The business of child data profiling: Why did Meta exert undue pressure on the Data Protection Ordinance?
The Personal Data Protection Ordinance (PDPO) 2025 marks a turning point in Bangladesh’s digital governance, exposing how Meta’s push to lower the child-age threshold pits corporate profit against child protection and national data sovereignty in an era of aggressive profiling and AI monetisation
The trajectory of digital governance in Bangladesh has reached a critical juncture with the enactment of the Personal Data Protection Ordinance (PDPO) 2025 and its subsequent 2026 Amendment Ordinance.
Following collective objections from platforms including Google, Meta, Mastercard, and Uber, two significant amendments were made: the requirement for 'synchronous local backup' (which platforms termed de facto localisation) was removed for all personal data except for 35 government-declared Critical Information Infrastructures and restricted data, and corporate offences were shifted from prison sentences to fines.
The persistent lobbying to lower the age of minors
Despite these concessions, Facebook (Meta) pressured the government at least five times – both before and after the law's creation – to reduce the legal age of a child from 18.
They raised this demand in high-level government meetings, discussions organised by the US Embassy, and bilateral sessions.
We repeatedly clarified that the definition of a child's age does not fall under the jurisdiction of the ICT division but rather under the Ministry of Women and Children Affairs. Yet, Meta never explicitly explained why this change was so urgent, which deeply intensified our suspicions.
This advocacy raises profound questions regarding the intersection of corporate profit motives and the protection of vulnerable demographics.
The demographic stakes of age redefinition
Meta's insistence on redefining childhood is inextricably linked to the sheer scale of the Bangladeshi market.
Current estimates place Facebook's user base in the country between 70 and 80 million. Although Meta's internal policy mandates a minimum age of 13, the 13 to 17 age bracket constitutes a significant portion of the digital populace, estimated at 8 to 12% of the total user base.
Consequently, there are approximately 6 to 8 million active adolescent users in Bangladesh whose data remains subject to commercial exploitation. The constant accumulation of their photos, videos, behavioural data, and social interactions makes child data protection, profiling, and the use of this data for AI training a critical policy issue.
From a regulatory perspective, maintaining the age threshold at 18 ensures that the behavioural data, imagery, and social interactions of millions of minors are shielded by stringent consent requirements.
Conversely, lowering this age would grant platforms a 'massive exemption', facilitating the unhindered profiling of young users for targeted advertising and machine learning.
The profiling economy: Mechanics of data profiling and AI training
The business model of platforms like Google and Meta is built entirely on data profiling – the systematic analysis of user behaviour and imagery to drive revenue cycles and product development.
However, if the age of a child is legally set at 18, it imposes strict limitations on data profiling, content monetisation, and AI training samples.
While legacy Bangladeshi laws already restrict child-related content and require strict parental consent, the new privacy laws add necessary checks and balances.
The modern social media business model is predicated on data profiling – the systematic analysis of user behaviour to drive revenue cycles and product development.
However, when applied to minors, this model encounters severe ethical and legal barriers. Global precedents illustrate the risks: in Australia, Meta acknowledged harvesting public data for AI training without providing "opt-out" mechanisms, leading to the inclusion of children's content in generative AI datasets like Stability AI and Midjourney.
In response to these systemic failures, Australia implemented a landmark ban on social media for those under 16 in 2025.
For Bangladesh, the risks are amplified by a lack of investment in local language moderation and Bengali-specific Large Language Models (LLMs), which leaves minors vulnerable to cyber-harassment and data misuse.
We were astonished by Meta's unwarranted and repeated demands across various forums to abolish all criminal offence clauses related to hacking, privacy violations, and national-level data breaches from the Cyber Safety Ordinance, Personal Data Protection Ordinance, National Data Governance Ordinance, etc. laws.
The 'Bangladesh Epstein' crisis and systemic failure
The urgency for robust data protection is underscored by recent investigative findings from Dhaka Stream, which detailed organised networks on Facebook sharing children's personal data and offensive imagery.
Termed the 'Bangladesh Epstein Case', this phenomenon reveals a catastrophic failure in Meta's existing algorithmic filtering and community standards. Like in Australia, this raises ethical redlines in Bangladesh perspective too.
There is a nagging question: was the continuous pressure to lower the age of a child intended to secure "massive exemptions" for child-profiled content, including gambling, pornography, and predatory materials? A former Meta official even claimed to have invested significant resources to block our progress.
Our Data Protection Act aligns with the European GDPR, requiring explicit consent for data collection and secondary use, such as AI training.
It also demands that Meta invest more in local monitoring, as current resources for Bengali-language moderation are limited, leaving victims of cybercrimes without redress.
Furthermore, there is the issue of fiscal accountability.
Meta has twice evaded questions regarding their estimated revenue in Bangladesh. While anonymous crowdsourced data transfers may be free, if a platform generates revenue through subsequent commercial processing, the state is entitled to its fair share of taxes and VAT.
The National Board of Revenue has every right to know the sector-based income sources of these platforms.
Moreover, revenue segment classification is also important – child pornographic content, gaming, child sexual content, gambling and betting, and other child-related content, as well as income streams derived from advertising, profiling of children's data, content monetisation, and even behavioural and image AI training–based products built on such data.
The National Board of Revenue (NBR) has to report platform incomes related to paedophilia-related content and its promotions.
The reluctance of Meta to provide transparent reasoning for its lobbying efforts suggests a strategic move to minimise liability and maximise data harvesting.
In a landscape where illegal content involving minors is strictly prohibited by Bangladeshi legacy and cyber laws, any attempt to dilute age definitions could be interpreted as a move to bypass parental consent and legal checks and balances.
Economic transparency and data sovereignty
Beyond ethical concerns, the debate encompasses data sovereignty and fiscal accountability. Meta has consistently obscured its revenue figures within Bangladesh.
While the PDPO 2025 aligns with some of the European GDPR (General Data Protection Regulation) standards, requiring explicit consent for data collection and secondary usage (such as AI training), it also addresses the commercial processing of bulk Personal Identifiable Information (PII).
The state maintains a legitimate right to oversee the 'profiling economy'. If digital platforms derive significant revenue from the commercial processing of Bangladeshi citizens' data, the National Board of Revenue is entitled to its proportionate share of taxes and VAT.
The tension between Meta's corporate interests and Bangladesh's regulatory framework is a microcosm of a global struggle for digital rights.
The fundamental question remains: will the state protect the sensitive data of its children, or will it allow their digital identities to be commodified by the profiling economies of tech giants?
Upholding the definition of "child" at 18 is not merely a legal nuance; it is a necessary defence of children's rights and national data sovereignty in the digital age.
Faiz Ahmad Taiyeb is an author on sustainable development and a former special assistant to the chief adviser.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.
