• header_en
  • header_bn

Ambiguity in The Data Protection Act creates a risk of arbitrary misuse, fails to serve its purpose: TIB

Dhaka, 9 May 2022: Due to the ambiguity of the provisions, the lack of proper definitions of the terms along with the absolute power of the 'Digital Security Agency', the Data Protection Act, 2022 (draft) can be as repressive as The Digital Security Act, 2018, said TIB.

In the name of personal data protection, it will hamper the freedom of expression and establish bureaucratic and governmental control over personal information, which will breach people’s privacy. TIB calls such breaches anti-democratic and anti-constitutional. 

TIB made the remarks today during a virtual press conference titled ‘The Data Protection Act, 2022 (Draft): Review and Recommendations’.

While evaluating the law, TIB said the law establishes a 'data protection office' and gives unlimited and unfettered powers to the Director General (DG) of the Digital Security Agency as the regulator of personal information security. DG’s endless power conflicts with the various human rights enshrined in the Constitution of Bangladesh, especially the right to privacy.

TIB has expressed concern that the draft does not include provisions for going to court or seeking legal redress against the Director General's use or abuse of this unlimited power.

On the other hand, the law does not provide any definitions or examples of the term "personal information", which is very commonly included in the laws of almost all countries of the world. There is also ambiguity in defining important terms like data, profiling, filing system etc. If the draft law is passed without including definitions of these words, there will be a chance of serious misuse, opined TIB.

Besides, TIB’s evaluation pointed out that the section 59 of the law empowers a police officer who is not below the rank of an inspector to investigate any crime committed under this Act without taking his/her technical skills and qualifications into account in such a specialised field like the Personal Data Protection.

Speaking at the press conference, TIB Executive Director Dr. Iftekharuzzaman said, “The ambiguity in the draft law has a risk of establishing governmental and particularly bureaucratic ownership and control over personal information in the name of protecting personal information, and severely undermining the constitutional right to freedom of speech, liberty and privacy of personal information. The draft mentions some words and concepts which have no definite explanation and hence there is a risk of misuse of different sections of the law.”

‘The law’s title is also misleading and should be changed to 'Personal Data Protection Act'. Moreover, the preamble to the law is weak. Suppose the preamble could especially include privacy the way it is enshrined in Article 43 (b) of the Constitution. In that case, it could reflect the commitment and spirit of the constitution,” said Dr. Zaman.

Criticising the unbridled power of the Digital Security Agency, Dr. Zaman said, “Given the bitter experience already gained with the Digital Security Act, granting such powers to a digital security agency would undermine the very purpose of the Personal Data Protection Act and make it a black law.”

“We feel that keeping congruence with the similar laws (personal data protection act) of different countries, there is a need to establish an independent, impartial and specialised body which will be operated outside the control of the government and the administration,” added Dr. Zaman.  

“Moreover, the draft law needs to be extensively reviewed and adapted in the light of international experience by involving experts in the relevant fields. Otherwise, Bangladesh will move towards a surveillance-based state system,” Dr. Zaman warned.  

Placing several recommendations, TIB observed that to avoid ambiguity, it would be reasonable to consider the title of the proposed Act as 'Personal Information Protection Act'. Besides, it is necessary to establish an independent and specialised institution taking experience from the developed countries if the said law is implemented. In addition, technical and financial capabilities should be considered before implementing the law. At the same time, the provisions of the law can be incrementally implemented in specific sectors where they process a large amount of personal information. Considering that experience, its scope can be increased in the following stages.

TIB Adviser-Executive Management Professor Dr. Sumaiya Khair, Outreach and Communication Director Sheikh Manjur-E-Alam and Malaya University Lecturer Dr. Muhammad Ershadul Karim, who helped TIB to review the law, were present at the press conference.