Overview of TMT laws in Bangladesh
The swift evolution of technology, media, and telecommunications (TMT) in Bangladesh has transformed the landscape of communication, information dissemination and business operations. With almost 180.2 million mobile subscribers and growing internet penetration, grasping the legal framework that governs these sectors is crucial. This article aims to provide a brief overview of TMT laws in Bangladesh, highlighting legislation, regulatory bodies and key contemporary challenges.
The introduction of mobile telephony in 1997 marked a significant turning point, leading to a boom in telecoms services in Bangladesh. Concurrently, the growth of the internet and digital technologies has necessitated a robust legal framework to address emerging challenges.
Telecommunication Regulation Act
Associate
Tanjib Alam
Associates
Dhaka
Email: asif.hasan@tanjibalam.co
The primary legislation governing telecoms in Bangladesh is the Bangladesh Telecommunication Regulation Act of 2001. It established the framework for the regulation of telecoms services, aiming to promote competition, ensure quality services and protect consumer interests.
The key provisions of this act include the establishment of the Bangladesh Telecommunication Regulatory Commission (BTRC), which is responsible for issuing licences to operators, ensuring compliance with regulations, and monitoring the quality of services. The act also emphasises the protection of consumer rights, mandating telecoms service providers to offer transparent pricing, fair terms of service, and grievance resolution mechanisms.
Cyber Security Act
In 2018, the Digital Security Act was enacted to address cybercrime including hacking, data breaches and online harassment, as well as to monitor and regulate online content deemed harmful to national security or public order. Since its inception, this act has faced severe criticism for its potential use as a tool against freedom of expression, media freedom and human rights. It has also been criticised for failing to ensure effective online safety, security of digital systems, and protection of personal data and fundamental rights.
In 2023, the Cyber Security Act was enacted, repealing the Digital Security Act. This new act establishes a Cyber Security Council tasked with formulating policies, strategies and frameworks to enhance national cybersecurity. This body will co-ordinate with various government agencies and stakeholders. It further mandates organisations to report cyber incidents promptly and co-operate with law enforcement agencies in investigations.
Additionally, the 2023 act provides details on security monitoring and inspection of critical information infrastructure, stating that the government may, by notification in the Government Gazette, declare any computer system, network or information infrastructure to be critical information infrastructure. The act outlines specific penalties for various cyber offences such as hacking, data breaches and unauthorised access to information systems.
The ICT Act
The Information and Communication Technology (ICT) Act 2006 promotes the use of technology in governance and business. It provides legal recognition to electronic records and signatures, facilitates e-commerce, and addresses issues related to digital transactions.
The act encourages the use of ICT in public administration, enhancing transparency and efficiency in government services. Although not comprehensive, the ICT Act includes provisions related to data protection and privacy, necessitating responsible handling of personal information by service providers. Overall, the ICT Act 2006 lays the groundwork for a digital economy in Bangladesh by promoting the use of technology, ensuring legal protection for electronic transactions and addressing cyber threats, while also aiming to enhance public administration through e-governance.
Regulatory bodies
The BTRC plays a pivotal role in regulating the telecoms sector. Established under the Telecommunications Act of 2001, its responsibilities include:
- Issuing licences to telecoms operators and monitoring their compliance with regulations;
- Ensuring that telecoms services meet quality standards and consumer expectations; and
- Overseeing the allocation and management of radio frequency spectrums essential for mobile and internet services.
The Ministry of Posts, Telecommunications and Information Technology oversees policy formulation and implementation in the telecoms and ICT sectors. It co-ordinates with the BTRC and other stakeholders to ensure the alignment of regulatory frameworks with national development goals.
Current trends and challenges
Despite significant advancements, a substantial digital divide persists in Bangladesh. Rural areas often lack access to reliable internet and telecoms services, exacerbating inequalities in education, healthcare and economic opportunities. Bridging this divide requires targeted policies and investments in infrastructure in underprivileged areas.
Additionally, with the increasing reliance on digital platforms, cybersecurity threats have escalated. Cybercrime, including hacking and data breaches, poses risks to businesses and individuals alike. The government and private sector must collaborate to enhance cybersecurity measures and create a more secure digital environment.
In practice, a large portion of businesses and individuals lacks fundamental insight into cybersecurity and related laws. A more proactive approach from the authorities is necessary to ensure that people are adequately informed.
Concerning the Digital Security Act, 2018, and its successor, the Cyber Security Act, 2023, the government has repealed the former in response to significant criticism both domestically and internationally. However, concerns persist that the latter may still threaten freedom of expression and press freedom.
To address this issue, it is essential to establish a balance between national security and individual rights.
Another concern relates to the lack of e-commerce regulations. The recent notable boost in e-commerce businesses in Bangladesh demands specific regulations in the sector. As e-commerce continues to grow, regulatory frameworks need to evolve to address challenges such as consumer protection, electronic payment systems and dispute resolution. With a vast market, implementing clear guidelines will promote a stronger e-commerce ecosystem in Bangladesh.
In addition, Bangladesh’s legal framework is increasingly influenced by international standards and best practices. Compliance with global norms, such as the General Data Protection Regulation (GDPR) in the EU, is essential for attracting foreign investment and enhancing the country’s global competitiveness. Efforts to align domestic laws with international standards will facilitate smoother cross-border transactions and improve overall regulatory quality.
The landscape of TMT law in Bangladesh is complex and rapidly evolving. The existing legal framework provides a foundation for regulating these sectors but challenges remain, particularly regarding digital rights, cybersecurity and equitable access.
As the country continues to advance technologically, it is imperative to develop a responsive legal and regulatory environment that fosters innovation while protecting individual rights and promoting social equity. Policymakers, regulators and stakeholders must collaborate to navigate the complexities of this dynamic landscape, ensuring a future that harnesses the full potential of technology for all citizens.
TANJIB ALAM AND ASSOCIATES
Level -11, BSEC Bhaban, 102 Kazi Nazrul Islam
Avenue, Kawran Bazar, Dhaka – 1215
Tel: +880 28 1892 4042; +880 19 2279 8622
Email: info@tanjibalam.com
Focus on data privacy litigation in India
Litigation is often viewed as an arduous process – courts in India are generally frowned on for their backlogs and pendency, sometimes spanning decades. But it is through this litigation process that gaps between law and the evolving business landscape are bridged.
含羞草社区 Digital Personal Data Protection Act, 2023 (DPDP), is finally a reality, therefore litigation under this new law is inevitable. It becomes imperative for entities to prepare for the challenges that may lie ahead.
Privacy v data protection
Advocate and Partner
Shivadass & Shivadass Law Chambers
Bangalore
Tel: +91 98 1050 7391
Email: prashanth.shivadass@sdlaw.co.in
Right to privacy embodies a large number of rights and values. On the other hand, data protection is a right ordained by way of a statute, relating to one’s digital identity.
Given that the right to privacy has been recognised as a fundamental right under article 21 of the Constitution of India, one could assume that a large number of cases alleging violation of this fundamental right are filed before various high courts under article 226, or directly before the Supreme Court under article 32. A combination of violation of data protection rights and the right to privacy can only be invoked against the state where “legitimate use for processing of personal data by state (and thereby its instrumentalities)” is questioned.
For instance, a remedy for processing personal data, originally collected for the purposes of providing subsidies and benefits but subsequently used to seek feedback from citizens on initiatives during elections and thereby influence voters, may lie before the jurisdictional high court or the Supreme Court. But, such a writ jurisdiction cannot be invoked against private entities for enforcement of the right to privacy. For remedies against private entities, statutory rights guaranteed under the DPDP will need to be enforced and the mechanism provided under the act must be adhered to.
Data Protection Board
Advocate
Shivadass & Shivadass Law Chambers
Bangalore
Tel: +91 77 0886 6377
E-mail: shrigayathri@sdlaw.co.in
A Data Protection Board (DPB) is vested with a limited mandate to direct mitigation and remedial measures to inquire into a personal data breach and impose penalties. However, the DPB can only pick up cases under the following circumstances: (1) receipt of intimation of a personal data breach; (2) complaint by a data principal; (3) reference by the central or state governments; (4) directions of the court; and (5) failure by an intermediary to comply with the directions of the central government.
A bare reading of circumstances would indicate that the DPB lacks suo moto powers i.e. powers to be able to pick up cases on their own, should they find a practice that contravenes provisions of the DPDP. Authorities such as the Competition Commission of India (CCI) and even the Central Consumer Protection Authority have been empowered to take such suo moto cognisance of certain practices that affect the public or sector/market at large.
Suo moto powers enable an authority such as the DPB to bridge the gap between the law and technology, and also portrays a proactive functionality of the DPB.
Appellate tribunal
The Telecom Disputes Settlement and Appellate Tribunal (TDSAT) has been appointed as the appellate tribunal under the DPDP. Unlike other legislations where there are separate tribunals specifically dealing with an area of law, the TDSAT deals with, among others, telecoms, airport tariffs, Aadhar (individual identification number) and cybercrimes, and will now also handle disputes under the DPDP as an appellate body.
The tribunal structure in India, despite its best intentions to provide faster resolution of disputes involving experts, has faced enormous opposition with mounting vacancies and pendency.
Dispute strategies
Associate
Shivadass & Shivadass Law Chambers
Bangalore
Tel: +91 94 4901 9515
Email: ananya.k@sdlaw.co.in
Since the DPDP is a specialised law, most disputes will end up going through the mechanism provided under the act, i.e. the DPB, and after that the appellate route of the tribunal and Supreme Court.
However, there could also be a hybrid model under different circumstances and different players within the DPDP, i.e. data fiduciary/data processor approaching the high court or even the Supreme Court seeking directions to be issued to the DPB.
Another situation to invoke the writ jurisdiction of the high court or Supreme Court directly, both by the data principal/data fiduciary, against orders of the DPB, are cases involving violations of the principles of natural justice.
Sectoral harmony
Certain unfair trade practices like coercive consent and cancellation trickery also violate the DPDP. There is a need to regulate such practices beyond the consumer protection perspective. In such a scenario, it is imperative for the Consumer Protection Authority and DPB to work together. The Central Consumer Protection Authority, set up under the Consumer Protection Act, 2019, also provides a platform for data principals to protect their rights. This authority does not merely isolate itself to protecting the rights of the consumers, but also provides compensation for the damages caused to consumers.
This remedy is currently not available under the DPDP (and therefore the DPB), so data principals (consumers) approach the Consumer Protection Authority for grievance redressal. Sectoral harmony will ensure that consumers/data principals are not left without any adequate remedy.
Cross-border disputes
While it is unclear as to the manner and the method that will be adopted by the DPB to adjudicate cross-border disputes, internationally various jurisdictions have adopted methods to ensure compliance and a breach of such compliance would then be targeted by the authority, constituted for the purposes of such breach.
To mitigate the compliance costs of cross-border data transfer, India can adopt a similar approach to that of the UK and US, which is an extension of the EU-US data privacy framework. The UK and EU have implemented country-specific data privacy frameworks with other countries in which they have a large number of companies. This framework comes with additional compliances to ensure that cross-border data meets the requirements of both countries to avoid further litigation.
Advocacy
Advocacy is one effective method to create awareness among the general public, as well as the businesses regarding the rights, obligations and functioning of the DPB under the DPDP. Certain specialised authorities like the CCI and Telecom Regulatory Authority of India (TRAI), have specific provisions (and thereby a separate wing within the authority) to conduct campaigns and create awareness about the law.
Additionally, consultation papers on data protection compliance would help businesses to process data with a better understanding of law. Conducting training programmes and certification courses on the DPDP and its rules would ensure better compliance. Finally, in line with the TRAI’s Consumer Outreach Programme, introducing comparable outreach initiatives under the DPDP Act to address the grievances of data principals would be highly advantageous. These programmes could greatly improve compliance and strengthen the protection of individuals’ data rights.
10 recommendations
- Establish a separate tribunal to deal with matters under the DPDP. Failing that, the government should look at creating special high court benches for direct appeals from orders of the DPB.
- Grant restricted suo moto powers to the DPB to strike a balance between innovation and privacy.
- A privacy framework with additional compliance in the case of cross-border data transfers for specific jurisdictions.
- Businesses based in India and present solely in India are relatively new to the concept of data protection. Therefore, a strict enforcement of the DPDP without active advocacy may not be the best strategy to implement the law. Continuous monitoring, compliance mechanisms and reporting that ultimately points to penalties for contraventions might be more effective.
- Penalties alone may not be an effective deterrent for companies operating on a large scale. Cease and desists orders, a ban on the application/website, and cancelling licences for repeated contraventions might lead to effective implementation of the law and achieve the ultimate purpose of the law.
- Empower the DPB to issue advance rulings on queries or questions of law that pose challenges to the industry.
- Enable the DPB to provide guidance on minimum threshold of seriousness to claim non-material damages.
- Mandating data localisation by the government should not impede the companies’ operational and fiscal efficiency due to the cost of establishing local data storage centres. Only in the case of a lack of stringent data protection laws would it be sound for the government to mandate data localisation.
- The DPDP does not provide for compensation to data principals. This must be included as part of the act.
- Power to issue guidelines and clarifications must be provided to the DPB. This power must stem from the act itself.
SHIVADASS & SHIVADASS LAW CHAMBERS
#501-503, Level V, Prestige Centre Point, No. 7,
Cunningham Road, Bangalore 560052
Tel : +91 80 4377 9955
Email: admin@sdlaw.co.in
Extending the net: Boosting internet access in Philippines
In the undisputed text messaging capital of the world, cellphone users in the Philippines exchange SMS messages more frequently than any other people on earth; at the last count averaging 600 text messages each per month.
Perhaps understandably, fast and reliable internet access struggles to keep pace given such voracious demand across the vast archipelago of 7,600 or so islands spanning roughly 300,000 square kilometres.
But the government is rising to the challenge, presenting an enticing market for investors.
This article outlines the legal and regulatory scenario in a technology, media and telecommunications (TMT) sector undergoing rapid development.
Development plan
Senior Partner
ACCRALAW
Manila
Tel: +632 8830 8130
Email: lrvilladolidjr@accralaw.com
The National Economic and Development Authority’s Philippine Development Plan (PDP) for 2023 to 2028 declares the government’s objective to increase internet speed, coverage and network in the Philippines. It aims to achieve this by:
Expanding accessibility and deployment of fibre optic cables, broadband and a 5G network. Immediate priority is focused on fast speed, high density of IT-BPM workers, clustering of tourism and retail facilities, activities, ports, airports, transport terminals, logistics facilities and creative industries; and
Building and operating broadband facilities to offer internet services in underserved and unserved areas, including the use of direct access to all satellite systems – whether fixed, mobile, international or domestic – to connect local businesses and tourism sites with their developing markets and build resilience.
Liberalisation
The telecoms industry was previously highly regulated, with telecoms services – including internet provision – classified as a public utility.
Prospective telecoms entities needed: (1) to secure a legislative franchise from the Philippine Congress and a Certificate of Public Convenience and Necessity from the National Telecommunications Commission (NTC); and (2) be at least a 60% Filipino-owned and controlled corporation.
Now, under Republic Act No. 11659, amending Commonwealth Act No. 146 (Amended Public Service Act), entities authorised to provide internet services are no longer limited to being enfranchised 60% Filipino-owned and controlled.
Under the present legal framework, a commercial and private sector internet service provider (ISP) may be registered with the NTC as value-added service (VAS) providers, as long as they rely on the service network of an enfranchised telecoms entity as their underlying transmission medium for providing internet services.
Since these VAS providers are not treated as telecoms entities under the Amended Public Service Act, this amendment opens the market to more ISPs and investors in the Philippines.
Satellite internet
Partner
ACCRALAW
Manila
Tel: +632 8830 8042
Email: cpbautista@accralaw.com
RA No. 10929 expands the concept of an ISP to include an entity that acquires and utilises internet connectivity directly from satellites and other emerging technologies.
Regulated by the Department of Information and Communications Technology (DICT), these satellite service providers/operators (SSPOs) are defined as “providers or operators of satellite systems, whether fixed or mobile, international or domestic, that are duly authorised to engage in the provision of satellite communications services under the laws of their respective countries of domicile”.
The DICT has also clarified that SSPOs can also do business as VAS providers (including the provision of internet services as an ISP) subject to compliance with the relevant requirements as a registered VAS provider with the NTC (DICT Circular No. 2, series of 2021).
Meanwhile, the Philippine Space Agency (PhilSA) and the Department of Science and Technology (DOST) have also taken the lead in exploring new technologies.
In 2021, PhilSA, the DOST and DICT partnered non-geostationary orbit Satellite Internet Operators (SIOs) to launch the Introducing Non-Geostationary Satellite Constellations Test Deployments to Improve Internet Service (INCENTIVISE) project, distributing satellite internet kits to geographically isolated and disadvantaged areas in remote regions in the Philippines.
Data centres
Senior Associate
ACCRALAW
Manila
Tel: +632 8830 8236
Email: efnitura@accralaw.com
Under the latest legal framework, investors can set up telco-neutral data centres – namely, data centres not principally affiliated with any of the enfranchised telecoms entities – and are given more leeway to expand their business.
For instance, when a data centre operator secures a certificate of registration as a VAS provider, it is authorised to provide co-location services, cross-connect services, business-to-business (B2B) interconnectivity and internet access services through the data centre.
This opens the door to potential clients in need of multiple data centre services who are no longer limited to availing of services offered by traditional, established telecoms entities.
Potential clients can secure internet services while at the same time co-locating in these telco-neutral data centres. This equips investors with innovative technologies for efficient data centre capacity and operations.
Common tower policy
Institutionalising the common tower policy for independent tower companies (ITCs) was also made possible by RA No. 10929 and the Amended Public Service Act.
These laws exclude the operation of passive telecommunications tower infrastructure (PTTIs) – namely, all types of outdoor non-electronic telecoms infrastructure or civil works – from the definition of telecoms.
Since the operation of PTTIs by ITCs is not considered “telecommunications”, then (similar to ISPs and outside of registration with the DICT) these ITCs do not need to be 60% Filipino-owned and controlled and required to have a legislative franchise.
DICT Circular No. 008, series of 2020, permitted ITCs to allow multiple mobile network operators to co-locate, mount or install their respective equipment for rendering ITC services. This amended the prior regime where PTTIs were operated only by enfranchised telecoms entities.
The DICT has also made it mandatory that all ITC installations shall be co-located in shared PTTIs unless there is meritorious grounds to permit otherwise (DICT Circular No. 008, series of 2020, title III, sec 11(d)).
Safeguarding e-commerce
RA No. 10175, or the Cybercrime Prevention Act of 2012, recognises the vital role of information and communications industries. It defines and penalises several cybercrime offences which affect, among others, the confidentiality, integrity and availability of computer data and systems.
The law also provides that other crimes defined in other penal laws shall be penalised with a higher penalty when committed with the use of computer systems.
To strengthen law enforcement officers, the National Bureau of Investigation (NBI) and PNP are authorised to apply for the following types of cyber warrants with the applicable regional trial court:
- Warrant to disclose computer data;
- Warrant to intercept computer data;
- Warrant to search, seize and examine computer data; and
- Warrant to examine computer data.
The service provider is obliged to maintain the integrity of traffic data and subscriber information relating to ICT services that they provide.
The data shall be preserved for a minimum period of six months from the date of the transaction. Content data shall be similarly preserved for six months from the date of receipt of the order from law enforcement authorities requiring its preservation.
To protect those engaged in e-commerce, RA No. 11967 – known as the Internet Transactions Act – was passed in 2023, granting the Department of Trade and Industry regulatory jurisdiction as to the use of the internet for conducting e-commerce by e-marketplaces, online merchants, e-retailers, digital platforms and third-party platforms.
The outlook
The TMT sector is undergoing rapid development from an industrial and commercial perspective. This will be enticing for new investors, both from within and outside the Philippines.
Philippine laws and regulations are keeping abreast with these changes.
There is a continuing drive to ensure that the legal framework for TMTs is able to address these new advancements in technology, while at the same time ensuring protection of customers in the Philippines.
ANGARA ABELLO CONCEPCION REGALA & CRUZ LAW OFFICES (ACCRALAW)
2/F, ACCRALAW Tower
2nd Avenue corner 30th Street
Crescent Park West, Bonifacio Global City,
1635 Taguig City Metro Manila, Philippines
Tel: +632 8830 8000
Fax: +632 8403 7007/+632 8403 7009
Email: accra@accralaw.com
