As Bangladesh’s interim government considers the enactment of a Data Protection Ordinance, ARTICLE 19 emphasises that it is critical that the framework reflects international best practices, aligns with constitutional guarantees, promotes transparency, and is grounded in international human rights law. The protection of personal data is essential to safeguard human rights, to foster an open and inclusive digital ecosystem, and to enable innovation and economic growth in Bangladesh. Throughout the drafting process, civil society organisations have raised concerns that certain provisions of the ordinance, if left unamended, could undermine the right to privacy, restrict cross-border data flows, and centralise disproportionate power in the hands of the government and regulatory authorities.
To ensure that the ordinance achieves its intended purpose of protecting citizens while supporting Bangladesh’s digital transformation, a set of non-negotiable red lines must guide the legislative process. This statement sets out those red lines, identifying the minimum safeguards required to protect the rights of individuals and create an enabling environment for responsible data-driven innovation and adoption. The objective of this statement is not to oppose the current drafting of the ordinance, but to ensure that the final ordinance is transparent, accountable and future-proof, anchored in respect for human rights and the rule of law.
ARTICLE 19 calls for the 2025 Bangladesh Data Protection Ordinance to be fundamentally grounded in international human rights law, with particular emphasis on the rights to privacy, freedom of expression, and access to information. This includes:
- Embedding strong legal safeguards to prevent arbitrary or disproportionate surveillance, and ensuring that any restrictions on rights are lawful, necessary, and proportionate;
- Clarifying vague or overly broad terms such as ‘public interest’ and ‘operational necessity’ to prevent their misuse as justifications for intrusive or discriminatory data processing;
- Ensuring the independence and transparency of the Data Protection Authority, including through secure tenure, financial autonomy, and freedom from political interference;
- Protecting the right to freely given and revocable consent without penalty, particularly in contexts involving vulnerable or marginalised groups;
- Guaranteeing procedural safeguards and redress mechanisms that are accessible, timely, and effective for individuals whose rights have been violated;
- Narrowing and precisely defining exemptions, especially those related to law enforcement and national security, and subjecting them to independent judicial or parliamentary oversight;
- Affirming the right to freedom of expression in all data governance processes, ensuring that data protection is not weaponised to suppress journalism, public criticism, or civil society advocacy;
- Establishing participatory and transparent rulemaking processes that involve civil society, technical experts, and affected communities in shaping how data protection is implemented.
As such, ARTICLE 19 urges the Government of Bangladesh to adopt a truly rights-respecting data protection regime, one that upholds democratic values, protects individuals from harm, and fosters an open and inclusive digital environment for all.