It’s time to treat data privacy as a human right

The concept of protection of personal data or data privacy is relatively new in the Bangladeshi legal sphere. However, given the world's circumstances in this era of digitisation, the necessity to take adequate measures to safeguard the right to data privacy has never been more important.

Before delving deep into personal data protection, we must first address the question – what is data privacy? 

"Data privacy" refers to an individual's ability to consent to how their personal information or data is disseminated. 

To understand data privacy, it is key to consider what classifies as personal data. According to the European Commission, some examples of personal data are a person's name, address, contact information, national or local identification number, location data, IP address, medical data, etc.

The internet's role has increasingly grown, and people's dependency on the same has burgeoned in the last two decades. With that, the necessity for organisations, companies, online businesses, websites, social media platforms, etc., to collect, store, and process personal data has also skyrocketed. 

As a result of the proliferation of the need to collect, store, and process data in immense volume,  it has become a matter of global concern that some of the aforementioned entities that are collecting users' data are not necessarily disclosing the extent of data being collected. In some instances, they also fail to take adequate safeguarding measures to protect the user's data. 

Sometimes, they even sell the data – resulting in data breaches, which is a gross violation of the right to privacy which is enshrined in the Constitution of Bangladesh, a number of local legislations, and several International Conventions.

Data privacy realities in Bangladesh

Article 43(b) of the Constitution states that "every citizen shall have the right, subject to any reasonable restrictions imposed by law in the interests of the security of the State, public order, public morality or public health, (b) to the privacy of his correspondence and other means of communication."

In addition, the Court granted the following rights to privacy as a fundamental right: freedom of thought and conscience, freedom of speech under Article 39, and the right to life and personal liberty under Article 32. 

However, the much-anticipated legislation supposedly designed to ascertain data privacy in Bangladesh, the Data Protection Act (Bill), 2022, remains in the formative stage. 

Bangladesh has been subject to an increasing number of cyber-attacks in recent years. To great dismay, the government has not taken decisive measures to curtail or eradicate such threats. 

For example, in June of this year, the personal data of more than 50 million Bangladeshis was leaked from the websites of the Birth & Death Registration (BDRIS). 

Among the leaked data were the names, phone numbers, email addresses, and National Identity Card numbers of Bangladeshi citizens.

The exposed data was discovered on June 27 by Viktor Markopoulos, a researcher from Bitcrack Cyber Security, a computer security solutions firm based in South Africa.

In October 2023, there were reports of a data leak involving personal information from the Telegram app's Bangladeshi National Identity Card (NID) database. The Election Commission stores the personal data of approximately 120 million Bangladeshis, of which around 55 million possess smart NID cards.

Despite being the entity responsible for ensuring the safe storage of the data belonging to the citizens of Bangladesh, the Election Commission shrugged off its responsibility. It blamed one or some of the 174 institutions and organisations that have access to the NID servers. 

It should be worth noting that despite the BDRIS being identified as the source of the data leak of crores of Bangladeshi citizens, no punitive measure was taken against them or their senior management by the investigative body authorised to conduct this investigation.

Why data privacy has become a human right in the modern-day

Under Article 12 of the United Nations' Declaration of Human Rights, privacy has been enshrined as a human right. Article 17 of the International Covenant on Civil and Political Rights also guarantees similar right to privacy.  

Given the rate of digitalisation the world and in specific Bangladesh is undergoing and the subsequent surge in the amount of data needing to be stored and protected – protecting the same has become a matter of utmost importance in order to safeguard human dignity, autonomy, privacy, and human rights.

As a result, data privacy has become a matter of grave global importance, which is resulting in governments enacting specialised laws to mitigate data leaks and take punitive actions against those who are responsible for causing them. Among them are legislations such as the GDPR (EU) & PIPA (S. Korea) which define various categories of data as well as dictate how data should be processed among others.

On 16 December, 2020, the United Nations promulgated a new resolution titled "Right to Privacy in the Digital Age." Needless to say, in this ever-changing world, human rights need to be constantly updated in order to cope with the demands of the modern age. However, due to the drastic evolution of the digital landscape, it is critical that privacy rights be revised and modernised accordingly to remain abreast with said evolution. 

Wasif Jamal Khan is the Co-founder and Vice President of the Bangladesh Forum for Legal and Humanitarian Affairs (BFLHA).

Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.