logo

LETTERS TO THE EDITOR

Is privacy truly protected in Bangladesh?

Tuesday, 16 June 2026


The enactment of the Personal Data Protection Act, 2026 marks a significant development in data governance in Bangladesh. As digital technologies become increasingly integrated into everyday life, the collection, processing, and storage of personal data by both public and private actors have expanded considerably. The Act seeks to address these concerns by establishing a legal framework for the protection of personal information and the recognition of individual privacy rights. In this regard, it represents an important step towards strengthening data governance in the country.
A major strength of the Act lies in its consent-centric approach to data processing. The legislation generally requires the consent of the data subject before personal data may be collected or processed. The introduction of financial penalties for non-compliance also reflects an effort to enhance accountability among entities handling personal information.
In this connection, it is essential to ensure institutional independence of the National Data Management Authority, which is responsible for implementing and enforcing the Act. Effective data protection depends on an independent regulatory body capable of exercising oversight free from political or administrative influence. However, the Authority operates under the Prime Minister's Office, raising legitimate questions about its ability to function autonomously, particularly in matters involving government agencies. By contrast, under the European Union's General Data Protection Regulation (GDPR), supervisory authorities are required to act with complete independence.
Another significant concern relates to the exemptions provided under Section 24. The provision allows personal data to be processed without consent on grounds such as national security, public order, public interest, and crime prevention. While such exemptions are common in data protection laws, the broad language employed in Section 24 raises concerns. The Act does not clearly define these terms, nor does it provide sufficiently robust safeguards, such as independent oversight, to ensure that exemptions are used only when genuinely necessary. As a result, there remains a risk that exceptions intended for limited circumstances could undermine the privacy protections the Act seeks to establish.

Sanjida Khondaker Ripa
Department of Law,
Bangladesh University of Professionals

Editor : Shamsul Huq Zahid

Published by Syed Nasim Manzur for International Publications Limited from Tropicana Tower (4th floor), 45, Topkhana Road, GPO Box : 2526 Dhaka- 1000 and printed by him The Transcraft Limited, 229, Tejgaon Industrial Area, Dhaka-1208.

Telephone : PABX : 9553550 (Hunting), 9513814, 7172017 and 7172012 Fax : 880-2-9567049

Email : editor@thefinancialexpress.com.bd, fexpress68@gmail.com