Leave no room for misuse
The Advisory Council's approval of the Personal Data Protection Ordinance 2025 and the National Data Governance Ordinance 2025 are significant developments in Bangladesh's digital governance. While there is an undeniable need for a comprehensive legal framework to protect personal data, Transparency International Bangladesh's (TIB) concerns highlight the possibility of the laws being misused.
As per the TIB, some provisions of the two ordinances were approved hurriedly without adequate expert consultations or stakeholder engagement, which is concerning. During the last regime, stakeholders and experts had criticised the draft data protection law, particularly for the way it was used for surveillance. This time, an inclusive dialogue was expected, especially given their implications for privacy, civil liberties and state accountability, with long-term and critical consequences. While that expectation was not met, the exclusion of internationally accepted data protection principles, such as lawfulness, transparency and confidentiality, raises serious concern.
For all latest news, follow The Daily Star's Google News channel. 
Especially alarming is subsection 15(4) of the draft, which allows exemptions for data controllers and section 24, which gives access to personal data for "crime prevention" without judicial oversight. These provisions have the potential to become tools for surveillance and control, leading to the violation of constitutional privacy rights. The draft also gives sweeping powers to the proposed National Data Management Authority, which will function under the prime minister's or the chief adviser's office. Besides, section 23 requires all "significant data controllers" to appoint a chief data officer (CDO) without clarifying whether CDOs will be accountable to government authorities. Section 24 exempts the government from seeking consent when accessing personal data for national security, defense, public order, or crime prevention and investigation—without clearly defining these terms; thus, increasing the risk of misuse. Section 50 authorises the government to issue directives to the authority concerning sovereignty, security, public order, or foreign relations. Section 55 allows it to issue any order related to data storage or transfer in cases of urgent necessity.
Undoubtedly, some of the provisions of the ordinances—mandating informed consent, securing sensitive data, empowering citizens with rights over their data, and introducing penalties for breaches—are crucial for safeguarding user privacy. But the lack of transparency in their drafting, the risk of increased state surveillance are issues that must be addressed. The government should pay heed to TIB's call to not enforce the ordinances now without meaningful consultations with experts and stakeholders.
Comments