Tuesday , September 10 2024

Data Protection Act will be a regulatory tool like DSA: TIB

Transparency International Bangladesh (TIB) believes that the draft Data Protection Act, designed to protect information, will be as arbitrary as the Digital Security Act (DSA) if it is finally passed into law. The TIB released its observations on the draft Data Protection Act, 2023 at a press conference in the capital on Monday (April 17). TIB has identified various risks in monitoring the Act.

TIB says that if the law is implemented, the government will abuse its power to monitor individuals and strengthen its control over organizations working on human rights. The TIB’s observation says that while there is a demand for the formation of an independent commission outside the control of the government to monitor the issue of personal data protection, the discussed draft proposes the formation of a data protection agency, which will be appointed by the government.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

This agency is again empowered to access data, servers, prohibit data processing and order deletion of data of any controller/processor. And the fact of ensuring the proper application and execution of the Act has been left to a person appointed and necessarily controlled by the Government, with the provision that in initiating an inquiry ‘if it is reasonable to the Director-General.

Risk also states that where the government itself is the data (personal information) user and processor, it is not clear how another government agency can ensure that the government is complying with the law. It also said that such precedent of conflict of interest raises new fears that, like the Digital Security Act, this law will also be arbitrarily misused. The privacy of individuals’ information will be violated with the help of the government. If it goes against the government’s position, access to the server of any company, deletion of data and ban on data processing will happen.

As a result, the government’s power to monitor individuals, its abuses and control over organizations working on human rights will be strengthened. According to the observation, the discussed draft mentions three types of data, sensitive data; user generated data and classified data (classified data) which are subject to storage obligations within the country’s borders. It also talks about imposing restrictions on data transfer.

The risk this creates is that by keeping the data stored within the country’s borders, the power to monitor and make decisions on the data is effectively placed in the hands of the government. Given the enormous power of the Data Protection Agency under the direct control of the government and no effective safeguards against its abuse, the proposed draft will surely undermine people’s constitutional rights to freedom of speech and privacy. Monitoring of social media and people’s personal communication by various agencies of the government will be strengthened.

As data localization is expensive for small and mid-sized organizations, they will be left out of the competition. In addition, consumer spending will also increase as business expenses of all levels of organizations increase. The TIB report found that the country’s digital exports could drop by up to 45 percent depending on what kind of restrictions are imposed on data transfers. Growth rate may drop to 0.58 percent. Besides, there is fear of negative impact on foreign investment.

The draft states that, in case a company commits any offense under this Act, every owner, chief executive, director, manager, secretary, partner or any other officer or employee or representative of the company shall be deemed to have committed the said offence, unless he. Be able to prove that the offense was committed without his knowledge or that he tried his best to prevent the offence.

This section proposes a system in direct contrast to the principle of onus of proof in the criminal law. As a result, legal risk has been created for all organizations working on civil rights, media and all types of domestic and foreign organizations. And this risk is not limited to monetary penalties as the Criminal Procedure Code provides for enforcement. The experience of harassment of journalists and civil society under the Digital Security Act in Bangladesh does not guarantee that nothing will be done with the Data Protection Act.

Dr. Iftekharuzzaman, Executive Director of TIB, consultant-executive management, Sumaiya Khair, Outreach and Communication Director Sheikh Manzoor-e-Alam, Data Protection Expert Dr. Tariqul Islam were present at the press conference.

 

 

Check Also

Delinea’s customer meetup at Dhaka, promising quality services

Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless …

Leave a Reply

Your email address will not be published. Required fields are marked *