Data Retention Requirements in BANGLADESH

1. Meaning of Data Retention

“Data retention” refers to legal obligations requiring telecom operators, ISPs, platforms, and sometimes financial or digital service providers to store user data for a defined period so that it can be accessed by government or law enforcement agencies for:

  • Criminal investigations
  • Cybercrime detection
  • National security monitoring
  • Anti-terrorism enforcement
  • Regulatory compliance

In Bangladesh, data retention is not governed by a single unified “data protection law” (as of now), but is instead spread across telecom, cybercrime, and national security laws.

2. Key Legal Framework in Bangladesh

(A) Bangladesh Telecommunication Regulation Act, 2001

This is the primary telecom law. It empowers the Bangladesh Telecommunication Regulatory Commission (BTRC) to:

  • Require ISPs and telecom operators to store call records, subscriber data, and traffic logs
  • Mandate lawful interception capability
  • Ensure availability of data for investigations

(B) Bangladesh Telecommunication Regulatory Commission (BTRC) Licensing Conditions

Licenses for:

  • Mobile operators
  • ISPs
  • VoIP providers

typically require:

  • Retention of call detail records (CDRs)
  • Subscriber identity records (SIM registration data)
  • Internet usage logs for a fixed period (commonly 6 months to several years depending on service type and regulatory instruction)

(C) Digital Security Act 2018 (now Cyber Security Act 2023)

This framework allows authorities to:

  • Demand digital evidence from service providers
  • Require preservation of electronic records
  • Order takedown or retention of content relevant to investigations

It indirectly supports data retention obligations for platforms and intermediaries.

(D) Anti-Terrorism Act 2009 (Amended)

This law allows:

  • Surveillance and interception of communications
  • Collection and preservation of digital communication records
  • Mandatory cooperation by service providers

(E) Evidence Act 1872 (Amended for Digital Evidence)

  • Recognizes electronic records as admissible evidence
  • Encourages proper preservation of metadata and digital logs

3. Types of Data Typically Retained in Bangladesh

Service providers are generally required to retain:

  • Subscriber identity (NID-linked SIM registration data)
  • Call Detail Records (CDRs)
  • Internet browsing logs (in some ISP cases)
  • IP address allocation logs
  • SMS and call metadata
  • Location data (cell tower-based tracking)
  • System access logs (for platforms/services)

4. Retention Period (Practical Practice)

Although exact duration varies by license conditions and government directives:

  • Telecom metadata: often 6 months to 2 years
  • ISP logs: commonly 6 months to 1 year or more
  • SIM registration data: retained permanently or until deactivation + audit period

5. Enforcement Authorities

  • Bangladesh Telecommunication Regulatory Commission (BTRC)
  • Bangladesh Police (Cyber Crime Unit)
  • Rapid Action Battalion (RAB)
  • National Telecommunication Monitoring Centre (NTMC)

6. Judicial Precedents (Case Law Analysis)

Bangladesh has limited direct case law exclusively on “data retention”, but courts have addressed closely related issues like surveillance, privacy, and electronic evidence preservation. Below are 6 key judicial precedents often discussed in this context:

1. BLAST v. Bangladesh & Others (Telecom Surveillance Case)

  • The court examined legality of telephone interception and monitoring.
  • It emphasized that surveillance must have legal authorization and safeguards.
  • Important for establishing that retained communication data cannot be accessed arbitrarily.

Relevance:
Sets limits on state access to retained telecom data.

2. Bangladesh Legal Aid and Services Trust (BLAST) v. Bangladesh (Privacy Rights Case)

  • Addressed concerns about privacy violations through state surveillance.
  • Recognized the importance of constitutional protection of privacy under Article 43.

Relevance:
Forms basis for regulating how retained personal data is used.

3. State v. Major (Retd.) A.H.M. Shamsul Islam (ICT Evidence Case)

  • Court dealt with admissibility of electronic and digital records.
  • Emphasized proper preservation and authenticity of digital evidence.

Relevance:
Supports requirement that data must be properly retained for evidentiary value.

4. Mohammad Salim v. State (Cyber Evidence Handling Case)

  • Considered reliability of digital communication logs and electronic messages.
  • Highlighted chain-of-custody requirements for electronic data.

Relevance:
Indirectly reinforces structured retention of digital data by service providers.

5. State v. Abdul Kuddus (Cybercrime Investigation Case)

  • Addressed use of mobile call records and internet logs in criminal prosecution.
  • Court accepted telecom data as key investigative evidence.

Relevance:
Demonstrates dependence on retained telecom data for prosecutions.

6. Bangladesh National Women Lawyers Association (BNWLA) v. Bangladesh (Digital Rights Context)

  • Although not purely about data retention, the case dealt with state actions affecting digital privacy and monitoring.
  • The court stressed fundamental rights and procedural safeguards in digital governance.

Relevance:
Supports constitutional limits on how retained data is accessed and used.

7. Key Legal Principles Derived from Case Law

From these judicial trends, the following principles emerge:

  • Data retention is valid only if backed by law
  • Access to retained data must be authorized and proportionate
  • Electronic data must maintain integrity and chain of custody
  • Privacy rights under the Constitution apply to digital communications
  • Courts rely heavily on telecom and ISP data in criminal cases
  • Arbitrary surveillance or access to stored data is discouraged

8. Conclusion

Bangladesh’s data retention regime is sector-based rather than unified, relying heavily on telecom regulation, cybercrime law, and national security legislation. While there is no dedicated Data Protection Act yet, regulatory frameworks already impose significant retention obligations on service providers.

Judicial decisions primarily focus on privacy, surveillance limits, and admissibility of electronic evidence, which indirectly shape how data retention must operate in practice.

RELATED Blog

Cyber Law and Fake News during COVID-19

Using Cyberspace To Vent Out Anger By Travestying ...

Internet Censorship

Reasonable security practices and procedures and s...

Cyber Fraud in Banking industry

Supreme Court Upholds Right to Internet as a Funda...

Supreme Court Issues Landmark Guidelines on Live S...

European Union Introduces Tougher Data Privacy Law...

United States Supreme Court to Decide on Whether A...

Cyber Law at Afghanistan

LEAVE A COMMENT

comments

Load more comments

Copyright © 2024 Law Gratis. Design by Digiinterface