Privacy is an integral part of personal liberty and protects human dignity and enables fundamental freedoms of association and expression. The right to privacy is now one of the most important modern human rights, recognized as a fundamental right worldwide (Solove, 2008). It is vital for human freedom and democratic principles, and it is incorporated in fundamental international texts, like the Universal Declaration of Human Rights, (1948) and the International Covenant on Civil and Political Rights (1966), among many others of international and regional human rights treaties (Nasir, 2015). With the era of technology at its height, when the majority of people are fully dependent on the internet and shudder at the thought of tackling daily chores without the help of a digital device, the breach of privacy has never been of greater concern as we use digital devices everywhere, digital privacy combined with protecting personal data is now an important topic (Hamidul, 2020). 

The risk comes when users on the internet, often unaware of how their data will be used, voluntarily share personal data or give their information to relatively faceless companies (Silvee & Hasan, 2018). The first data privacy law in the world was passed, in the German state of Hesse, in 1970, and the first law covering data nationwide (in the first case, specifically referred to as a personal data law) was in Sweden, in 1973. As a result, this law became a model not just for European countries, but for governments across the globe (Faruque & Habibullah, 2018). Digital privacy is a global challenge, but the idea is relatively new in the Indian subcontinent, especially in Bangladesh. The right of privacy in the digital domain is addressed by the Information and Communication Technology Act (2006), the Right to Information Act (2009), and the Digital Security Act (2018) of Bangladesh, along with some other statutory, rule and regulatory instruments (Grover, 2011). 

The purpose of this research is to critically analyze the present structure and response of the state to digital privacy primarily in light of global contexts. The study takes into account national and international legislation, rules, regulations, and judicial developments in the United States, the United Kingdom, the European Union, and India.

As technology came into reality, it created another set of problems for us, to protect privacy rights in particular in cyberspace but this emerging and integral area of study has not yet been explored in Bangladesh. Since the notion of digital privacy is new, less research has been conducted on this issue, and the existing studies often do not provide a complete focus on the Bangladeshi legal system. One pivotal but less discussed article is “The Right to Privacy in Bangladesh in the Context of Technological Advancement” by Sadiya S. Silvee and Sabrina Hasan, which although attempts to link national systems to the right to privacy, has little intersection with the current state of digital privacy in Bangladesh (Silvee & Hasan, 2018). Muhammad Omar Faruque and Sk. Md. Habibullah offers an overview of existing legislations but fails to suggest tangible means for individuals to safeguard digital privacy for themselves (Faruque & Habibullah, 2018). In the same vein, “Right to Privacy in Digital Age: A Comparative Analysis”, by Neeraj Grove, focuses on framing legislative casuistries but ignores the broader complexities of privacy rights in the digital age (Grover, 2011). Many articles, publications, and journals discuss the matters of privacy rights issues of the digital age, but none of these provide a complete and unbiased analysis of the challenges facing Bangladesh. This study attempts to fill this void by critically reviewing existing legal structures and recommending enhancements to ensure effective prevention of privacy violations in the digital age.

Objectives of the Study

1. The objectives of the study are as follows:- 
2. To explore the theory of privacy, and its use in digital platforms; 
3. To compare the legal mechanisms and measures adopted in Bangladesh and other countries regarding the right to digital privacy; 
4. To analyze the challenges related to the existing legislations in protecting the right to privacy; 
5. To make possible suggestions for the protection of digital privacy.

Research Questions

This study is an endeavor to assess, analyze, and evaluate the present existing national privacy strategy regarding digitalization in Bangladesh. Therefore, the research questions are:-

1. To what extent the present national laws relating to the right to privacy are being implemented in the digital platforms in Bangladesh? 
2. To what extent the legislation relating to privacy has complied with the international standards and theories in Bangladesh? 
3. How can a scheme for protecting privacy be enforced successfully in Bangladesh?

Methodologically, this research consists of qualitative exploration and analysis of the right to privacy in the digital era. It uses both primary and secondary data to ensure coverage of the subject matter. Primary data sources for this study comprise national and international updated statutes, case laws, and judicial decisions. Academic journals, research reports, newspapers, online resources, and library catalogs constitute secondary data. Data from the sites and pages of relevant national and international organizations are also added to provide context to the analysis. It is qualitative which will allow for a critical analysis of the legal frameworks compared to international standards and to identify the gap and the opportunity for improvement.

Theoretical Aspects 

Right to Privacy

Privacy is a highly valued right of citizens in a democratic society. However, there is no consensus definition of privacy. Scholars have long sought to explain it satisfactorily. It is among the most coveted elements of liberty in a democratic society (Esseks, 1989). Privacy has many manifestations; it includes freedoms of belief and thought, autonomy and dignity and integrity, protection of personal data, and protection from unlawful searches and interrogations (Jeffrey, 2001). It is a psychological safety that each one must have, which enables individuals to manage the degree to which their own personality is seen by others. The Younger Committee (an official inquiry into privacy which was reported in 1972: Report of the Committee on Privacy, Cmnd. 507(12), H.M.S.O., 1972) concluded that privacy could not be effectively defined (Warren & Brandeis, 1890). The term “right to privacy” generally denotes the liberty of an individual, such as their right to choose whether to disclose information about their private life, activities, attributes and/or relationships with other individuals or entities. Yet, defining a term like "right to privacy" within an official context has proven to be a complex task (Bloustein, 1964). In the United Kingdom, the Calcutt Committee noted that such a definition was almost impossible to focus on. There was no specific consensus about what the term "right to privacy" meant before Professor Alan Westin provided one in 1967 that would be adopted by the United States Supreme Court. Professor Westin characterized privacy as “the right of individuals, groups, and society to control the information flow about themselves” - specifically “the right of individuals, groups, and institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” The UK governments response to the National Heritage Select Committee in 1995 defined the meaning of the "right to privacy" as the right of individuals to be free from harassment, according to the Office of Communications (Glancy, 1999). Therefore, the right to privacy can be said to constitute considerable elements of personal liberties in it. The one thing everyone desires deeply is a physical space that can be free of intrusion, interruption, harassment, and a way to protect ones personal information.

Privacy in the Digital Age

Privacy has always been one of the basic things that a human needs. However, with more data stored digitally and getting transmitted online, it has increasingly become more important to secure data. In other words, data privacy is when data is processed according to what is intended for the data to do (Jefferson, 1801). This isnt just a corporate problem, individuals care deeply about how their data is secured. Awareness of data privacy helps people to save themselves from data privacy risks to a great extent. “Data protection” today is focused mostly on sensitive personal information otherwise known as personally identifiable information (PII) or personal health information (PHI) (Karim, 2005). Data security is just one element of the wider issue of data governance, a systematic process that enables organizations to have a fuller picture of what data they hold, where it is processed, how it moves through their IT infrastructure, and how it is being used. Data privacy is only guaranteed when best practices of data governance are put into place; transparency of data ensures confidence in data by any organization (Nielsen, 2024). The breaches in data can lead to the worst experience in cyberspace, from identity theft to financial fraud and reputational loss. Realizing how critical this is, a few nations are so dutiful - they have included personal protection clauses in their constitutions (Drury, 2024). Countries like the Republic of Bulgaria; Kingdom of Denmark; Republic of Estonia; Republic of Hungary; Republic of Poland; Republic of Portugal; Russian Federation; Kingdom of Spain; Kingdom of Sweden; Republic of Slovakia; Republic of South Africa; India and few other countries have made provisions to protect personal data privacy in their frameworks.

Privacy Violations in Bangladesh

Bangladesh has also been experiencing privacy breaches at individual, collective, and national levels, as are the global trends. For example, biometric information of all mobile phone users has been stored in service provider databases as part of digitization efforts. Although this data is gathered for security, there are fears it could be abused considering the perceived misuse of government databases (Karim, 2005). Sensitive information exposure through cyberattacks on government websites, including hacking into the Bangladesh Air Forces website in 2023, and the Election Commissions database in 2024 has compromised the privacy of thousands of stakeholders. These incidents point to deep ruptures in data protection and cybersecurity infrastructure (Sajjad, 2015). 

On the individual level, breaches of user privacy abound on social media. One prominent instance is a photograph of a couple at the  Teacher-Student Centre, at the University of Dhaka went viral without consent. Without any consent, the image was captured, and posted by the photographer which is an infringement on the couples right to privacy. Others point out that individuals have lower expectations of privacy regarding their actions in public, but this kind of widespread and unauthorized dissemination cannot be justified even in public. In addition, social media sites like Facebook can also be a hotspot of misinformation and doctored images which can cause a lot of social public impersonation scams as well as privacy abuse. These instances highlight the dire need for effective privacy regulation, data security, and public awareness in the country in this day and age of privacy issues.

Practices of Privacy Protection in Different Countries

As monitoring and surveillance systems advanced, it has now become even simpler for security agencies to invade the private lives of the people. Therefore, it is crucial to create fresh privacy laws that are relevant to todays issues. There have been several efforts at home and internationally to protect privacy rights from borders violated by different actors (Hart, 1994). Article 12 of the Universal Declaration of Human Rights (UDHR), as well as Article 17 of the International Covenant on Civil and Political Rights (ICCPR) have recognized the sanctity of privacy as a fundamental right. No national or international interference should be permitted, not to touch personal privacy, and not to undermine the reputation of the person quoted (Nugter, 1990). Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (1950) even champions the right to respect for private and family life, home, and correspondence (UNHCR) (UNHCR). In the discussion below, the practices of protection against privacy violations in other countries will be outlined including different countries approaches and protection against various privacy violations. It accordingly makes a neat round of approaches taken elsewhere toward confronting the very real issue of privacy in contemporary times.

United States of America 

Citizens of the United States have the right to privacy under the Fourth Amendment of the Constitution. This Amendment guarantees individuals the right to be secure in their persons, homes, papers, and effects against unreasonable searches and seizures. Its purpose is to protect the people and their ability to live free from unreasonable interference by the government. The Fourth Amendment, however, does not universally guarantee freedom from all types of unreasonable searches and seizures. Instead, it only speaks to those of the government that “are deemed unreasonable” according to the law as it exists now (Westin, 1968). In the United States, privacy rights are governed by a patchwork of federal and state laws - as well as regulations. This decentralized system frequently results in overlaps, contradictions, and discrepancies between jurisdictions. In addition, there are several self-regulatory guidelines introduced by governmental bodies and private organizations. These are just guidelines that recommend codes of conduct and are not statutory laws (Carney, 1997). The 1914 Federal Trade Commission Act established principles for protecting consumers against deceptive practices - whether it be failing to disclose important information or breaking privacy laws. In 1996, the Health Insurance Portability and Accountability Act (HIPAA) established some protections for medical information (Nielsen, 2024). It covers healthcare providers, data processors, pharmacies, and other organizations that handle medical information. The Health Insurance Portability and Accountability Act of 1996 (known as HIPAA) stipulates that sensitive health information can be disclosed only as needed to complete transactions and requires entities to put safeguards in place around the e-transmission of health data (Pdpecho, 2012). And it also has requirements for alerting people when their health information is compromised. Judicial Redress Act of 2016 - The Judicial Redress Act of 2016 allows citizens of the United States and certain allied countries (e.g., all EU member states) to sue U.S. federal agencies in U.S. courts when those agencies violate their privacy rights. Even with all these measures, the United States has to date not passed any data privacy legislation that could reasonably be applied to any of the public and private institutions mentioned above (Jolly, 2023). Data controllers are also much more likely to use self-regulatory or industry-based guidelines (again, application differs). The Fourth Amendment is the building block upon which most privacy protection in the United States is erected and serves as the backdrop for other privacy laws. The U.S. Supreme Court has also decided that evidence obtained through illegal searches and seizures is inadmissible under the Fourth Amendment, an essential step in defending privacy rights (Rosen, 2011; Nishat et al., 2022).

United Kingdom

The Data Protection Act, 2018 was passed in the UK to catch up with new technologies and protect individual rights. The Act refers to data controllers (who may be natural or legal persons) defined as the entity that, alone or jointly with others, determines the purposes and means of processing personal data (Cooley, 1879). This act applies to both private and public sector controllers. The Act is closely modeled on principles set out by the OECD for application nationally but also includes additional provisions (Nielsen, 2024). This includes exemptions for processing personal data for operational immigration control, for example. These exemptions could remove many of the data protection rights of foreign nationals, especially immigrants if it is deemed that those rights conflict with immigration considerations (Klitou, 2011). This has led to questions about transparency and accountability in government decisions on such issues. There are other specific exemptions in the Act as well, reflecting tensions between protecting individual liberties and the need to address broader governmental and societal concerns.

India

There is a specific privacy law in India named ‘Digital Personal Data Protection Act, 2023. The right to privacy has also been recognized as a basic fundamental right under Article 21 of the Constitution of India protecting the rights to life and personal liberty (Carter-Ruck, 1990). This encompasses the protection of a persons information, particulars, and identity; the right to live a dignified and private life; and the right not to be overly interfered with. The Information Technology Act, 2000 has also dealt with issues related to privacy. There are two, in particular, relevant sections of the Act: Section 72: This provision provides punishments for access to and disclosure of confident information stored in documents electronic records, registers, books, communications, or other documents, without the information of the person of the person. Section 66-E - This is about body privacy (Krotoszynski, 2015). It punishes those who capture, publishes, or transmits images or recordings of the private area of an individual, without the persons consent, such as photographs, videos or other recordings, irrespective of the medium used. At present, India is in the process of putting together a broad privacy and data protection law, in line with global trends in privacy governance. Such efforts have been spearheaded by a panel of experts led by Justice A. P. Shah, a former Chief Justice of the Delhi High Court. This initiative aims to confront the new realities of privacy and data protection in the digital age.

Judicial Decisions

Privacy was embraced early on in American common law, but it was not recognized at the Constitutional level. In De May v. Roberts (1881), for example, the court recognized concerns about privacy. The case involved a physician who permitted a “young unmarried man,” who had no medical training, to be present while a patient was delivering. “The idea that legislation should make provision for redress of such an act objects strange to our sense of right, fairness, and propriety,” the court said. It was a personal event for the appellant, and others had no right to attend unless invited or present due to a relevant and overriding necessity. A right to privacy has been recognized in India as a fundamental right under the Constitution under Article 21 (right to life and personal liberty), which includes protection of information, identity, and dignity of a person. In Sharda v. Dharmpal, the Supreme Court described privacy as “the state of being free from public attention or intrusion to the private life of an individual or group of individuals.” A ground-breaking judgment in India was K. S. Puttaswamy (Retd.) v. Union of India, where the Supreme Court held that right to privacy is a fundamental right, even in age of technology. The Court drew the reasonable limits of privacy protection invoking Article 21 of the Constitution. The case raised questions about the Aadhaar program, a national program that granted citizens a unique identification number for availing of government and non-government services. The Court also found that the program presented grave risks of intrusion on privacy and ordered the government to take ways to ensure privacy. The Court held additional conditions: while Aadhaar could be used for certain financial and other services, it should not be compulsory for welfare services. The Court explained that the right to privacy is not absolute; however, any interference with privacy must be under law, pursued for a legitimate aim, and proportionate to the aims of data collection.

Evaluation of National Laws on Privacy in the Digital Age

As there is no specific legislation on privacy protection, Bangladesh has a fragmented collection of regulations on privacy protection. Although older laws have not given enough attention to this, few contemporary legislation incorporate several modest measures for the protection of personal privacy, but they are extremely insufficient. In this portion, we will discuss Bangladeshs privacy-related laws to analyze the degree to which it conforms with international norms and global best practices.

The Constitution of the Peoples Republic of Bangladesh

The Bangladesh Constitution contains a provision recognizing the right to privacy, which states that every citizen shall have the right to the privacy of his communications and other means of communication, subject to any appropriate limitations imposed by statute in the interests of state protection, public order, public morality, or public health. No legislation may be established that infringes on the privacy of communications and letters unless there is a valid governmental interest in the issues stated in Article 43. According to the aforementioned article, the right to privacy of home and communication is subject to various exceptions such as state security, public order, state morality, and public health, where the government has the authority to impose reasonable limits via state legislation. According to the article, no authority is permitted to enter a citizens home and search or take property without authorization by law. However, several of the exclusions in the article require that the unique limits be explained. 

Otherwise, any restriction would be considered unlawful unless it was near or associated with such interests. Furthermore, if the aim may be accomplished via less stringent methods, or if the act does not provide a mechanism for confirming the arbitrary or illegal use of search or seizure authority, it is invalid. Although this provision has been criticized as outdated and ineffective, it has allowed courts to provide several interpretations. India had to accept the rejection of the right to personal liberty to include the right to privacy as a basic right, but Bangladesh judiciary could more readily interpret its supposedly analog privacy article to face the ever-changing new issues of the digital era (Islam, 2012).

The Information and Communication Technology Act, 2006

The short title of Act No. 39 of 2006 means that the Act intends to provide for the recognition and protection of information and communication technology (ICT), and related matters as appropriate. It gives the government authority to create rules to regulate processes and procedures to ensure electronic records and payments are securely integrated, and that privacy is protected in the use of electronic signatures. The Act makes it essential for Certifying Authorities of electronic signatures to act per security measures designed to ensure the confidentiality and privacy of digital signatures. Moreover, the Controller, who supervises the actions of Certifying Authorities, should protect the confidentiality and privacy of digital signatures by using appropriate software, hardware, and procedures as per applicable security standards at all levels. However, Section 55 states that anyone who intentionally or unintentionally tamper, destroy, or  conceal any computer source code used in any data, program, or network can be convicted. Section 66 of the Act defines hacking as a crime. 

Hacking is defined as any activity where a person causes damages to be caused to any computer, computer network, or electronic system that is not their own, punishable with a maximum of ten years imprisonment and a fine of up to one crore taka. If a person attempts to access an information system even against the provisions of section 66 then such access if done without authorization is an offense as it can breach privacy. While many other provisions of our law implicitly conceal the right to privacy, Section 72 embodies the core of law on protection of information, even going so far as to willfully state that no one who accesses electronic records, books, correspondence, information, registers, documents or any other material in electronic form shall disclose such information to any person without the consent of the person concerned is said, to have committed an offence. 

Punishment for such offense: up to two years in prison and/or fine up to 2 lakh taka. In terms of this statute, any person entitled by an act constituting any of the above violations the director, secretary, manager, partner, officer, or staff directly connected with the offense will be held liable. This clause makes the corporation legally liable. Therefore, despite the fact that the ICT Act is strong on the concern of illegal access to digital devices, it is not strong with respect to activities in anonymity. It arguably falls short in the prevention creation stage at the pre-breach stage given the clear need to penalize these types of breaches by individuals or massive corporations.

The Cybersecurity Act, 2023

The Cybersecurity Act, 2023 repealed the Digital Security Act, 2018, inspired by rising concerns over data privacy and state security in the digital era. The Act explores the concept of identification information very broadly, including biological data, fingerprints and voice prints, retina images, and digital signatures and other identifiers. The act is widely used to safeguard such information from misuse and impose punishment for breaking this law. The Cybersecurity Act established the Cybersecurity Agency to protect users data on all digital fields in Bangladesh. This encompasses the duty to take all possible cyber-security precautions for privacy protection online and over online data security threats. The act established the Bangladesh Cyber Emergency Response Team to respond to hacking attacks and security breaches instantly. Despite stronger privacy safeguards and criminal penalties for violating digital rights, including fines and imprisonment for illegally releasing or distorting others personal information, the Act concerns about the Cybersecurity Acts extent. Section 29 prohibits printing anything threatening or corrupting against someone, limiting freedom of expression, for one thing. Additionally, the act enables Internet companies to share data with the appropriate authority during investigations. It may undermine the laws security and privacy safeguards.

The Right to Information Act, 2009

Bangladesh enacted the Right to Information Act in 2009, integrating the right to information with the right to freedom of thought, conscience, and expression. The Act, however, does not delineate the right to privacy. Nonetheless, the Act provides some privacy-related safeguards under Sections 7(h) and (i). Authorities are not obligated to provide information that might infringe upon an individuals privacy. Section 7 explicitly specifies that “no authority shall be required to provide the following information … any information whose disclosure would violate privacy.” In this context, the Right to Information Act does not explicitly articulate the right to privacy of private life, but it can be employed to safeguard personal data in instances where the disclosure by an authority would infringe upon an individuals privacy, whether that authority is a government entity, statutory organization, or any private institution receiving foreign or state aid

Other Statutory Provisions

Bangladesh Telecommunication Regulatory Commission (BTRC) is the regulatory agency that functions under the Bangladesh Telecommunication Regulatory Act of 2001 and is responsible for telecommunications privacy. According to the Act, the BTRC has the power to levy a maximum penalty of Tk 300 crore on telecommunications providers for contravening BTRC regulations. The BTRC has mandated all relevant authorities and corporations to implement safeguards safeguarding user privacy, explicitly stating that user fingerprints must not be retained in any format and should be meticulously overseen. In addition to these rules, the ICT security standards are also promulgated concerning the safety of the financial sector of Bangladesh Bank. It is worth mentioning that under the provisions of these enabling laws, although Bangladesh has initiated the collection of biometric data from its citizens, the BTRC so far has not formulate any regulation or policy that can be termed even as good enough in protecting the privacy right of greater population.

Bangladesh Judiciary on the Right to Privacy

The High Court Division (HCD) Bench, comprising Mr. Justice Syed Muhammad Dastagir Husain and Mr. Justice AKM Shahidul Huq, gave this ruling after hearing a written petition and supporting the validity of the gathering of biometric data. The Court overruled a previous verdict deeming the biometric SIM registration procedure as unconstitutional but ordered the government, the telecoms, and other institutions to be extra cautious in processing and maintaining personal customer information against illicit exploitation. The Court also urged the telecom operators to obey BTRC standards on the safeguarding of personal data. If the operators do not comply with data protection regulations, the BTRC may impose substantial penalties. A remarkable disparity appears in the judiciarys view on biometric data gathering in both Bangladesh and India. In Puttaswamy, the Indian Supreme Court used a wide perspective to apply and enlarge the parameters of the right to privacy in the digital era. In contrast, the Bangladesh court wasted a chance to develop timely and comprehensive jurisprudence respecting privacy rights, notably in the digital and biometric data realms, by not interpreting the events of preceding years in light of the change in policy toward surveillance. Not only did the Indian verdict deal with privacy problems pertinent to the digital era but it also pointed out how future privacy-related laws needs to be crafted something the Bangladeshi court was required to do but did not.

Key Findings

1. Privacy breaches in Bangladesh are increasing day by day at individual, collective, and state levels where huge risks has always been there for personal and government data.
2. With so much biometric data being gathered from mobile phone users, fears have been raised over the privacy risks involved, especially in light of the inadequate security measures often found in government and service provider databases. 
3. Previous cyberattacks targeting government websites like the Election Commission and Breach of Bangladesh Air Force have leaked sensitive personal data, indicating a vulnerability of our national digital infrastructure. 
4. Social media platforms like Facebook have become a medium for unrestrained violations of personal privacy; the recent ruthless sharing of a couple of photographs depicted from the Teacher-Student Center, University of Dhaka stands witness. 
5. The report reflects the prioritization of digital privacy concerns, which calls for the need for comprehensive privacy law, better data security safeguards, and greater public awareness. 
6. The USA and UK have been individually remarkable in the protection of privacy through their laws, followed by the other countries and thus we would be able to gather the best logic of applying the laws of privacy which would be compatible with Bangladesh. 
7. Bangladeshs privacy protection laws are patchy, lacking any comprehensive privacy or data protection laws. 
8. And although Article 43 of the Constitution secures the right to privacy, the wide exceptions concerning national security, public order, and public health leave space for misuse. 
9. The Information and Communication Technology Act, 2006 alludes to the digital privacy of individuals, yet it mainly constitutes concerns about data security and cybercrime rather than producing effective measures for protecting digital privacy and establishing some standards of data governance. 
10. The ICT Act and Cybersecurity Act, which were supposed to protect the privacy of Bangladesh citizens, have weak enforcement options, which leaves holes in Bangladeshs data protection framework, and it means that privacy violations within the country can still continue.

Recommendations for Strengthening Privacy Protection in Bangladesh

A Fresh Law on the Right to Privacy through Developing National Privacy Strategy 

The existing scrappy privacy structure of Bangladesh should be recast and it is necessary to develop a comprehensive national privacy strategy that will provide a coordinated approach between different government agencies. It is inferred that the present approach of the various existing laws is ‘digital security but it wont be worthy if we have such capability to ensure data protection and other privacy issues. Such strategies can be tested by drawing up BTRC guidelines to fill the gaps before the new law comes into force. The new privacy strategy must include an appropriate mechanism of accountability that will be able to ensure that the responsible authority does not misuse its powers or do something ultra vires. The govt. should also draw up a guideline for biometric data that is at great risk.

A Dedicated Central Body 

The govt. should set up a National Commission to oversee privacy issues in the proposed legislation. Such a body can oversee the privacy rights and can build awareness. Strong enforcement mechanisms can be established by a full Commission. It must be fitted with technological tools and experience to successfully wield its strength. The audacious function of the data controller can be repeated through best practices. The information commission constituted in Bangladesh under the Right to Information Act can also be used as a stopgap measure as part of the data security obligations. At all events, organizations concerned with personal information should be expected to file and inform the Commission prior to the collection of such data outside Bangladesh. Certification authority can be formed to certify whether public or private data controllers provide an acceptable standard of safeguards.

Following the International Standards of Data Privacy 

Data security standards of GDPR, OECD, APEC, and other good practices should be expressed in the proposed legislation. The new legislation should specifically set out the grounds for the collection, monitoring, alteration, and deletion of data by the data subject with their proper access to that data. The period for data protection should be explicitly specified. It should ensure that individuals are explicitly and visibly aware of the processing of data. Global requirements, such as records, must be processed equally transparently and legally, gathered exclusively for particular legal purposes; acceptable, relevant, and restricted to what is required; reliable and up-to-date; kept for as long as is necessary and, ultimately, maintaining appropriate protection, honesty and secrecy should be categorically there. Bangladesh should also follow, when addressing the question of the privacy of its residents, a detailed strategy more private, in order to decide how individuals can access information if their information is compromised and any information is infringed.

Raising Peoples Awareness 

Since citizens do not know how their data is misused, rights campaigners, journalists, NGOs and representatives of civil society should make people aware of these rights as promoted under the OECD guidelines. They are not aware of this. A public awareness-raising initiative called #saveourprivacy in India helped to draft a separate privacy law for them. 

Monitoring Government Exercise 

The Governments power to ask private authorities for information should be monitored. A number of abuse incidents have occurred. If the government unreasonably exercises that power, it can be dangerous. For example, the government can tap any call that threatens the privacy of even non-criminal personal calls where the caller does not want it shared, according to the current telecommunications law.

Addressing Various Issues under the Privacy Umbrella 

Bangladesh must accept and incorporate its privacy domain in the USA as a possible goal, medical data, and the electronic transfer of such data. Indian justice has ruled that drug profiling, polygraph, and brain mapping as private knowledge could not be used without consent. The Digital Security Act proposed fingerprints, digital signatures, user names, voice prints, retina photographs, iris images, security problems, or other identification available for the utility of technology as identification information other than orthodox understanding. These problems can also be defined in the current Privacy Strategy.

Cautiously setting up the Exemptions 

Exemptions from the right to privacy should be set out very carefully so that they are not absurd or should not be misused. For example, with the exception of the Bangladesh Constitution, public morality may be viewed cynically. If we take the case of arresting LGBT people when they were persecuted for being LGBT, we see a privacy breach because they didnt want to reveal their identification, however, it was exposed by the police. The police can effectively protect public morality by marking identification against public morality. It can therefore be argued, in compliance with the EU Convention on Human Rights, that such interference can be justified by those who are legal, valid, and necessary in a democratic society. The legitimate purposes include national security, public safety, economic well-being, the prevention of disorder or violence, the preservation of health and morality, and the protection of the rights and freedoms of others.

We inhabit an age when the right to privacy is crucial. In its age of globalization and breakthroughs in technology, the privacy of the state and the individual is under further attack. Given that online platforms and social media have become essential features of everyday life, there is no greater need than to adopt comprehensive privacy legislation that is built on the premise of digital security. Previously, privacy was held by some major methods, such as telephone booths or postal letters. However, conventional modes of communication have been made irrelevant by the electronic media in todays linked digital world. It is important that we also apply privacy protections to these electronically-submitted forms. Today, vital information - professional-specific emails, personal applications, financials, and more - is shared through a plethora of web servers, which has created further risk. Social media especially serves as a core channel for exchanging personal information, complicating privacy protection more than ever. With the dangers associated with sharing information in the digital realm, there is a dire need to create strong wide-reaching e-privacy legends. Although existing privacy laws are scattered and vague, they highlight the urgent need to update and craft a unified, modern privacy framework. This framework should be built on internationally accepted principles and should specify the responsibilities of the State, companies and private organizations, and third parties about the rights and interests of data subjects.

M.B.K.: contributed to conceptualizing, drafting, reviewing, and editing the manuscript. B.G.: contributed to investigation, visualization, and reviewing of the manuscript.

First and foremost, the authors express sincerest gratitude to the Almighty for bestowing upon them the health, knowledge, ability, and opportunity to under-take and complete this research endeavor. Without His divine guidance and protection, this journey would not have been possible. The authors also extend their heartfelt thanks to all the respondents who generously dedicated their time and provided invaluable insights, enriching the depth and quality of this study. 

The authors declare that there is no conflict of interest.