Data are often random, unorganized facts such as a word, a symbol, etc that can be processed into information. In isolation data carry no meaning. But when put into context, they create information that people use to make plans, conduct research, take decisions or make predictions, etc. In other words, data are the raw materials for information. In the pre-internet era, data were dispersed and were not so easily available as they are today. But in the era of information technology, data, once thy are collected and stored, can be instantly accessed by the users from any part of the world. Such command over data has enabled their users to take a decision as and when they need it.
The ability to access data, or information, for that matter, so effortlessly has no doubt greatly empowered their users. But such instant accessibility of data has also its disadvantages. Users of the internet, the social media, to be specific, know best how it affects their personal lives. Those with evil intentions can access sensitive data about a user's personal life stored in their mobile phones, or the users of the social media themselves can unwittingly supply those personal data to criminals who may then hold the victimto ransom.This brings us to the issue of protecting the sanctity and security of sensitive personal data/information. Similarly, businesses including corporate housesand the government would also want to protect or secure data/information they consider sensitive. Corruption of data is yet anotherreason for businesses and individuals to want to protect their vital data/information.
These are some of the reasons why the issue of protecting data has assumedso much importance. In this context, it would be important to know how different countries are dealing with the subject of data protection. The European Union (EU), for instance, considersdata protection a fundamental right. The Article 8 of the EU's Charter of Fundamental Rightsstates that everyone has the right to personal data protection. And the protection of natural persons in relation to processing of their personal data is also enshrined in Article 16 of the Treaty on the Functioning of the EU. The data protection rules of the EU are set out in what is commonly known as the General Data Protection Regulation (GDPR).Clearly, the EU data protection regime is basically focused on the protection of personal data and rights of the citizens of the EU.
In the US, on the other hand, there is no stringent law on data protection, especially on data privacy. However, the UK has its Data Protection Act of 1998, which took effect in 2000. It provides guidelines for the data controller in handling personal data while doing business. But most countries do not have any data protection law.
It is against this backdrop that Bangladesh Data Protection Act, 2022 has come under scrutiny. Rights groups, foreign diplomats and opposition political parties have been expressing their views, some critically, on the draft law. Going by international experience, formulating a law on data protection is a very challenging job. In framing a data protection law, what is most important is striking a balance between ensuring rights to individual privacy and, at the same time, allowing the data to be used for business purposes. In that case, debates should be welcome allowing the various stakeholders including the businesses, ICT experts, right groups, the development partners' representatives and members of the public to have their say in the matter. Sharing international experience on the subject will also be important. It is believed, in this process, a data protection law most suitable for Bangladesh could be devised.
