Transparency International Bangladesh (TIB) and ARTICLE 19 have expressed concern over some provisions in the draft Personal Data Protection Act, 2024 (PDPA), citing their potential to undermine fundamental rights.
The call came at a press conference titled “Draft Personal Data Protection Act, 2024: Review and Recommendations" jointly organized by TIB and ARTICLE 19, a British international human rights organization, in the capital's Dhanmondi on Sunday.
Dr Iftekharuzzaman, TIB executive director, attended the event, which was moderated by Towhidul Islam, director of Outreach and Communication.
Sheikh Manjur-E-Alam, ARTICLE 19 regional director for Bangladesh and South Asia, delivered the keynote address.
The outgoing Cabinet approved the PDPA in November 2023, and it is expected to be presented in parliament soon.
Therefore, the two organizations urged the government to involve all stakeholders, including civil rights organizations, at different stages of the draft act, to add and remove several sections following their recommendations.
Both organizations also demanded a specific definition of "personal data", the abolition of the obligation to store data across national borders, and the formation of an independent "data protection authority".
Speakers at the press conference said Bangladesh’s constitution guarantees the people’s right to privacy and recognizes freedom of expression as an inalienable right.
Therefore, their first demand is for these acknowledgments to be included in the preamble of the law, emphasizing its necessity in safeguarding the fundamental rights mentioned in the constitution.
The draft provides a definition of "legal persons," encompassing institutions, which may lead to misunderstandings. Additionally, while it defines "personal data," the lack of specificity could result in additional confusion and the potential for misuse, they said.
Moreover, if all data is stored at the local level with infrastructure vulnerabilities, there will be security risks, they added.
On the other hand, the relevant international organizations must comply with the principles of data storage according to standards. In that case, most of the international organizations will face obstacles in conducting their business activities in Bangladesh, they said.
The speakers also highlighted the need for the formation of an independent data protection authority, as the PDPA proposes a government-appointed board. They feared that a government-controlled board could be biased and unable to hold the government accountable.
On the other hand, government agencies would be granted authority to utilize personal information under the guise of safeguarding national security and public interest, terming it an exception.
They said granting government agencies unrestricted access to data servers without judicial oversight poses a risk of potential misuse.
Dr Iftekharuzzaman, executive director of TIB, said the draft has improved after consultations with stakeholders and TIB. As a result, the draft PDPA is in a better position than before.
“However, areas of significant concern for the public persist, raising the risk of the law being utilized as a tool for control and surveillance under the guise of safeguarding personal information,” he added.
The TIB chief said: "The spirit of the proposed act does not reflect the constitutional commitment to the privacy of personal information and ensuring freedom of speech. The absence of a precise definition of person and personal information, leaves room for misinterpretation, posing a risk of misapplication by the government."
Sheikh Manzur-E-Alam said: "Aside from making the law time-befitting, precautions must be taken to prevent it from becoming as restrictive as the Digital Security Act in any aspect. Our government is now giving a lot of importance to digitization. Therefore, in our digital life, we are urging the government to reform the draft act through discussions with the relevant stakeholders to protect the freedom of expression and privacy as recognized by our constitution.”
