IN AN increasingly digital Bangladesh, the urgency of establishing a comprehensive data protection regime cannot be overstated. Every day, millions of citizens share personal data with government agencies, banks, telecommunication companies, healthcare providers, and private online platforms. This information ranges from national identity card details to financial transactions and health records. Without a clear legal framework to regulate how such data is collected, stored, shared, and safeguarded, individuals are left vulnerable to misuse, exploitation, and surveillance.
Bangladesh, with its rapidly digitising economy and ambitious Digital Bangladesh vision, has reached a critical juncture where the protection of personal data is no longer optional but essential. Citizens increasingly rely on digital platforms for education, healthcare, financial transactions, and communication. This exponential growth of digital footprints means that vast quantities of sensitive personal data are being collected, processed, and stored by both public and private actors. Yet, Bangladesh lacks a comprehensive law that safeguards individual rights. The absence of such legislation creates an environment of vulnerability, exposing citizens to surveillance overreach, cybercrime, and unauthorised exploitation of personal information.
Bangladesh’s draft data protection ordinance, which has undergone several revisions, has the potential to shape the country’s digital future. However, concerns remain that instead of empowering citizens, the current drafts risk strengthening state surveillance powers, limiting free expression, and curtailing civic freedoms. In effect, what should be a tool to enhance rights could become an instrument of control.
Ìý
Lessons from international practices
COUNTRIES worldwide have enacted comprehensive data protection regimes to balance innovation with the protection of fundamental rights. The European Union’s General Data Protection Regulation is regarded as the global benchmark, offering citizens strong protections such as the right to consent, the right to be forgotten, and the right to data portability. Inspired by these principles, countries as diverse as South Korea, Kenya, and Brazil have developed their own frameworks, tailoring them to national contexts while ensuring they remain consistent with international human rights law.
For Bangladesh, the lesson is clear: it is possible to adopt legislation that simultaneously promotes digital growth and upholds human rights. India, for example, recently adopted a data protection law, recognising that integration into the global economy requires adherence to such standards. Unless Bangladesh lawmakers embed robust safeguards for privacy, free expression, and access to information, the new law risks diverging from best practice, weakening international confidence, and eroding citizens’ trust in digital governance.
Ìý
Risks of surveillance and overreach
ONE of the most pressing concerns with Bangladesh’s draft Data Protection Ordinance is the sweeping powers it grants to the government to access and control data. Under current drafts, authorities may be able to demand information from companies without adequate judicial oversight, raising fears of unchecked surveillance. Civil society groups warn that such powers could legitimise practices that undermine freedoms of expression and association, particularly in a political environment where journalists, human rights defenders, and activists already face harassment under restrictive laws such as the Digital Security Act.
Citizens must have confidence that their personal data will not be used against them for political or punitive purposes. Without meaningful safeguards, what should be a tool for empowering individuals risks becoming an instrument of state control. The credibility of Bangladesh’s data protection regime will therefore hinge on whether it can protect individuals from arbitrary interference by the state.
Ìý
The economic implications of weak protection
BEYOND human rights, the economic stakes are equally high. In today’s globalised digital economy, data flows underpin trade, investment, and innovation. Multinational companies are increasingly cautious about operating in jurisdictions with inadequate safeguards or where governments exercise disproportionate control over private information.
Bangladesh has ambitions to become a South Asian digital hub, building on its vibrant ICT sector and outsourcing industry. Yet, without internationally recognised safeguards, it risks losing foreign investment, cross-border partnerships, and consumer trust. Weak data protection threatens not only privacy but also the competitiveness of Bangladesh’s digital economy at a critical stage in its growth trajectory. Conversely, a strong rights-based framework would build user confidence, attract responsible investors, and align Bangladesh with global markets.
Ìý
The flaws in the draft bill
WHILE Bangladesh has taken the positive step of drafting a data protection law, major concerns remain. Civil society organisations, rights groups, and digital experts have raised red flags about provisions that prioritise state control over citizen rights. For example, vague definitions of personal and sensitive data leave room for broad interpretation and misuse. More troublingly, the draft allows the government to exempt its own agencies from compliance — effectively placing the state above the law.
Equally concerning is the absence of independent oversight. Instead of empowering a genuinely autonomous data protection authority, the draft risks creating a regulator structurally dependent on the executive, undermining accountability and citizen confidence. These weaknesses could turn the law into a surveillance tool rather than a protection mechanism.
Ìý
Balancing innovation and rights
SOME policymakers argue that too much regulation could stifle innovation in Bangladesh’s fast-growing tech sector. However, this presents a false dichotomy. Strong protections can, in fact, enable innovation by building trust among users, investors, and international partners. Start-ups and digital businesses thrive in environments where people feel safe sharing information. Weak frameworks, on the other hand, discourage investment and restrict access to international markets, where adequacy of protection is often a prerequisite for cross-border data flows.
A balanced approach is both possible and necessary: one that safeguards rights while fostering a secure and enabling environment for business.
Ìý
A human rights perspective
AT ITS core, data protection is not simply a technical or commercial issue; it is fundamentally a human rights issue. The right to privacy is enshrined in international instruments such as the International Covenant on Civil and Political Rights (ICCPR), to which Bangladesh is a party. Protecting personal data is integral to fulfilling this obligation in the digital age.
A rights-based framework would ensure that individuals have control over their personal data: the right to know how it is being used, the right to correct inaccuracies, and the right to demand deletion when necessary. It would also establish clear limits on the powers of both state and private actors, requiring transparency, consent, and accountability at every stage of data processing.
Ìý
Building independent oversight institutions
FOR a data protection regime to be credible, it must be anchored in independent institutions. A regulatory authority with genuine autonomy, adequate resources, and enforcement powers is essential to balance state and corporate interests with those of citizens. This authority must operate free from political interference, with powers to investigate breaches, issue sanctions, and uphold fairness and transparency.
Bangladesh could draw inspiration from models such as the UK’s Information Commissioner’s Office or Kenya’s Data Protection Commissioner, both of which act as impartial guardians of public trust. Without such independent oversight, the law will be toothless at best and repressive at worst.
Ìý
Data and democracy
DATA is not only an economic resource but also a political one. In an era of misinformation, electoral manipulation, and digital authoritarianism, how data is governed directly impacts democracy. In Bangladesh, where civic space is constrained but civil society remains active, the stakes are particularly high.
A rights-based data protection law could serve as a democratic safeguard, protecting citizens from manipulation and ensuring a more open, participatory digital sphere. Conversely, a restrictive law risks accelerating democratic backsliding, entrenching surveillance, and eroding trust in public institutions.
Ìý
Civil society and citizen engagement
CIVIL society organisations, digital rights advocates, and academics have consistently voiced concerns about the draft law. They stress the importance of aligning legislation with international standards, ensuring judicial oversight for surveillance, and embedding protections for freedom of expression.
For the government, genuine consultation with these stakeholders is not simply a procedural formality but a democratic necessity. Laws passed without citizen trust and participation risk being perceived as illegitimate, fuelling scepticism and resistance. Public engagement and awareness are critical to ensuring that data protection is understood not as an abstract concept but as an everyday right affecting healthcare, banking, education, and communication.
Ìý
Charting the way forward
BANGLADESH now stands at a crossroads. It has the opportunity to adopt a forward-looking framework that safeguards rights, boosts competitiveness, and strengthens democracy. To do so, policymakers must reframe the draft with a focus on rights-based principles, international best practices, and robust institutional safeguards.
The road ahead will require political courage: rejecting the temptation of unchecked surveillance in favour of long-term stability and trust, prioritising dialogue over control, and recognising that data governance is ultimately about people, not just technology.
Ìý
A test of commitment to rights
THE debate over Bangladesh’s data protection ordinance is not merely about digital governance but about the broader trajectory of the nation. Will the country embrace a vision of technology that empowers citizens or one that subjugates them? Will it align with human rights norms or isolate itself through restrictive practices?
Bangladesh has long aspired to be a leader in digital innovation. True leadership, however, lies not in surveillance or control but in fostering an environment where rights and freedoms flourish alongside technological progress. A rights-based data protection regime would be the real test of the government’s commitment to its people in the digital age.
Ìý
Musharraf Tansen is a doctoral researcher at the University of Dhaka.
