Data Protection Act: Entire society will be under surveillance
The Data Protection Act will put the entire society under surveillance, said Transparency International Bangladesh.
One of the reasons why the TIB thinks so is because the draft law makes it mandatory for every person or organisation dealing with data to enrol in a "data protection register" where they must state what type of data they are collecting, processing, and why.
Not only is this logistically impractical, but it also makes the general citizens liable, said the TIB at a press conference held at its office yesterday.
Dr Iftekharuzzaman, executive director of TIB, said the draft law mandates storing of sensitive, user-generated and classified data within Bangladesh's geographical boundary, but this will impede freedom of expression and citizens' privacy could be violated. This is because the law gives the government access rights.
"While it may be appropriate to incorporate a registration requirement in the act for certain data controllers... several questions should be considered before doing so. Which entities are required to register? What is the registration requirement and for which data? Are there any exceptions to the registration requirements?" it said.
Furthermore, even though stakeholders have been demanding that an independent commission be formed to oversee the implementation of the law, the bill puts a government-controlled agency in charge, observed the TIB.
"No reference is found in the draft regarding the independence of the data protection agency," it said, adding that along with operational independence, the agency should have in-built provisions to check abuse of authority.
"The government is a user of data so this creates scope for abuse," said Dr Iftekharuzzaman, executive director of TIB, addressing the press conference.
He also pointed out that the data protection agency has "unlimited powers" to access the data of any controller or processor without any judicial oversight.
The agency also has the right to ban anyone from processing data without any judicial process.
The TIB recommended that requests for data access should be published in a monthly transparency report.
Iftekharuzzaman said the draft law mandates storing of sensitive, user-generated and classified data within Bangladesh's geographical boundary, but this will impede freedom of expression and citizens' privacy could be violated. This is because the law gives the government access rights.
In addition, the TIB pointed out that the head of the data protection agency will prepare the standard operating procedures or code of conduct for every organisation or group of organisations.
The act considers these codes of practice as regulations, indicating that they will be treated as the law; non-compliance with the code resembles non-compliance of the law itself," said the TIB.
It said the scope of data protection act should be strictly restricted to personal data only. Extending the scope beyond that will be counterproductive, the TIB said.
Comments