the Bangladesh Telecommunications Regulatory Commission, and the OTT regulations of the information ministry, have shrunk the space for freedom of speech and freedom of expression in the country.
Before finalising the Data Protection Act, the concern of the stakeholders must be taken into consideration. This law should not be hurriedly finalised in a one-sided manner, but the views of the stakeholders and experts should be given due consideration along with the experience of other countries in this regard.