THIS is assuring that the government plans an independent commission to protect citizens’ data on digital platforms. An Information and Communication Technology Division policy adviser at the launch of a European Union-supported initiative for an effective e-governance and digital public services on January 27 said that the government’s plan for the commission came in the context of a series of incidents of data leaks from various government agencies during the Awami League’s tenure. A case against a former state minister for ICT affairs and 19 others was filed in November 2024 on charges of selling data of national identity cards of more than 11 crore people for Tk 20,000 crore. The Election Commission in December 2024 also terminated its contract with the Bangladesh Computer Council for national identification data verification services over a breach of terms that is transferring, exchanging, selling or providing NID data for any third party. There are also allegations against the police’s Anti-Terrorism Unit and the Rapid Action Battalion of illegally selling citizens’ data. The government should, therefore, take early steps to institute the commission and put in place a mechanism to prevent data breaches.
The Awami League government, toppled in August 2024, prophesied a vision of digital Bangladesh, which essentially turned the information and communications sector into a site of state surveillance and corruption. Data protection and digital security laws have largely been focused on governing citizens’ action on digital platforms, which became evident in the indiscriminate use of the Digital Security Act 2018. Policy decisions were made declaring government agencies as critical information infrastructure, obstructing journalists’ access to data. While public access to information remains restricted, the quality of digital public services remains poor and vulnerable to financial crime and corruption. The reported technological negligence in the theft of $101 million from the Bangladesh Bank’s account in 2016 proves this point. A 2022 study by the threat intelligence unit of the Computer Incident Response Team says that almost all banks have been running one or more vulnerable services and weak authentication systems, which may lead to potential cyber attacks. Technological inefficiencies and negligence in issuing birth and death certificates by the administration have also been reported at routine intervals. People have talked about the hassles they face when they pay their utility bills online.
The government should, therefore, prioritise the institution of the data protection commission and ensure that citizens’ data are protected. It should also ensure that previous cases of data theft are properly investigated and the people involved are brought to justice. The government at the same time needs to revisit laws and policies on digital governance to ensure unhindered public access to information without compromising the integrity of the system.