THE legislation on personal data protection and the governance of personal data have been mired in problems since the legislation was proposed in 2020. The major issues with the legislation are that whilst the demand is for lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, integrity, confidentiality and accountability, the way the fallen Awami League government proceeded on the issue could invade individual’s privacy and jeopardise civil liberty. Every revision of the draft legislation brought up fears that it could afford the government powers to abuse the law and create the scope for the misuse of personal data. Whilst such laws are necessary to protect citizens’ personal information and to head off any misuse, all that has happened centring on this is feared to be reeking of ill intention. In such a situation, Transparency International Bangladesh on October 11 urged the government to suspend the Personal Data Protection Ordinance and the National Data Governance Ordinance after the council of advisers to the interim government approved the drafts on October 9. It also criticised the hurried approval without adequate expert consultation and stakeholder engagement.
It says that the drafts of the data protection legislation have gone through a prolonged phase of contention between stakeholders and the government. The interim government, which assumed office after the fall of the Awami League regime, initially, however, followed a proactive and inclusive participatory process, which promised several positive changes, but the government, as the organisation says, has ignored stakeholders’ recommendations on critical weaknesses and risks that the drafts contain and criticised the unilateral approval of the drafts without informing the stakeholders. The organisation says that the drafts have excluded the internationally recognised data protection principles, noting that this would render them ineffective ordinances from the very beginning. The provisions in the draft create scope for exemption of data controllers and processors from their duties and responsibilities, which the statement terms ‘a deceptive loophole,’ and allowed broad access to personal data in the name of ‘crime prevention.’ The drafts have afforded the government the authority to use personal data in the name of national security and public interests. The organisation says that unrestricted access of government agencies to data servers without judicial oversight could seriously risk misuse; and, the constitutional commitment to ensuring the privacy of personal information has not been reflected therein. There has also been an objection to the way information misuse has been criminalised, which could negatively impact business and commerce. And, the pieces of legislation have been approved disregarding the long-standing demand for an independent authority for data protection.
The government must, therefore, proceed in consultation with stakeholders outside the government and put the collection of data and their protection subject to the oversight of an independent constitutional authority, supervisory or regulatory, to keep the process off government influence.
