The Need for Data Protection Laws in Bangladesh; Comparative Analysis Between European General Data Protection Regulation and Bangladesh

Data protection laws in Bangladesh is a relatively new concept with lineage dating back to the Constitution of Bangladesh thereafter being elaborated by the Information Communication Technology Act 2006 and the recently enacted Digital Security Act 2018.

As per the interpretation of the Judiciary, the Constitution of Bangladesh provides the citizens of Bangladesh the fundamental right to privacy. In addition to this, the Information Communication Technology Act 2006 provides the means of electronic privacy by stating the roles and responsibilities of the person having knowledge of certain data and how they utilizes the same. It also allows the government to intercept data provided certain conditions are met. It addition to this, the Information Communication Technology Act 2006 also provides that any person who has unauthorized access of any data cannot disclose the same to any other without the permission of the concerned person. Furtherance in the newly promulgated Digital Security Act 2018, it has been made punishable for anyone to access data illegally without consent and also if someone commits crimes based on data accessed illegally without permission. Both the acts, lists down a number of crimes and the punishment thereof nevertheless the latter act being harsher than the earlier act. In addition to these key acts, data protection in Bangladesh can also be accorded by the Contract Act 1872, in that there may be confidentiality provisions in the contract which thereby prohibits one party to disclose the information of the other party received during the performance of the contract or any period thereafter. Beside for breach of data from moveable property: like computer hard disks, pen drive, flash drive, CD there is a possibility that Penal Code 1860 can be applied as this is related theft or appropriation of tangible properties in which case the aforementioned can fall under tangible property. In the off chance, the Copyright Act 2000 may also come into action for breach of data or unauthorized use of data provided it meets certain conditions. In addition to these acts relating to Data protection, certain sectors has certain other guidelines in place made by the concerned regulatory authority to protect data. One such example can be the ICT security guideline promulgated by the central bank i.e. the Bangladesh bank applicable to all banking and non-banking financial institutions. Another such example can be the privacy policies required as per the code of ethics of the relevant profession like the doctors overseen by the Bangladesh Medical Association or that of the Chartered Accountants overseen by the Institute of Chartered Accountants of Bangladesh. 

In relation to the General Data Protection Regulation (GDPR) in EU by the was enacted on 25th May 2018. In this era of globalization, GDPR does affect Bangladesh in the sense that there are a large number of IT companies in Bangladesh who providing services to EU nations. As a result of which the Bangladesh IT market specifically engaged in the Business Process Outsourcing (BPO) for European companies has to adhere to the GDPR. The promulgation of GDPR in EU means that individuals concerned shall have greater control on their data and information and should they want to delete the same, this has to be deleted by the Bangladeshi companies storing the data. This is very important aspect of the regulation as a wide number of scamming opportunities can be prevented by the same. It is imperative that the Bangladesh government also incorporates the same within the existing regulations so that in case of any breach of GDPR, actions can be brought against the companies in breach in the courts of Bangladesh as well. 

Another important aspect of the GDPR is that in case of any breach of data and if data has been leaked or any data of any particular individual has had unauthorized access, the person handling the data is required by law under GDPR to notify the person of whose data has been leaked. This is an important aspect of GDPR and should also be incorporated in Bangladesh under the Digital Security Act 2018. 

With advent of time, Bangladesh has had their first step in the right direction by the promulgation of the Digital Security Act 2018 for prevention of data breach. However, the government and the concerned offices and the regulatory authorities needs to remember that this is just the first step towards a long journey. As the world evolves towards a stage where data has become a commodity and with scandals like the Cambridge Analytica in the recent times it is important that we implement strict data laws in place to adhere to international laws like the GDPR. An important step towards the right direction can be looking into our neighboring country like India who has strict data privacy laws in place thereby attracting a number of BPO businesses. Strict regulations also means that the foreign organizations will feel more comfortable in doing business in Bangladesh based on the fact that they shall also be adhering to the laws in their home country.