Bangladesh is moving forward in terms of information technology and employment opportunities are emerging. This opportunity has been created by various governments and private initiatives and the efforts of the youth have increased the use of information technology and the use of the Internet is also increasing (Ministry of Post and Telecommunications, 2023). In the coming days, 10 percent of the work will be computer programming, 20 percent will be technology dependent and the remaining 70 percent will be done by humans (Carrasco, 2024). 

According to Courseras 2024 Global skills report, Bangladesh still lags behind in technology skills. The report ranked Bangladesh (96th), India (87th) and Vietnam (54th) as relatively low.  But there are some positive aspects, such as Bangladesh Computer Council (BCC) trained 36,000 people in diploma, PGD and short-term courses between 2010 and 2022. Also imparted basic ICT training to 7890 teachers as master trainers and 112189 students (Bangladesh Computer Council, 2022). BCG Senior Partner and Global Leader for Digital Government in Armenia Miguel Carrasco said technology creates jobs. Skills in technology areas such as cyber security and data analysis are in increasing demand, with particular emphasis on skills in the use of tools such as Excel and Power BI. Additionally, according to the Presenting the 2024 courser a global skills report, global participation in generative AI courses has increased by 1060% year-over-year, indicating readiness for AIs impact on the workplace (Coursera, 2024). To cope with the fifth industrial revolution, the information technology sector of Bangladesh has emphasized various infrastructural developments including the development of skilled human resources. According to the United Nations E-Governance Development Index (EGDI) of 2024, Bangladesh ranks 100th out of 193 countries. In 2022, Bangladeshs position was 111th, which means an improvement of 11 steps in two years. In this index, Bangladeshs score is 0.6570, which exceeds both the South Asian average (0.5855) and the global average (0.6382). Moreover, Bangladesh is now the least developed country (LDC) with the highest EGDI score. Bangladesh is ranked 70th in the E-Participation index, which indicates a 5-step improvement compared to 2022 (United Nations, 2024). As a result of various effective initiatives, Bangladesh has started to receive international recognition in information technology for several years. It is noteworthy that Bangladesh has received ITU Award and South Award as well as several other prestigious recognitions. But industry development needs more emphasis. For this, various initiatives including e-government should be taken along with the information technology industry, through which the local market of domestic companies will expand. And along with this will be the need for a strong Cyber Security and Data Protection Act and protecting the nations institutions and people from online threats (Bangladesh, 2023). 

The United States, the United Kingdom (UK, 1990), and the European Union were the first to enact various laws related to cyber security. Cyber security Act, 2023 and the proposed Act 2023 has become one of the main laws to provide online security to the people of Bangladesh? A comparative analysis with the laws of other countries is necessary to verify the international standards of the law. The writing is a small effort of his. The scope of information technology is now very wide. Its security risks and countermeasures have come to the fore and countries have enacted laws accordingly. The United States has a number of laws governing various types of data protection. For example: Health Insurance Portability and Accountability Act, Childrens Online Privacy Act, Gram Leach Bailey Act these laws protect health, child and financial information respectively (U.S Government, 1996-2015; Baloch FA., and Niazy MS., 2025). 

In the European Union, the General Data Protection Act protects citizens personal data. The UKs Computer Misuse Act clamps down on criminals involved in data fraud, computer hacking and other cybercrimes (EU, 2016). The Bangladesh Cyber Security Act has provisions to prevent computer networks, computer systems, digital information, and computer hacking and other crimes related to information technology. However, there are some clauses in it that have no direct relation to cyber security. James: Defamation Offenses against religious sentiments and Official Secrets Act 1923. The law must be clear about the context of the offense and its underlying meaning. Section 25 of the Cyber Security Act 2023 is vague and can be interpreted differently, which makes it possible to easily criminalize legitimate events such as factual criticism and expression of opinion (Amnesty International, 2023). According to the critics, the main reason for the misuse of the Cyber security Act 2023 is the vagueness, moreover, the proposed Data Protection Act 2023 also has many ambiguities (Human Rights Watch, 2022). 

The United States Federal Information Security Modernization Act mandates and oversees preventive measures for the security of computer systems, sensitive data, and networks. The European Unions Information Security Directive provides guidance on the security of computing systems associated with emergency services, communications systems, banking and healthcare facilities. Section 16 of the Cyber Security Act, 2023 provides for protection of important and sensitive information of the country. But the theft of National Identity Card information from government websites and earlier the theft of Bangladesh Banks reserves (Amnesty International, 2023; Oxford Analytics, 2022) prove that the existing cyber security laws in Bangladesh have completely failed to prevent such incidents and the proposed Data Protection Act, 2023 includes the provision of data protection office, consent and right to data collection and processing but Article 10/A states that relevant authorities can collect data for the purpose of national security, crime prevention or investigation which may affect personal privacy. Can The United Nations have expressed concern over the marriages potential impact on personal privacy. The United Nations has expressed concern that this could lead to excessive government surveillance of personal data (United Nations Special Rapporteur, 2023). Section 43 of the Cyber security Act 2023 gives a junior police officer the power to arrest without a warrant on suspicion of any cyber security risk, (Human Rights Watch, 2023) which has raised concerns about its misuse by human rights groups. According to section 66 of the proposed Data Protection Act 2023, (UNODC,2021) the government can issue any direction in the name of national security or sovereignty and the DG will be bound to comply with it. It would have done better if the warrantless arrest provision in the Cybersecurity Act had been completely repealed, strengthening the governments control over personal data. If not, various measures could have been put in place to reduce its misuse. Eg: Presence of an Executive Magistrate at the inquiry. The United Nations Commission on Human Rights has recommended the repeal of Sections 21 and 28 of the Cyber Security Act and the amendment of eight other sections (United Nations Commission on Human Rights, 2023). 

These clauses are against freedom of speech and free journalism and they are against internationally recognized civil and political rights. In order to change these rules, I think that the complete revision of the entire law is necessary. Along with the proposed data protection bill, the additional power of the government, the burden of independent management, also the mandatory of all information of the country and the lack of a process to take quick action after the theft of information and additional punishment for minor crimes or minor crimes have been arranged. Moreover, IT has been made for the executive department through many other clauses. So the law is made more executive and vague. So this law is also comprehensive. I think that reform is applied. The Official Secrets Act 1923 is a law for information theft and espionage that has nothing to do with information technology and its inclusion in the Cyber Security Act is unreasonable and creates opportunities for various misuses (Bangladesh, 2023). 

On the other hand, the proposed Data Protection Act 2023 has the absence of Whistleblower Protection which is a major deficiency or opportunity to prevent administrative corruption or misuse of information. In the past years, there have been more than 7,000 cases under the Cyber Security Act (Dhaka Tribune, 2023). In very few cases, criminals have been convicted and sentenced. Which clearly shows that this law is state or private or very rarely misused?

Research Problem

The proposed Data Protection Act 2023 and Cyber security Act 2023 have limitations such as: If we talk about Data Protection Act 2023 then there is lack of privacy, opacity, vagueness, weakness in implementation of civil rights, lack of public awareness and if we think about Cyber security Act 2023 then there is lack of freedom of speech, excess power of security agencies, ambiguity, weakness of technology. Although there has been a lot of development in information technology in Bangladesh, the legal and quality framework of personal information protection and cyber security is still missing. For example: to say that customers can easily embezzle their money through mobile banking, fraudsters and threats are also happening using social media information, besides using photos, artificial intelligence is being used to create pictures. Moreover, we often hear about money laundering abroad through various gambling apps. This gambling scam is also easily available online. We are observing the misuse of various tantra technologies in the society. 

The enactment of the Cyber security Act 2023 and the drafting of the Data Protection Act 2023 indicate the governments progress in tackling digital threats and providing data protection to citizens. However, linguistic ambiguity, weak implementation and inconsistency with international human rights and data protection standards (eg: GDPR) are clearly observed in these two laws. While the Cyber Security Act 2023 is primarily aimed at curbing cyber crime, it incorporates many of the contro-versial provisions of the Digital Security Act 2018, such as vague links to crimes and additional powers to law enforcement agencies. As a result, freedom of expression, journalism and critical opinion are threatened. On the other hand, the Data Protection Act 2023 does not have a mechanism to establish an independent regulatory authority, the process of obtaining transparency and consent in the use of personal data is also weak and data localization is mandatory, which may hinder international investment in the technology sector. In this situation there is a clear gap between legislative intent and actual implementation. Ambiguity in the law, over-regulatory clauses and lack of effective oversight are endangering privacy and cyber security rather than protecting it. The main objective of this research is to analyze the existing deficiencies of Bangladeshs cyber security and information protection laws and present a proposal for a more effective and human rights compliant policy reform in line with international standards.

Objectives

The purpose of the research paper is to give an analytical opinion on the limitations, ambiguity and reality of the existing cyber security law of Bangladesh Cyber security Act 2023 and the draft law related to information protection Data Protection Bill 2023 and to make recommendations for the solution for the citizens which can ensure the digital rights of citizens, privacy of personal information and freedom of speech as well as sustainable development in the information technology sector. The objectives are

1. Analyzing the basic structure and provisions of Bangladesh Cyber Security Act 2023 and Data Protection Bill 2023.
2. Identify civil rights gaps in laws.
3. Verifying or determining relevance through comparative analysis with international standards such as GDPR, UA Hippa, EU Directives.
4. To check citizen awareness of law two.

Recommendations are 

1. Making Bangladesh law a global standard data protection and cyber security law through relevance and comparative analysis with global laws.
2. Formulating a framework for data rights and user consent with the help of relevant individuals and technologies and through technology development.
3. By ensuring effective investigation and enforcement of cybercrime which requires increased efficiency and technical capacity of law enforcement agencies as well as improved standards of evidence collection and use by courts.
4. Transparency and suppression of crime and freedom of speech which require two reforms in law.
5. Data Breach Notification This system needs to be introduced in our country so that any institution or organization discloses data breach quickly and affected individuals can take appropriate action.
6. Digital security training and awareness of students need to be introduced in a 3 or 6 month digital security education program.

Research Questions

Currently, due to the rapid development of technology in Bangladesh, the importance of personal information protection and cyber security policies in Bangladesh has increased manifold. Although the Cyber Security Act 2023 and the Data Protection Bill 2023 have been enacted and drafted, these laws have many limitations and controversies. Keeping the above considerations in mind, the research paper will be conducted to find out the answers to the following questions

1. What are the main features, objectives and legal framework of the proposed Bangladesh Data Protection Bill 2023 and the proposed Cyber Security Act 2023?
2. What provisions of these laws conflict with individual privacy, security of information and freedom of expression?
3. What are the important deficiencies or deficiencies in the laws of Bangladesh when compared to international standards, especially GDPR and laws of other developed countries.
4. What are the barriers to effective implementation of data protection and cyber security laws in Bangladesh?
5. What policy and legal reforms are needed to enact a more effective human rights-compliant and technology-enabled cyber and information security law?

Each country has enacted cyber and data privacy laws under different names to prevent cyber crimes and theft of personal information. Cyber Security Act 2023 and the proposed Data Protection Bill 2023 have also been enacted in Bangladesh. However, there are various debates and researches on the ethical basis of these laws, compatibility with international standards and implementation framework.

In the context of Bangladesh

The modified version of Digital Security Act 2018 is Cyber Security Act 2023. The reason why Digital Security Act 2018 is questionable is the same reason Cyber Security Act 2023 is also questionable. Evan Dhara has become a cause of dissent, repression and harassment in the fight against cyber crime effectively. On the other hand, the Data Protection Bill 2023 is still in a draft stage. Although it has many ambiguities such as: Consent, Data breach notification and right to erasure.

In the international context

The General Data Protection Regulation is currently the most comprehensive and standard law for the protection of personal data. It includes transparent definitions of consent, data portability, breach notification and independent authority arrangements for enforcement. In the US, sector-specific laws such as HIPAA, COPPA or FCRA ensure protection in various sectors. These laws are more user-centric and realistic than the draft laws of Bangladesh. It has been observed that in developing countries contextual realities such as:- Competency of law enforcers, digital literacy rate and infrastructure have a great impact on the formulation of data protection laws which also applies to Bangladesh.

Qualitative methods were followed for data collection and analysis in this study, through which existing laws, policies, and research reports were analyzed to identify the limitations and potentials of Bangladeshs solar safety and theory protection laws.

Nature of the study

This research is a desk-based documentary research that includes comparative analysis of different laws, related notification international laws, and relevant literature review.

Sources of data

Secondary data

1. Proposed Data Protection Bill 2023 and Enacted Cyber Security Act 2023
2. Analytical report on the Digital Security Act.
3. International Law General Data Protection Regulation, HIPPA, Computer Misuse Act, etc.
4. Research articles, law journals, books, news reports and NGO reports such as: Article 19, DRF, HRW.
5. Discussed speeches and lecture notes.

Data analysis technique

The theory and literature collected in the study were analyzed using thematic analysis method. By doing this, it was possible to analyze and identify the structure, clauses, objectives and practical challenges of the laws as separate themes.

Limitations

1. The Data Protection Bill 2023 is still in the proposal stage and implementation has not started so analysis of its effectiveness is somewhat speculative
2. Primary data or official statistics were not readily available
3. User feedback could not be collected immediately.

Background and Legislative Framework

Information technology laws have emerged in Bangladesh to deal with various cyber threats and to maintain balance in the era of information technology. The first ICT Act 2006 was enacted in Bangladesh with the main objective of ensuring legal validity in digital transactions, (Bangladesh, 2006) information technology based business and e-governance through which legal measures against cyber crimes also become an opportunity. Section 57 has also become particularly controversial as the law deals with the legality of digital transactions, the definition of cybercrime and its jurisdiction (Human Rights Watch, nd). Later, the ICT Act 2006 was repealed and the Digital Security Act 2018 was enacted in which many sections of the ICT Act 2006 were transposed (ICT Department, 2023). The proliferation of information technology and internet in the country has given rise to different types of new crimes in the country such as cyber crime, digital fraud, data hacking, rumour-mongering, and religious incitement posts. In view of which the Digital Security Act 2018 was formulated. After its enactment, the law came under a lot of criticism both internationally and domestically (Amnesty International, 2023). Cyber Crime Prevention, Digital Forensic Lab and Monitoring System and Provision of Penalties thereon (United Nations Special Rapporteur, 2023). And finally the Cyber Security Act 2023 was enacted to replace the criticized Digital Security Act 2018 (Bangladesh, 2018). Right after its formulation, it started being misused by the people of the country, (Prothom Alo 2023) starting from journalists, human rights activists and political figures, and its punishments were widely criticized because of this and are still being criticized (Reporters Without Borders, 2023). The Cyber Security Act 2023 was enacted in the context of the need for a strong law to address the expansion of digital transaction databases and online platforms in Bangladesh (Bangladesh, 2023). In the same year, the Government of Bangladesh prepared the Personal Data Protection Act (Draft) 2023 (Dhaka Tribune, 2023), due to the rapid spread of e-services in the country, along with the digital development, the government felt the need to protect the personal information of the citizens. The draft law aims to ensure transparency, integrity and security in the use of personal information, to protect the privacy of citizens as per the Constitution and to prevent unethical use of information. The framework includes definition, data collection and usage conditions, data rights assurance, data protection authority formation, data transfer provisions, penalties and fines, special data.

Current legal framework

Bangladesh currently has two major legal acts in the field of digital security and personal information protection, namely the Cyber Security Act 2023 and the Personal Data Protection Act 2023 and the Personal Data Protection Act (Draft) 2023. The Cyber Security Act 2023 was enacted to replace the Digital Security Act 2018 (Bangladesh, 2018). Although the new law amends some aspects of the previous law, it is essentially a rehash of the old law that restricts freedom of expression (Amnesty International, 2023a) as before and is in conflict with international human rights standards. The Act identifies issues of concern as illegal intrusion, identity theft, cyber terrorism and cyber crime and the Personal Data Protection Act 2023 (Draft) was enacted by the Government of Bangladesh with the objective of protecting personal data but the independence of regulatory authorities and activities related to national security, journalism and research will remain exempt from certain provisions of the Act which may open up opportunities for abuse forming a Data Protection Ordinance as a feature of the Act (Human Rights Watch,2022). And the right to personal data, consent to data processing, notification in case of data breach is mentioned. Which is largely questionable (United Nations Special Rapporter, 2023).

International Comparison

When it comes to international law on data security, of course the General Data Protection Regulation is one of the most important in the European Unions geographical boundaries and guarantees rights (EU, 2016). The law is focused on individual rights and technical security which clearly defines data protection and respects individual consent and notification in case of breach, has an independent data protection authority to oversee the entire matter and provides for fines as a remedy. Now talking about Bangladesh Cyber Security Act 2023 and Personal Information Security Act 2023 (Draft). The law gives a lot of importance to state security, protection of digital infrastructure, and prevention of online crime and Personal Information Security Act 2023 (Draft) is considered as an attempt to create a framework for protection of personal information. The Cyber Security Act does not have a detailed framework for data consent,(Bangladesh, 2023) and the draft Data Security Act, while mentioning consent, hints at using a possible "opt out" model (Dhaka Tribune, 2024) rather than an "opt in" model, which reduces user rights (Shampratik Deshkal, 2023). When it comes to Data Breach Notification, Cyber Security Act covers Data Breach as a crime and is more focused on punishing the perpetrator (UNODC, 2021a). While there are provisions for data breach reporting in the Corporate Security Act, there are no clear guidelines on specific time frames or procedures. In terms of penalties, the Cyber Security Act has provisions for imprisonment and monetary fines such as: 7-14 years or a fine of taka 1 lakh and the draft law has provisions for fines, but it is insufficient and inadequate and lacks clear guidelines on its effectiveness (Oxford Analytics, 2022). When the regulatory authorities think about it, the Cyber Security Act includes government-appointed Cyber Tribunals and Cyber Emergency Teams which are still largely unimplemented and there are many questions about its independence and transparency (BENAR News, 2023). 

GDPR is a highly structured and human rights-respecting data protection framework that has created international standards (Wikipedia, 2024). On the other hand Bangladesh Cyber Security Act 2023 and draft Information Security Act 2023 one enacted and other still in the initial stage and logical reform of both Acts. And many aspects need to be clarified which will require strong independent authorities, transparent compliance mechanisms and adherence to international standards (Prothom Alo, 2023).

Identifying Legislative Gaps

Bangladesh has developed a legal framework for cybersecurity and personal information protection. However, there are many questions about the effectiveness of these laws, protection of civil rights and conformity with international standards. I think it will be possible to ensure a secure and independent digital environment through reforms.

Inadequate data protection

In the two existing and proposed and enacted laws of Bangladesh (Cyber Security Act, 2023 and Personal Data Protection Act, 2023) the issue of personal data protection has not yet received sufficient importance and mature framework. The two mentioned laws carry significant limitations on important issues such as personal data processing, user rights, control over data and internal data transfer 

1. There is no legal clarity and freedom in the protection of personal data: The proposed Cyber Security Act 2023 mainly focuses on crime control and national security and it does not have any specific principles of personal data management (Bangladesh, 2023). On the other hand, although the proposed Personal Data Protection Act outlines the basic issues (definition of data, consent and rights of the individual), it is not described clearly and in detail (Dhaka Tribune, 2024; Shampratik Deshkal, 2023).
2. Ambiguity about the Data Controlling Agency and its independence: Although Act Two proposes to form a regulatory agency, there are considerable questions about its independence, impartiality, and accountability (UNODC, 2021). Under the Cyber Security Act, technology-related tribunals are conducted under the administrative control of the state, which may fail to ensure the right to information.
3. The user consent framework is weak and unclear. According to international standards such as GDPR, data processing is not lawful without the free, express and informed consent of the individual (EU, 2016). However, there is no clear provision in the proposed law in Bangladesh regarding the type of consent, Opt in vs Opt out structure etc., which increases the risk of data misuse.
4. Delayed and Indefinite Response to Data Breach: The Personal Data Protection Act requires the victim or authorities to be notified within a period of time after a data breach, but GDPR mandates notification within 72 hours (Wikipedia, 2024). The lack of this provision in Bangladesh creates a data protection gap (UNODC, 2021).
5. In case of international data transfer: Al-though the draft law requires verification of the security standards of the destination country before transferring data internationally, there is no provision regarding its evaluation (NIST, 2021).

Weak cybersecurity measures 

The number of cyber criminals in Bangladesh is increasing day by day. For example, Trucaller, Eyecon App can know personal information starting from social media in a phone number, besides, known information can be easily extracted from common computer shops in the market with voter ID number. In order to clearly understand that the implementation framework of both the enacted and proposed laws is still weak (Oxford Analytics, 2022) and inadequate so that the lack of an integrated modern and effective cybersecurity system at the national level is clearly observed

1. Weakness of Security Framework and Lack of CII Protection Although the Cyber Security Act 2023 mentions the definition and protection of Critical Information Infrastructure (CII), in reality there is no strong security protocol or technical mechanism to prevent attacks against critical digital infrastructure (power, banking, health, and administrative systems) (NIST, 2021). The existing Computer Incident Response Team (CIRT) in Bangladesh is largely paper-based and has very limited immediate response capabilities (ICT Department, 2023).
2. Lack of world-class policies and standards According to international standards like GDPR or NIST, (UNODC, 2021) Cyber hygiene, end to end encryption, penetration testing and regular security audit are not mandatory in the principles of Cyber Security Act, (Ministry of Posts and Telecommunications, 2023) as a result of which the lack of cyber awareness and preparation can be seen among public and private institutions.
3. Technical Weaknesses and Manpower Shortage: Skilled cybersecurity experts are scarce in Bangladesh (Coursera, 2024). While the use of technology in government agencies has increased, modern systems such as cyber thread analysis, forensic capabilities or ethical hacking have not been developed (Oxford Analytics, 2022).
4. Lack of Transparency and Competency in Implementation of IR: The Act deals with the punishment of cybercrime (there is no obligation to supervise or monitor the implementation of data encryption, system backup policies. Preventive security measures are more important than reactive after the occurrence of cybercrime which is clearly absent in the Act (UNODC, 2021b).
5. Lack of international cooperation: Modern cybercrime is often cross-border. While Bangladesh has not signed the Budapest Convention on cybercrime and does not actively participate in international cybercrime investigations, (Council of Europe, 2001) the countrys position in dealing with transnational cybercrime remains weak.

Freedom of speech vs, cybercrime laws

According to Article 39 of the Constitution of Bangladesh, freedom of expression is a fundamental right of every citizen, (Bangladesh, 1972) but the Cyber Security Act 2023 has some clauses which directly conflict with the freedom of expression

1. Sections 17 and 21 define the offense using vague terms such as anti-state, anti-religious or anti-social speech (Amnesty International, 2023a; United Nations Special Rapporteur, 2023).
2. Articles 25 and 28 criminalize marriage like rumor or defamation, leaving room for harassment of journalists, bloggers, activists (Prothom Alo, 2023). By which an environment is created in which journalists, laymen, ordinary users become afraid or self-restrained to express their opinions. This mistrust is called the chilling effect on free expression which endangers the flow of information and exchange of ideas in a democratic society (Human Rights Watch, 2022). According to Amnesty International Human rights watch and Reporters without Borders, the digital laws of Bangladesh are too vague, overly broad and easily misused. United Nations Special Rapporteur on Freedom of Expression said in a statement (Reporters Without Borders, 2023) - These laws risk criminalizing free speech and undermining press freedom in Bangladesh.

Enforcement Issues

Cyber security and information security laws such as: Cyber Security Act 2023 and Personal Data Protection Act (Draft) 2023 have been enacted or proposed in Bangladesh but their effective implementation is still a big challenge. No matter how modern the language and structure of the law, if the efficiency in application without transparency and impartiality, the main purpose of the law is defeated. In a word Bangladesh suffers from weak Institutional enforcement capacity, lack of trained personnel and inconsistent application of cyber laws. 

Also there is a Shortage of trained cybercrime investigators and prosecutors which often leads to flaming on delayed trials Cyber forensics, data analytics and tracking capabilities are not enough among law enforcement agencies and investigative agencies in the country (ICT Department, 2023). The lack of technical and human resources in the collection, analysis and presentation of evidence after the commission of a crime is evident. Only a handful of counts are equipped or trained to handle cyber law cases resulting in delays and backlog (Oxford Analytics, 2022). According to the cyber security law, special cyber tribunals have been set up, but such tribunals have not yet been formed in most districts of the country. Trials are slow and judges lack experience in presenting technical evidence (Prothom Alo, 2023). Amnesty International said in a report of 2023 that Cyber laws in Bangladesh are often enforced selectively primarily targeting dissenters and critical voices. Political bias can also be observed in the application of the law (Human Rights Watch, 2023). Moreover, police, BTRC, ICT Department, CERT Court, division of information sharing responsibilities and coordination system between them is weak due to which quick action is not possible in case of cyber crime. Above all, public user awareness is critical to successful enforcement of the law, (BENAR News, 2023) but most people do not know what types of online behavior can be considered criminal or what legal assistance they can seek, limiting enforcement.

Recommendations for reform

Bangladesh has two laws on cyber security and personal information (Cyber Security Act, 2023 and Personal Information Security Act, 2023) whose legal structure and implementation are not fully fulfilling the rights of the people or are deficient. Below are the deficiencies

1. Formulation of modern and international standard data protection law: GDPR aligned personal data protection Act should be formulated which clearly mentions the rights of the individual, the type of consent to the processing of the data and the response to the violation.
2. Strengthening the User Consent Framework: Informed, explicit and Opt in consent of the user must be mandatory and the user must be properly informed before any data collection.
3. Enhancement of efficiency and transparency in investigation and punishment: Specialized training, cyber forensics labs and modern investigative equipment should be ensured for law enforcement agencies. At the same time, it is important to formulate policies for presenting appropriate evidence in court.
4. Ensuring the compatibility of the law with the protection of freedom of speech: Article 25, 28, 31, (cyber security act). It is necessary to re-evaluate and reform these articles so that the freedom of expression is protected and it is also necessary to add a clear explanation and safety zone to protect the freedom of speech.
5. Implementation of Mandatory Data Breach Notification System: It is important to take measures to make data breach notification mandatory within 72 hours which will quickly inform the affected individuals and authorities.
6. Digital security education and public awareness: National level cyber awareness campaigns, curriculum in schools and colleges and government information based websites should be launched.

The future world will depend on information technology and then cybercrime and misuse of personal information will become a growing concern in the modern world. Bangladesh will not be an exception. In recent years, the need for cyber security and data protection has become increasingly felt in the countrys legal framework due to the proliferation of online services and databases for digital transactions (Prothom Alo, 2023). In this context the Cyber Security Act, 2023 and the proposed Personal Data Protection Act (Draft) 2023 are considered as some positive steps, but they still have many limitations and legal gaps. In particular, lack of protection of personal data, clear framework of consent, freedom of expression, efficient implementation system and lack of technical capacity make the effectiveness of ABS laws questionable (Dhaka Tribune, 2023). The analysis revealed that while specific laws are needed to protect the privacy of citizens, on the other hand excessive regulation or restriction on expression in the name of state security conflicts with the democratic spirit. Moreover, the difference between Bangladeshs legal frameworks with international standards such as GDPR is clear and can undermine the countrys ability and credibility in terms of data protection in the global market (Oxford Analytics, 2022). Therefore, enforcement of law and reform of judicial structure is inevitable. By developing an effective, transparent and human rights-compliant legal system, Bangladesh will not only be able to protect the rights of its citizens but also establish itself as a technologically safe and acceptable state in the international arena.

F.A.: Idea Generation, Guiding and compile. M.A.: Reviewing literature, Primary Data Collection, Information Sharing and Editing and analysis. 

At the outset, I would like to express my gratitude to Almighty Allah for accepting and completing this research project, because all knowledge comes from Him. The author also expresses his sincere gratitude to all the respondents who enriched the depth and quality of this research.

The authors declare that there is no conflict of interest.