Several rights organizations have said digital laws in Bangladesh must be transparent and protect free expression.
Access Now, ARTICLE 19, Human Rights Watch, PEN International, Robert F Kennedy Human Rights and Tech Global Institute issued their statement on Tuesday, saying Bangladesh is undergoing a significant transitional phase, marked by wide-ranging systemic and structural transformations, including legislative reforms to cybersecurity and data protection statutes.
"Acknowledging the interim government of Bangladesh’s timely and necessary efforts to reform digital governance policies and regulatory frameworks, we, the undersigned organizations, remain concerned that these initiatives are being fast-tracked without sufficient transparency or inclusive consultation, echoing legislative approaches of previous administrations.
"In particular, drafts of the Cyber Protection Ordinance, 2025 (CPO) and the Personal Data Protection Ordinance, 2025 (PDPO) fail to address the broader systemic challenges in cyberspace governance in alignment with fundamental rights under Bangladesh’s constitutional framework and the international human rights framework.
"Instead, these proposed ordinances rely on undefined, ambiguous and/or overbroad terms and provisions, creating significant risks of misinterpretation, overreach and abuse—particularly to suppress human rights and media organizations."
They added: "Given the cross-border nature of digital services, markets and communities, the current drafts also raise serious concerns about adherence to the principles of comity of law and conflict of laws. With the parliamentary process and its institutional safeguards currently suspended, concerns over transparency, public accountability and adherence to human rights are even more pressing."
Lack of transparency
The organizations continued: "We note with concern that the Interim Government of Bangladesh is considering certain proposed reforms—specifically the introduction of the CPO and the PDPO—without sufficient and inclusive stakeholder engagement, a robust feedback loop, or an evidence-based legislative process grounded in expert analysis and global best practices.
"For instance, various versions of the draft CPO mirror the widely criticized Digital Security Act, 2018 (DSA) and the Cyber Security Act, 2023 (CSA) introduced by the previous regime. Despite the draft CPO being made available for public consultation for three days in December 2024 and—after concerns over insufficient time for meaningful stakeholder engagement—again for two weeks starting January 22, 2025, the consultation process failed to provide clear justifications for changes between drafts or explanations of the outcome of the earlier consultations.
"Furthermore, the proposed amendment to the Bangladesh Telecommunication Regulation Act, 2001 (BTRA)—which enables surveillance, interception, and internet shutdowns on broad grounds—remains unavailable to the public for consultation.
"As a result, civil society organizations, legal and constitutional experts, affected communities, industry representatives, technologists, academics and other relevant stakeholders are unable to review these proposed ordinances or conduct human rights and economic impact assessments in a timely, informed, and effective manner."
Ambitious and overbroad provisions threaten fundamental rights
They added: "Current drafts rely on undefined, ambiguous and/or overbroad terms and provisions, which—without adequate procedural safeguards—pose significant risks of misinterpretation, overreach and abuse, particularly against marginalized communities, political dissidents, journalists, rights activists and civil society organizations.
"For instance, offences such as possession of an 'obscene video' and 'sexual harassment', which carry a maximum sentence of three years’ imprisonment, remain undefined in the CPO. Meanwhile, cyber terrorism is defined in overly expansive and vague terms, encompassing actions such as accessing or obstructing digital systems or infrastructure in ways that threaten national integrity, security or sovereignty; instill public fear; are prejudicial to foreign relations; or benefit a foreign state or person, with penalties of up to 10 years’ imprisonment.
"Similarly, the term 'classified personal data,' which is subject to cross-border transfer restrictions, remains undefined in the PDPO. Established constitutional doctrines require that laws affecting individual liberty and economic activities be reasonably certain and predictable, ensuring that statutory mandates are exercised within predefined limits in a fair, reasonable, non-discriminatory and non-arbitrary manner, so that individuals have a clear legal standard against which they can assess their actions.
"Specifically, the Siracusa Principles on the Limitation and Derogation of Rights affirm that laws encroaching upon human rights must be clear and accessible, while General Comment No 34 states that laws 'must be formulated with sufficient precision to enable an individual to regulate his or her conduct accordingly … [and] may not confer unfettered discretion for the restriction of freedom of expression on those charged with its execution'. Similarly, General Comment No 35 confirms that non-arbitrariness includes elements of reasonableness, predictability, necessity, and proportionality.
"As such, we are concerned that these provisions risk violating protections under Articles 9(4) and 19(2) and (3) of the International Covenant on Civil and Political Rights (ICCPR), Articles 19 and 29(2) of the Universal Declaration of Human Rights (UDHR), and Articles 26, 27, 31, and 39(2) of Bangladesh's Constitution, which collectively uphold fundamental rights such as freedom of expression, privacy, due process and protection against arbitrary restrictions."
Privacy and human rights
The rights organizations said: "Current drafts contain multiple provisions that—coupled with unchecked surveillance, interception and data disclosure authority conferred under the Bangladesh Telecommunication Regulatory Act (BTRA) and licensing frameworks for internet and telecommunication service providers—severely compromise citizens’ privacy rights.
"For instance, the CPO allows police officers to intercept communications or obtain traffic data with a search warrant if they have “reasons to believe” that an offense has occurred, is occurring, or might occur. However, this vague and broad threshold increases the risks of subjective interpretation, abuse and preemptive surveillance based on potential future offenses, ultimately undermining the balance between security and fundamental rights.
"We are concerned that these provisions can lead to mass surveillance and breaches of individual privacy, violating Article 17 of the ICCPR, Article 12 of the UDHR, and Article 43 of Bangladesh's Constitution, which collectively safeguard the right to privacy and protection against arbitrary interference by the state."
Fragmented reform initiatives
"While attention has been directed toward cybersecurity and data protection, we remain concerned that the approach to reforming digital governance policies and laws is narrow, piecemeal and fragmented.
"Proposed changes to these highly complex pieces of legislation are stopgap measures that fail to address the root causes of digital abuse and cybersecurity threats."
Recommendations
The organizations urged the interim government to reassess its approach to digital governance reforms to ensure that ordinances are rights-based, citizen-centric, forward-looking and developed through transparent, inclusive, and evidence-based policymaking approaches.
"Under Article 93(1) of Bangladesh’s Constitution, the Interim Government is responsible for ensuring these ordinances remain within the lawful scope of parliamentary statutes and safeguard fundamental rights.
"Specifically, we recommend that the Interim Government prioritize repealing the CSA and follow through with its commitment to withdraw all politically motivated and malicious cases filed under this law and its predecessors, adopt a narrowly focused ordinance to address cybersecurity risks while establishing a consultation roadmap to mitigate complex digital threats, including online safety and data protection, establish stronger procedural safeguards under the BTRA and the Code of Criminal Procedure, 1898 against government overreach, ensure transparency by publishing draft laws with significant advance notice for meaningful public consultation, align all reform initiatives with international human rights standards and clearly define legal terms to prevent abuse, adopt a holistic approach to digital governance beyond isolated regulatory fixes, and ensure independent oversight of regulatory bodies to guarantee accountability and prevent state overreach.
"These reforms are critical in ensuring a balanced, rights-respecting, and pro-innovation digital environment that safeguards citizens’ rights while enabling responsible corporate operations."
