In the days before May 25, email users all over the world were bombarded with a barrage of electronic messages updating them on something called the General Data Protection Regulations (GDPR). Observers claim that the number of messages dispatched by businesses throughout the world on the occasion might have surpassed those sent during Christmas or New Year. On that day, Europe became subject to the GDPR, a law aimed primarily at bringing outdated personal data laws across EU up to speed with the fast-moving digital era. GDPR has an impact far beyond Europe.
The GDPR foresees new rules on the collection of personal information/data by businesses and public sector organisations from EU citizens. It defines the limits for processing of such data and sets new rights for citizens on the use or abuse of their personal data. It confers on citizens the right to access information that companies hold on them. It establishes strict criteria for businesses on the transfer of such data outside EU; importantly, the law also includes measures to be taken if this new law is violated.
GDPR goes beyond EU boundaries because of the tremendous reach of modern technology. Every entity that operates within the EU or deals with EU citizens, wherever they may be, must ensure that their activities comply with GDPR.
It is this global impact of the GDPR which explains why people all over the world, including in Bangladesh, received email messages from such entities as Apple, Amazon, Facebook, Google, Microsoft, Twitter and hundreds of others to which they are linked. The new regulations require the entities to inform us about the security and processes of all data they have on us, to comply with GDPR.
Such developments underline the importance of transparency in relation to information needs and data protection of citizens. It heralds the advent of new standards in the relationship between citizens and the state, in particular. The latter must change from the age-old culture of secrecy and autocracy and move towards transparency and accountability.
It was not very long ago that all information at the disposal of the government was its sole preserve and could be kept away from ordinary citizens. This is no longer the case legally. The Right to Information (RTI) and Freedom of Information (FOI) laws, which have been adopted by most states of the world, now require governments to be open to the people regarding all information at their disposal, except a few.
In Bangladesh, we are yet to fully comprehend and take advantage of the opportunities that have arisen for us through the adoption of our only transparency instrument so far, namely the Right to Information Act, 2009. As for citizens' right to privacy, or RTP, we are yet to have a law. In fact, there is little awareness and very little discussion on the subject. More than 80 countries in the world have, however, legislated on the collection and use of personal data by public and private bodies.
The advent of GDPR and its impact worldwide will hopefully change the situation for the remaining countries. The recent blizzard of related emails is likely to help people realise that there are individuals, organisations, and companies who are either “controllers” or “processors” of personal data on us. Such data stitch together complex sets of information that can be used to identify a person, potentially including genetic data, information about religious and political views, sexual orientation and the like. It is not difficult to understand how susceptible all this data is to abuse.
An article in the Washington Post on June 2 entitled “Hands off my data!” depicts a graphic picture of how our personal data is collected without our knowledge: “Google has been saving a map of everywhere you go, if you turned on its Assistant when you set up an Android phone. Amazon makes your wish list public—and keeps recordings of all your conversations with Alexa. Facebook exposes to the public your friends list and all the pages you follow, and it lets marketers use your name in their Facebook ads. By default, Microsoft's Cortana in Windows 10 gobbles up … pretty much your entire digital life.”
If the above picture bothers us, we must pay heed to the new privacy policies that the companies concerned have been communicating to us more recently as a follow-up to GDPR. We can ignore them only at our own peril, since our inaction may cause loss of our data by default.
It is equally important to remember that our right to privacy is directly linked to our right to information. They are two sides of the same coin. In Bangladesh, we shall shortly commemorate the ninth anniversary of the RTI Act, 2009. We need to look back at the status of its implementation. Everyone agrees that the law is yet to make a deep impression on the minds and imagination of the people and public authorities alike. This should concern us all.
While some RTI requests are being made to public offices and some responses are being provided in a pro forma manner, there is no excitement about it either from the demand or the supply side. Many public offices are still reluctant to respect legitimate requests. The Information Commission too is carrying on its business perfunctorily, keeping the system alive, with little effort to go the extra mile.
On its part, the government must recognise that its success in putting Bangladesh on the map of developed nations will depend largely upon transparency and accountability in governance. This is why RTI was made part of UN's Sustainable Development Goals (SDGs).
Just as people need adequate, accurate information on the functioning of their government, the latter too can benefit by examining the trend of peoples' RTI requests. They indicate which government offices receive greater public attention and why. Only with such interactive and interdependent citizen-state relationship can the engine of development be properly fuelled.
Shamsul Bari is Chairman, Research Initiatives, Bangladesh (RIB) and and Ruhi Naz is Project Coordinator (RTI section), RIB.