Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Bangladesh: Ongoing initiatives for a data protection law

Bangladesh has yet to enact a comprehensive data protection or privacy legislation with a general scope. While the Bangladesh Telecommunication Regulatory Act 2001, the Information and Communication Technology Act 2006 ('the ICT Act'), and the Digital Security Act 2018 ('DSA') contain sporadic provisions on protection of personal data preserved in an electronic form, a law to govern data protection issues generally is still in the process of being formulated. Tanim Hussain Shawon, Partner at Dr. Kamal Hossain & Associates, discusses these initiatives and their progress.

Tarzan9280 / Signature collection /

Bangladesh strives to act as a member of the global community in terms of its commercial activities and development in general. With the growing emphasis on a globally compatible data protection and privacy regime as a precondition for business and cooperation on a cross-border basis, it has become incumbent for Bangladesh, which is still categorised as an emerging economy, to align its domestic data protection laws with the rest of the world.

The existing legal provisions on the protection of digital data not only fall far short of the acceptable standard, they have also led to bitter controversy as a result of their selective and distorted application. Therefore, it is essential for Bangladesh to make a fundamental shift from the present position to enacting a data protection law, which must have at its heart the interest and protection of the ordinary and private persons.     

In November 2020, a first draft of the Data Protection Act ('the Act') was circulated by the Government. The Act has not yet been finalised, and various stakeholders have already voiced concerns about certain aspects of the draft. 

The Act is proposed to have overriding effect over other laws and also extra-territorial application. The Act will apply to persons collecting, processing, using, sharing or otherwise processing data within Bangladesh; if such data is related to any Bangladeshi citizen, the application of the Act may also extend outside Bangladesh. Similarly, if a data processor or controller is not present within Bangladesh but the data processed by them is in connection with business carried on in Bangladesh, the Act may extend beyond the territory of Bangladesh.

The Act would require a data controller to issue notice to the data subject when the controller first collects the data or uses the data for a purpose other than the purpose for which the data was collected. Any data, including sensitive data, cannot be processed without the consent of the data subject. Without prior consent of a parent, guardian or relevant person having authority of making a decision, no data relating to a child can be collected or processed. The Act also provides a data subject with the right to erasure or right to be forgotten. The data controller will have the obligation to erase data within a prescribed period.

While the drafting team is said to have modelled the Act after the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), there are various deviations from the GDPR. The most concerning of such deviation is the Government's wide power to grant exemption to any data controller or class of data controllers, who may include any Government entity, from any provision of the Act.

The presence of a legal provision granting wide powers to the Government to exempt application of the data protection regulation in respect of a class of actors could give rise to serious concerns about the prospects of a fair and effective implementation of the Act. Specifically, the enactment of the Act with wide arbitrary powers reserved for the Government may frustrate the very purpose of the enactment. Stakeholders hope the Government and the legislature ensure an effective harmonisation of Bangladesh's ensuing data protection law with the relevant globally accepted standards.    

Tanim Hussain Shawon Partner
[email protected]
Dr. Kamal Hossain & Associates, Dhaka