- Total Internet Users: 66.94 million
- Social Media Users: 44.70 million
- Cellular Mobile Connections: 179.9 million
Bangladesh has seen rapid growth in its internet users. From casual users of social media, to email and MFS; the importance and need for internet-based services is increasing at a rapid pace. As an increasing number of people connect to the internet, more and more citizen data is being uploaded into cyberspace. The government has recognized the necessity for a comprehensive law that protects the Bangladeshi citizen’s increasing digital presence.
You can also read: Frontier Ensuring Child Safety Online: Navigating the Digital Frontier
In a strategic move toward safeguarding individual privacy and fortifying data management practices, the cabinet of Bangladesh has given in-principle approval to the draft of the ‘Personal Data Protection Act-2023.’ This groundbreaking legislation not only highlights the government’s commitment to adapting to the challenges of the digital era but also signifies a robust step toward securing personal information in the country.
Significance of Data in the Digital Age
A common thread woven into both the proposed Bangladeshi legislation and the EU’s General Data Protection Regulation (GDPR) is the emphasis on informed consent. In both frameworks, the individual’s explicit permission is paramount for the collection and processing of personal data. This ensures that individuals retain control over their information, a foundational principle aimed at fostering trust in the digital ecosystem.
One more similarity lies in the establishment of specialized boards dedicated to overseeing data protection measures. In Bangladesh, the creation of the Bangladesh Data Protection Board mirrors the role played by the EU’s supervisory authorities under the GDPR. These bodies serve as guardians, ensuring that data controllers and processors adhere to the stipulated regulations and safeguard the rights of data subjects.
Cabinet Secretary Md. Mahbub Hossain, speaking after the cabinet meeting chaired by Prime Minister Sheikh Hasina, emphasized the pivotal role of data in the contemporary landscape. “Data is the biggest resource right now,” he declared, underlining its strategic importance in an age where information has become the most potent tool. Recognizing this, the proposed legislation introduces the establishment of the Bangladesh Data Protection Board, an organization dedicated to ensuring the independence, privacy, and consent of individuals in the management and utilization of their data.
Proactive Approach to Data Management
To streamline the collection and distribution of information, the legislation outlines specific policies that entities must adhere to. Those involved in data collection and processing are required to register with the Bangladesh Data Protection Board, ensuring a systematic and accountable approach to data management. This registration-based system not only enhances transparency but also facilitates a more organized handling of sensitive information.
The draft law sets clear guidelines for the classification and sharing of information. No data can be shared without the explicit permission of the concerned individual or organization. While some information can be utilized with consent, others must strictly adhere to the rules established under the act. The legislation goes a step further by recommending the inclusion of DNA information into biometric data to prevent potential misuse in the future.
Board Structure and Enforcement Mechanisms
The Bangladesh Data Protection Board, to be chaired by a designated chairman and supported by four members, serves as the linchpin of this legislative initiative. If any individual feels that their information has been misused, they have the right to file a complaint with the board. The board, in turn, possesses the authority to investigate and impose financial penalties ranging from Rs 3 lakh to Rs 5 lakh in various cases. Notably, foreign companies can face a maximum fine of five percent of their total sales if found in violation of the data protection regulations.
Lack of AI Content Protection
While the draft law seems to address a lot of prevailing concerns for the digital citizens of Bangladesh; one area that did not see any coverage or mention was AI-related content. The rapid proliferation of AI-generated content, particularly “Deepfakes” has created an entirely new breed of hyperrealistic content that often cannot be differentiated from original content. Deepfakes have been used to create fake speeches of former US president Barak Obama to video content of celebrities. A specific section should be included in the law that addresses these issues in order to prevent the spread of misinformation and disinformation using AI-generated content.
Progressive Leap into Digital Governance
Bangladesh’s proactive approach to data protection underscores its commitment to ensuring the privacy and security of its citizens in the digital age. The ‘Personal Data Protection Act-2023’ stands as a testament to the government’s dedication to adapting to technological advancements while prioritizing the rights and security of its people. As the nation embraces these transformative measures, it not only aligns with global data protection standards but also sets a commendable example for others to follow in the realm of digital governance.
Similarities to EU Data Protection Laws
A closer look at the draft reveals some similarities with the European Union’s robust data protection laws. Both jurisdictions share a fundamental commitment to safeguarding individual privacy in the face of the digital age’s complexities. Similarities were found with the EU’s General Data Protection Regulation (GDPR), while similar in some aspects, the local draft law seems tailored to cater to the Bangladeshi citizenry.
EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a comprehensive data privacy and security framework enacted by the European Union (EU) to safeguard individuals’ personal information. The primary aim of GDPR is to grant individuals greater control over their personal data in the digital age. This regulation, implemented in May 2018, imposes stringent rules on how organizations handle and process personal data, emphasizing transparency and accountability.