Saturday , December 21 2024

Data Protection Act will be a regulatory tool like DSA: TIB

Transparency International Bangladesh (TIB) believes that the draft Data Protection Act, designed to protect information, will be as arbitrary as the Digital Security Act (DSA) if it is finally passed into law. The TIB released its observations on the draft Data Protection Act, 2023 at a press conference in the capital on Monday (April 17). TIB has identified various risks in monitoring the Act.

TIB says that if the law is implemented, the government will abuse its power to monitor individuals and strengthen its control over organizations working on human rights. The TIB’s observation says that while there is a demand for the formation of an independent commission outside the control of the government to monitor the issue of personal data protection, the discussed draft proposes the formation of a data protection agency, which will be appointed by the government.

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies  Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)  Sophos resolved 3 critical vulnerabilities in Firewall

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability

Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
CVE-2023-48788  Kaspersky reveals active exploitation of Fortinet Vulnerability

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
U.S. Weighs Ban on Chinese-Made Router TP-Link:  WSJ reports

Daily Security Update Dated: 18.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 18.12.2024

CISA released best practices to secure Microsoft 365 Cloud environments

CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365...
Read More
CISA released best practices to secure Microsoft 365 Cloud environments

Data breach! Ireland fines Meta $264 million, Australia $50m

The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach...
Read More
Data breach! Ireland fines Meta $264 million, Australia $50m

This agency is again empowered to access data, servers, prohibit data processing and order deletion of data of any controller/processor. And the fact of ensuring the proper application and execution of the Act has been left to a person appointed and necessarily controlled by the Government, with the provision that in initiating an inquiry ‘if it is reasonable to the Director-General.

Risk also states that where the government itself is the data (personal information) user and processor, it is not clear how another government agency can ensure that the government is complying with the law. It also said that such precedent of conflict of interest raises new fears that, like the Digital Security Act, this law will also be arbitrarily misused. The privacy of individuals’ information will be violated with the help of the government. If it goes against the government’s position, access to the server of any company, deletion of data and ban on data processing will happen.

As a result, the government’s power to monitor individuals, its abuses and control over organizations working on human rights will be strengthened. According to the observation, the discussed draft mentions three types of data, sensitive data; user generated data and classified data (classified data) which are subject to storage obligations within the country’s borders. It also talks about imposing restrictions on data transfer.

The risk this creates is that by keeping the data stored within the country’s borders, the power to monitor and make decisions on the data is effectively placed in the hands of the government. Given the enormous power of the Data Protection Agency under the direct control of the government and no effective safeguards against its abuse, the proposed draft will surely undermine people’s constitutional rights to freedom of speech and privacy. Monitoring of social media and people’s personal communication by various agencies of the government will be strengthened.

As data localization is expensive for small and mid-sized organizations, they will be left out of the competition. In addition, consumer spending will also increase as business expenses of all levels of organizations increase. The TIB report found that the country’s digital exports could drop by up to 45 percent depending on what kind of restrictions are imposed on data transfers. Growth rate may drop to 0.58 percent. Besides, there is fear of negative impact on foreign investment.

The draft states that, in case a company commits any offense under this Act, every owner, chief executive, director, manager, secretary, partner or any other officer or employee or representative of the company shall be deemed to have committed the said offence, unless he. Be able to prove that the offense was committed without his knowledge or that he tried his best to prevent the offence.

This section proposes a system in direct contrast to the principle of onus of proof in the criminal law. As a result, legal risk has been created for all organizations working on civil rights, media and all types of domestic and foreign organizations. And this risk is not limited to monetary penalties as the Criminal Procedure Code provides for enforcement. The experience of harassment of journalists and civil society under the Digital Security Act in Bangladesh does not guarantee that nothing will be done with the Data Protection Act.

Dr. Iftekharuzzaman, Executive Director of TIB, consultant-executive management, Sumaiya Khair, Outreach and Communication Director Sheikh Manzoor-e-Alam, Data Protection Expert Dr. Tariqul Islam were present at the press conference.

 

 

Check Also

Delinea’s customer meetup at Dhaka, promising quality services

Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless …

Leave a Reply

Your email address will not be published. Required fields are marked *