Draft data protection ACT: More control feared if data stored locally
The government, in its new draft of the data protection act, focuses on preventing citizen's data from going abroad, as certain types of data "must physically stay within the borders".
Stakeholders, however, worry it will serve to tighten control on domestic and foreign organisations, and international companies.
The observations came at a meeting held yesterday in the capital's Radisson Blu Water Garden Hotel, where the government's Information and Communication Technology (ICT) Division unveiled the latest draft.
With this draft law, Bangladesh joins the ranks of the countries, including India, Russia, China and, to certain extents, Spain, Indonesia and Australia, which are already implementing or mulling the implementation of localisation of personal data.
According to the latest draft, the government will set up a data protection office, which will be in charge of implementing this law.
This office will have the right to access all forms of data, order any "data controller" in any organisation to "provide any data it requires to perform its tasks", and physically enter any space or access any equipment where data is stored.
The draft also includes a provision saying that domestic and foreign organisations have to store certain types of data locally.
This means no data transfer can happen without the consent of the director general of the digital security agency.
"We want to secure our citizens' data," said Zunaid Ahmed Palak, state minister for the ICT Division, who presided over the event.
Foreign Secretary Masud Bin Momen said, "Data protection is of serious strategic intent. Data sovereignty is at the very centre of the debate. And the localisation of data is important. Moderating content democratically is important."
Huma Khan, senior human rights adviser to the United Nations Resident Coordinator Office, raised concerns about a provision in the draft.
The provision would allow the government to direct the DG in charge of this law to take action "in the interest of sovereignty and the integrity of Bangladesh, the security of the State, friendly relations with foreign states or public order".
She said, "We have seen how such provisions were abused in the case of the Digital Security Act."
Representatives from the business sector voiced concerns about how the provision would affect international business and trade.
Speakers from Mastercard and American Chamber of Commerce commented that the cross-border transfer of financial data is necessary for business.
Nihad Kabir, president of the Metropolitan Chamber of Commerce and Industry, said, "We would get lost in the woods about the transfer of data, storage of data, and more."
State Minister Palak said stakeholders have been negotiating and debating with the government, but not with the large tech companies.
Iftekharuzzaman, executive director of Transparency International Bangladesh, said the government is a user of data, and hence, it cannot be the one to implement this law.
"Implementation has to be done by an independent authority or a commission created by the government."
The aim of the law should be protection and not control, he added.
Law Minister Anisul Huq said, "All the future global developments will require a data protection legislation to ensure the privacy, security and protection of individuals and organisations in the new digital world."
The ICT Division incorporated the feedback of 17 organisations for this draft, and has revised 40 sections of the law, including deleting a provision that previously granted the DG impunity from legal prosecution.
NM Zeaul Alam, senior secretary of ICT Division, M Shahidul Haque, its senior legislative expert, and Tarique M Barkatullah, director of the National Data Centre, were present at the event.