Speaking to data experts, law teachers and business establishments, Prothom Alo has determined two broad areas of concern. Firstly, in countries where democracy is not strong, the protected data can be used to suppress differing opinions and views. Secondly, strict data protection regulations in the country may harm business and also increase costs.

The question of experts is who will be in control of the data that will be kept at the data centre? If the authorities have access to the protected data, the large IT companies will have to flout client confidentiality and so may not want to provide services in Bangladesh. The business community in Bangladesh feels that such a law will have a negative impact on business and Bangladesh will fall back in global business. According to a report of Research and Policy Integration for Development, if there are restrictions to the flow of data, digital services export from Bangladesh may drop by 29 to 44 per cent.

IT experts feel that data, that is of state importance and that is sensitive, should be protected within the country. But it is clear from the statement of the ICT state minister that there is a glaring lack of competence in this area. He said, if it takes two to three years for a cloud or data centre infrastructure and capacity to be built up in Bangladesh, that time will be given. This seems like putting the cart before the horse. The concern is not just about creating infrastructure or a data centre, but also about having a skilled workforce for the purpose. And in the regard, the question of security cannot be overlooked.

Protection of personal data is a part of the right to privacy, a right recognised by the constitution of Bangladesh. But the draft of the law states that an authority will be created under the Data Protection Act and the government from time to time can issue any directives to the Data Protection director general for various requirements including state security and public order.

Such clauses create the scope for government intervention in the personal information of the citizens. Repressive laws and regulations such as the Digital Security Act, the Mass Media Employees Act, the Press Council (Amendment) Act, a regulation of the Bangladesh Telecommunications Regulatory Commission, and the OTT regulations of the information ministry, have shrunk the space for freedom of speech and freedom of expression in the country.

Before finalising the Data Protection Act, the concern of the stakeholders must be taken into consideration. This law should not be hurriedly finalised in a one-sided manner, but the views of the stakeholders and experts should be given due consideration along with the experience of other countries in this regard.