The Digital Security Act, Allegations of Censorship

The Digital Security Act, Allegations of Censorship

Bangladesh’s Digital Security Act is a national digital security law that was recently passed in 2018. In contrast to many other data privacy laws that have been passed on the continent of Asia in recent years, such as India’s Personal Protection Bill of 2018 and the Chinese Cybersecurity Law, the Digital Security Act is a law that has been accused of infringing on the privacy rights of Bangladeshi citizens. According to various media outlets around the world, the law has effectively been used to both harass and detain journalists, activists, and media members operating within the country of Bangladesh who has been critical of the actions and opinions of the country’s government. To this point, the Digital Security Act does not provide Bangladeshi citizens with any rights as it pertains to their data protection or personal privacy, nor does the law mandate that data controllers and operators adhere to any principles.

What is the scope and applicability of the Digital Security Act?

In terms of the personal scope of the Digital Security Act, the personal scope of the law applies to “any natural person or institution, company, partnership business, farm, or any other organization, in case of the digital device its controller, and any entity created by law or artificial legal entity”. Alternatively, the Digital Security Act contains various extraterritorial provisions, including “if any person commits an offence or contravention outside of Bangladesh which is punishable under these provisions, then this Act shall apply as if they had committed such offence or contravention in Bangladesh”. Additionally, the material scope of the law “covers all kind of data processing including usage, saving, and transmission and all kinds of data which may even relate to critical information infrastructure. In addition, it has expressly covered certain types personal data under the term “identity information”.

Why has Bangladesh’s Digital Security Act led to international controversy?

In July of 2021, Amnesty International, an international non-governmental organization that works to promote human rights, requested that the government of Bangladesh repeal the Digital Security Act, going as far as to characterize the law as “draconian”. To support such allegations against the country, Amnesty International points out that at least 433 have been imprisoned within Bangladesh as a result of violating the Digital Security Act in 2021 alone. Many of the individuals who have been supposedly targeted by the law include journalists, activists, musicians, students, entrepreneurs and business people, and other members of the media. Furthermore, Amnesty International has also alleged that many of the 433 individuals who have been detained have also been tortured, as the law is effectively being used by the Bangladeshi government as a tool for repression.

To provide a more specific example of these allegations, human rights activist Ruhul Amin was arrested for violating the Digital Security Act after he made posts on the social media website Facebook that were critical of the Bangladeshi government and Prime Minister Sheikh Hasina. The comments that Amin made were in reference to the detention and death of Bangladeshi writer Mushtaq Ahmed, who was allegedly arrested for criticizing the Bangladeshi government’s response to the COVID19 pandemic. Ahmed was denied bail six times and reportedly died from a heart attack that he sustained while in police custody on February 25, 2021. This instance, in addition to a multitude of others, have led Amnesty International to conclude that the Digital Security Act essentially functions to criminalise the free speech of Bangladeshi citizens.

What are the punishments for violating the Digital Security Act?

Under Bangladesh’s Digital Security Act, there are a variety of actions that are considered illegal in accordance with the provisions of the law. These actions include:

  • “Unauthorised access in critical information infrastructure (CII)”.
  • “Illegal entrance to a computer, digital device, or computer system”.
  • “Damage to a computer or computer system”.
  • “Offences relating to a computer source code change”.
  • “Digital or electronic forgery”.
  • “Digital or electronic fraud”.
  • “Identity fraud”.
  • “Punishment for collecting or using identity information without permission”.
  • Cybercrime.
  • “Regarding e-transactions without legal authority”.
  • “Illegal transferring, saving, etc. of data or information”.
  • “Hacking-related offences”.

Citizens of Bangladesh who engage in any of the actions mentioned above are subject to a variety of administrative, monetary, and criminal penalties. For example, if an individual is found to have engaged in the unauthorised access of CII, then such person may be punished with “imprisonment for a term not exceeding 14 years and/or with a fine not exceeding BDT 10 million ($112,066)”. Conversely, damaging a computer system within Bangladesh can lead to “imprisonment for a term not exceeding seven years and/or a fine not exceeding BDT 1 million ($11,210). Individuals who engage in digital or electronic fraud are also subject to “imprisonment for a term not exceeding five years and/or with a fine not exceeding BDT 500,000 ($5,599)”.

While many of the actions that have been taken by the Bangladeshi government in relation to the Digital Security Act are allegations that have yet to be conclusively proven in a court of law, the Digital Security Act nevertheless stands as an example of the ways in which data privacy legislation can be used to infringe on the rights of individuals and citizens as opposed to protecting them. As the law does not provide Bangladeshi citizens with any rights as it relates to their personal data and privacy, it is fair to question whether the law was indeed passed with the intention of suppressing the opinions and viewpoints of the Bangladeshi public. Either way, nations around the world will need to consider the ways in which legislation relating to data protection in privacy can be used to both protect and inflict harm on their respective citizens.