Overview of data privacy risks in Bangladesh's e-commerce

Mohammad Adnan Rahman | Monday, 12 February 2024

Bangladesh has been leveraging digital technologies to equip its society and economy, committing to its transformation into a digital nation. Any transformation of such scale is sure to invite novel challenges, and this digital revolution's primary emergent concern is data privacy. Let us discuss some of the growing data privacy concerns in Bangladesh, primarily in the context of the e-commerce ecosystem; hopefully emphasising the need for robust data protection measures.
The digital remodelling in almost every walk of society in Bangladesh necessitates that citizens get with the programme promptly, regardless of their level of preparedness. With an increasing number of internet and smartphone users, an unprecedented amount of data becomes available on the internet, for anyone to access if precise steps to safeguard it aren't taken. The digital revolution in the case of businesses has primarily been focused on convenience, and ease of access. This has paved the way for business owners to take their activity online, resulting in a colossal upsurge in e-commerce activity for the country. This increased activity results in a tremendous amount of data being generated.
Every action on the internet leaves a digital footprint. Every transaction, registration, and even browsing on the internet release bundles of data, sometimes very personal data one would not otherwise forfeit. Business platforms have access to this data, enabling them to target their products, services, and their placements more accurately in line with demands, but they also inherit a certain amount of associated responsibility and even risk. This era of unprecedented data collection poses a consequent threat: widespread privacy violations with extensive consequences.
Handling sensitive information such as customer profiles, purchase histories, and payment details underscores the significance of ensuring data privacy. Mishandling personal information exposes individuals to risks like identity theft, financial ruin, and reputational damage, eroding trust and fostering societal disengagement due to perceived surveillance. Moreover, market failures and compensation delays from prominent e-commerce platforms in Bangladesh such as Evaly and E-orange have already eroded public confidence in e-commerce businesses and have exemplified suspicious and dangerous activities associated with bad data practice.
For businesses, the data safety issue goes beyond mere legal compliance, representing a fundamental necessity for establishing trust and upholding the integrity of the digital landscape. It is a strategic necessity that could influence the direction of e-commerce expansion. If the public feels that their data is safe online, inhibition about conducting business online will be reduced, driving more traffic to e-commerce platforms.
There is a case to be made for rules that are transparent, stringent, and strictly enforced since these rules will form the basis of a framework that will protect consumer sovereignty by making sure that e-commerce strategies prioritise protecting consumer rights. In Bangladesh, the need for a robust legal framework overseeing data protection and implementing said framework presents several challenges.
While the government has initiated a positive step by drafting the Personal Data Protection Act 2023 (PDPA), concerns linger about the effectiveness of its provisions and their alignment with international standards, as well as the timeline of its eventual implementation. Transparency International Bangladesh (TIB) has specifically highlighted issues such as the PDPA's vague definition of personal data, the potential for government surveillance overreach, and insufficient provisions for individual redress. TIB advocates for a comprehensive review of the PDPA to ensure adequate data privacy protection in line with international standards.
In July 2023, Bangladesh experienced a significant data privacy breach where the website of Office of the Registrar General, Birth & Death Registration inadvertently exposed the personal details of millions of its citizens. This data breach involved the unauthorised release of sensitive data, such as names, phone numbers, email addresses, and national ID numbers, placing individuals at risk of identity theft, fraud, and other malicious activities. The leaked information poses a severe threat, leaving citizens vulnerable to targeted phishing attacks, spam, and harassment. This event also presented the risk that data breaches pose to even the state government, an entity that possesses significantly greater resources than most businesses. This raises concerns about what steps businesses can take to tackle data breaches. These incidents result in financial losses and raise apprehensions about government surveillance and the potential misuse of personal data.
Addressing data privacy concerns requires a multifaceted approach encompassing various measures. First and foremost, implementing robust data security measures, such as multifactor authentication and encryption protocols, is imperative across government organisations and businesses handling personal data. Additionally, establishing comprehensive privacy laws and regulations is vital to govern data collection, storage, and handling, holding organisations accountable for breaches and promoting better data protection practices. Furthermore, empowerment through awareness is crucial, involving public awareness campaigns, workshops, and digital literacy programmes to empower individuals to protect their personal information and exercise greater control over their digital identities.
Recognising the collective responsibility of stakeholders in Bangladesh's e-commerce ecosystem, including government authorities, human rights organisations, and the public, is paramount for ensuring data privacy. Inclusive legislation, developed with the active involvement of stakeholders, ensures compliance with international standards, creating an adequate legal framework safeguarding data privacy. Giving individuals maximal control over the collection, storage, processing, dissemination, and use of their data by public and private institutions is crucial for informed decision-making. Moreover, public awareness initiatives and education on moral values and digital rights are essential, as a knowledgeable and vigilant public plays a significant role in adequate data protection.
Concerns over data privacy in Bangladesh's e-commerce sector highlight the necessity of an all encompassing regulatory framework that complies with international standards of quality. Data privacy is ensured by raising public awareness, and protecting citizens' data is a shared duty that multiple stakeholders at several levels of authority must participate in actively. The protection of data privacy is essential to Bangladesh's progress toward becoming a Smart Bangladesh, as it allows for the creation of a safe and prosperous digital environment for everybody.

The writer is Portfolio lead, Inspira Advisory & Consulting Limited. This article is a part of an effort to bring further awareness regarding cybersecurity and policy gaps relating to cybersecurity in Bangladesh to the general public, stakeholders, and policymakers and is supported by the South Asian Regional Digital Initiative (SARDI) by DAI and USAID under the Digital Connectivity and Cybersecurity Partnership (DCCP) Programme.