The recent publications of the drafts of two long-awaited legislations on regulating usage of internet have stoked some debate on the likely impact of those on citizens and businesses. However, not much has been said about the government’s motivation and objectives behind the sudden rush in legislating these laws, which should have been enacted years ago. Both of these draft laws - the Bangladesh Telecommunication Regulatory Commission (BTRC) Regulation for Digital, Social Media and OTT Platforms, 2021 and the Data Protection Act, 2022 - have a common principle, which is to allow the government ever more control on everything we do over the internet. Hence, the draft OTT regulations have more provisions to allow state surveillance over contents on the ground of security of the state, instead of giving freedom to citizens to enjoy cyberspace without fear. Similarly, instead of affording greater protection to an individual’s privacy rights, many of the proposals under the draft data protection act would actually increase the government’s access to personal data, thereby increasing their surveillance capabilities.
Question of data protection for the state and its citizens are not necessarily the same, especially in countries that are autocratic or hybrid democracies. Right to privacy, however, is enshrined in the constitution as a fundamental right in most countries in line with the Universal Human Rights Declaration, but in autocracies and weaker democracies the state itself poses the greater threat to individuals privacy. Rights groups allege that in Bangladesh too the government poses the greatest threat to citizens' privacy.
According to Freedom on The Net Report 2021 published by Freedom House, internet freedom in Bangladesh reached an all-time low. The reasons cited include the applications of the Digital Security Act (DSA) and “new evidence of the extent of government surveillance capabilities” that came to light. The report alleges that the online sphere continues to be impacted by government-hired civilian contractors who hack accounts and use false copyright infringement complaints to get content removed. Besides, it noted that partial restrictions of internet and communication services during protests, elections, and tense political moments have become common. Strategic advisory firm BGA Asia, speculating the new Data Protection Act coming into force before next elections says, ``Optimists may point to other countries around the world that have passed laws to protect their citizens’ personal information and ensure data privacy. However, many of the thought leaders in Bangladesh think otherwise.``
The reasons or objectives of the proposed data protection law noted in the draft clearly shows the government’s priority and emphasis are anything but protecting personal privacy as it has been demoted to the third and fourth position in the list.Though it has been suggested that the European data protection law, the EU GDPR, has been used as a model to draw up our own legislation, the objectives could not have been more stark. Number one objective of the GDPR says, “This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.” And the second objective reads, “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
The other proposed legislation, the BTRC Regulation for Digital, Social Media and OTT Platforms, 2021, also attaches higher importance in the name of sovereign control on curbing freedom of users. The Internet Society using their Internet Impact Assessment Toolkit, concludes that the proposed law will be “making the Internet less open to those that want to utilise it.” Apart from introducing significant compliance costs to service producers it says, the law’s “vaguely defined scope for objectionable content risks depriving Internet users in Bangladesh of useful and educational information.” The Internet Society says the regulation enables a lot of unaccountable actors and actions, both from government enforcers and complying intermediaries. It argues that along with the resulting lack of privacy in online communications, it will create an uncertain, unpredictable, and non-transparent environment for businesses to operate in, thereby making the Internet and online services in Bangladesh less trustworthy, and less appealing for citizens to use.
In both the legislations, regulators, the planned Digital Security Agency and the current Bangladesh Telecom Regulatory Commission do not have any independence whatsoever, rather will be something similar like any other government department. These draft rules have also given almost blanket indemnity to all government agencies that would certainly make these regulatory bodies powerless, which is quite opposite to the roles played by regulators in Europe and many other advanced countries.
Two cases can be cited here that exemplify the degree of protection citizen’s should receive and the independence the regulator should have. In January, this year the European Union’s data protection watchdog, the European Data Protection Supervisor (EDPS) forced the EU’s police agency, Europol, to delete much of a vast store of personal data that it has been found to have amassed unlawfully. Those sensitive data had been drawn from crime reports, hacked from encrypted phone services and sampled from asylum seekers never involved in any crime. In the UK, the Information Commissioner’s Office (ICO), fined the Cabinet Office £2,50,000 in 2020 for the leak of personal data from the New Years Honours list.
In contrast, we have seen all sorts of data breaches, including biometric ones, in Bangladesh, which presumably would not have been possible without direct or indirect roles of government agencies. No one has been held accountable for such breaches. But people have been persecuted based on suspicion and spurious claims. In this context, it could be argued that the sudden rush for these regulatory legislations had been warranted due to the upcoming political developments, including the country’s next election to be held by December 2023. Concerns about the likely use of both the DPA and OTT rules by the government to exercise greater control over citizens' online activity during electioneering may not be entirely misplaced. Here’s a reminder that the DSA enactment happened just two months before the parliamentary election in 2018.
(Published in the Daily Star on April 19, 2022)
মন্তব্যসমূহ
একটি মন্তব্য পোস্ট করুন