The software made by Cambridge Analytica (CA) is perhaps one of the most controversial and yet most desired in the world now. CA was created in 2013 as a privately-held company that uses data mining and analysis to determine strategic communications to influence the electoral process. It collects personal data from different sources, then analyses them through the algorithms of software and predicts the behaviour of the people in advance. And based on that analysis, it works with governments, militaries, intelligence agencies or politicians to run social campaigns, plot defence strategies or spread propaganda to achieve the desired outcome.
For example, it is believed that during the Brexit campaign, this software was used to study voters' psychology and helped pro-Brexit parties to spread anti-European Union sentiment through social media. The same strategy was believed to have been used to spread anti-Hillary sentiment during the US Election. This kind of behavioural analysis gives undue advantage to some groups over their political rivals. It can be mentioned here that CA was an offshoot of its British parent company SCL Group, which has for over 25 years conducted behavioural change programmes in over 60 countries, and gained reputation for its ability to influence in the areas of defence and social change.
Cambridge Analytica collects Big Data (extremely large data sets) given by their clients or it collects them on its own. In this era of Internet of Things, it is almost impossible to hide our personal data, because our data is being recorded constantly through smart devices such as smart phone, TV, computer, e-book reader, CCTV camera, etc. We have voluntarily given personal data to Facebook, YouTube, Twitter, Viber, Whatsapp, etc., which they can sell to governments or private companies. There is also the possibility that our data stored at the government or private institutions (e.g. Passport office, National ID authority, or mobile phone companies) can be hacked.
Based on the analysis of these data, any organisation like CA can predict our behaviour with near accuracy, can predict what kind of decision we will take, and can even suggest what to do in order to influence or change our decisions. No wonder that “Data is the New Oil”. Our personal data has proved to be an effective tool to bring about desired social, political and economic changes—both positive and negative. Examples include Edward Snowden's revelation of Mass Surveillance by the NSA, the Twitter revolution in Iran, Arab Spring in the Middle East, or the social media propaganda on the on-going Syrian war, etc.
Privacy is an important aspect of our life and no one really likes their privacy to be compromised. According to different international human rights treaties, such as the International Covenant on Civil and Political Rights, European Convention on Human Rights, and EU Charter of Fundamental Rights, every individual has a right to privacy and privacy laws are to be strictly followed. Our personal data needs adequate protection from unauthorised intrusion.
Given the rising tendency to manipulate personal data, what can we do in Bangladesh? We have a general election coming in 2019. Already, Bangladesh ranks among the fastest growing countries in terms of Internet usage. The country is increasingly getting digitised and coming under internet coverage up to the upazila level. But spread of information and communications technologies also has risks, as already discussed. We have seen the impact of social media during the Shahbag movement and Hefazat gathering in 2013. The government can be forced to act on certain issues of public interest if enough people raise their voice on their social media platforms.
So, what if a political party starts collecting sensitive personal data from social media, buying personal information from private companies or hacking government servers, and then uses the data to spread propaganda and influence voters' opinion during the election? What if a political party tries to abuse state mechanisms and surveillance technology of the law enforcement agencies to collect personal data and uses it during election campaigns? Are we ready to tackle this kind of problems?
Unfortunately, Bangladesh does not have any specific law on personal data protection yet, nor any proper guideline or policy to deal with the issues related to Big Data, algorithm and mass surveillance. What we have are the Articles 39 and 43 of our Constitution, and some provisions in the ICT Act, Anti-terrorism Act, Money Laundering Prevention Act and National ICT Policy. But these are not enough. These laws do not talk about “purpose specification” (a clear and specific objective of collecting data), clear legal provisions to collect personal data, doctrine of proportionality (how much data can be collected), right to be forgotten (collected data cannot be kept for unlimited time, therefore should be deleted after a certain period), informed consent (providing the citizens with information about data collection and take their prior consent), limitation on law enforcement agencies and private companies to collect data and provisions on appointing Data Protection Supervisor, etc. The “General Data Protection Regulation” or proposed “ePrivacy Regulation” of the European Union can be good examples for Bangladesh while making laws on personal data protection.
The important thing is, as we exist both online and offline these days, anything happens online has offline consequences too and vice versa. It is, therefore, imperative that we have a clearly-worded data protection law to protect our privacy and personal data. This is how we can protect the democratic rights of the people and provide all contesting parties with a level playing field before the next general election. People can also make their decisions without bias and undue intrusion, or influence by the algorithmic analysis of Big Data.
Md Saimum Reza Talukder is an advocate in Judge Court, Dhaka and currently studying law and digital technologies at Leiden University, Netherlands.