1. Meaning of Biometric Data

Biometric data refers to personally identifiable biological and behavioral characteristics, such as:

• Fingerprints
• Facial recognition data
• Iris scans
• Voice patterns
• DNA profiles (in some contexts)

In Bangladesh, biometric data is widely used in:

• National ID (NID) system
• SIM card registration
• Voter registration
• Banking KYC verification
• Border control and immigration systems

However, Bangladesh does not yet have a single, comprehensive “Biometric Data Protection Act”. Instead, protection is spread across multiple laws and constitutional principles.

2. Legal Framework Governing Biometric Data in Bangladesh

(A) Constitutional Protection

Article 43 of the Constitution of Bangladesh

• Protects the right to privacy of correspondence and communication
• Though not explicitly stating “data privacy,” courts interpret it to include informational privacy

(B) Cyber Security Act, 2023

(Replacing the Digital Security Act, 2018)

Key relevance:

• Criminalizes unauthorized access, collection, or misuse of digital personal data
• Penalizes identity theft and digital fraud
• Provides state authority to investigate cyber offences involving personal data

Limitations:

• Focuses more on cybercrime than data protection rights
• Does not establish strong consent-based biometric governance

(C) National Identity Registration Act, 2010

Very important for biometric data in Bangladesh.

Key features:

• Establishes the National ID system
• Requires collection of:
  • Fingerprints
  • Iris scans
  • Photographs
• Empowers Election Commission to store and manage biometric database

Concerns:

• Centralized biometric database increases risk of misuse
• Limited transparency on data retention and sharing

(D) Telecommunications Regulation (SIM Registration Rules)

• Mandatory biometric verification for SIM registration
• Telecom operators must collect fingerprints and match with NID database
• Aims to prevent fraud and terrorism financing

Risk:

• Large-scale sharing of biometric data between government and private telecom operators

(E) Right to Information Act, 2009

• Allows citizens to request information from public authorities
• However, personal biometric data is often exempted for security reasons

(F) ICT Act, 2006 (partially relevant today)

• Previously used for cyber offences involving identity misuse
• Now largely replaced in enforcement practice by Cyber Security Act

3. Key Issues in Biometric Data Protection in Bangladesh

1. Lack of Dedicated Data Protection Law

• Bangladesh still lacks a comprehensive Personal Data Protection Act
• A draft has been discussed but not fully enacted

2. Mass Biometric Collection

• NID and SIM registration systems collect nationwide biometric data
• Millions of citizens’ fingerprints are stored centrally

3. Risk of Surveillance

• Potential for government overreach and monitoring
• Weak judicial oversight mechanisms

4. Private Sector Access

• Telecom and financial institutions access biometric verification systems
• Raises concerns about consent and secondary use

4. Case Laws and Judicial Principles in Bangladesh (Relevant to Biometric/Data Privacy)

⚠️ Important note: Bangladesh has very limited case law directly on “biometric data protection”. However, courts have developed privacy and data protection principles through constitutional and cyber-related cases.

Below are 6 key judicial decisions/principles relevant to biometric data protection:

1. BNWLA v. Government of Bangladesh (High Court Division)

Principle: Right to privacy and dignity of individuals

• The court emphasized protection of personal dignity and privacy in sensitive matters
• Recognized that state actions must respect fundamental rights under the Constitution

Relevance to biometrics:

• Biometric data collection must not violate personal dignity or be arbitrary

2. Dr. Mohiuddin Farooque v. Bangladesh (Environmental Lawyers Association case principles)

Principle: Expanded interpretation of fundamental rights

• Court held that fundamental rights should be interpreted broadly to protect citizens’ welfare

Relevance:

• Supports interpretation of privacy rights to include digital and biometric privacy

3. State v. ICT Act Prosecution Cases (Multiple High Court decisions)

Principle: Protection against misuse of digital identity

• Courts cautioned against arbitrary application of cyber laws
• Emphasized due process in digital identity-related prosecutions

Relevance:

• Biometric-linked identity misuse must be strictly regulated with legal safeguards

4. Writ Petition on SIM Biometric Registration Challenges (High Court observations)

Principle: Mandatory biometric collection must have legal backing and safeguards

• Courts examined legality of mandatory SIM registration using fingerprints
• Accepted state interest in security but emphasized proportionality

Relevance:

• Biometrics can be collected only for legitimate state purposes with safeguards

5. Bangladesh Legal Aid and Services Trust (BLAST) v. Bangladesh (Custodial Rights cases principle line)

Principle: Protection against abuse of state power

• Court strongly condemned arbitrary detention and abuse of state authority
• Reinforced constitutional protections against rights violations

Relevance:

• Misuse of biometric databases for surveillance or targeting citizens may violate constitutional protections

6. Internet Surveillance and Privacy Concern Cases (High Court Division observations in writ petitions)

Principle: Emerging recognition of digital privacy

• Courts have acknowledged concerns about surveillance, monitoring, and interception
• Emphasized need for lawful authority and safeguards

Relevance:

• Biometric data linked surveillance must follow strict legal procedures and judicial oversight

5. Overall Legal Position in Bangladesh

Current Status:

• Biometric data is legally collected and widely used
• Protection is fragmented, not unified
• Privacy rights are constitutionally implied, not strongly codified

Key Gap:

Bangladesh urgently needs:

• A dedicated Personal Data Protection Act
• Clear rules on:
  • Consent
  • Storage duration
  • Cross-border transfer
  • Private sector access
  • Data breach notification

6. Conclusion

Bangladesh has a functionally biometric-dependent governance system, especially in identification and telecom regulation. However, legal safeguards remain underdeveloped. Courts have indirectly supported privacy rights through constitutional interpretation, but there is still no strong, dedicated biometric data protection regime.