Skip to main content
Nubint
QUICK REVIEW

[论文解读] When Data Protection Fails to Protect: Law, Power, and Postcolonial Governance in Bangladesh

Pratyasha Saha, Anita Say Chan|arXiv (Cornell University)|Mar 23, 2026
ICT in Developing Communities被引用 0
一句话总结

本文分析孟加拉国新兴的数据保护机制(PDPO、网络安全条例、国家数据治理条例)以展示正式保护如何受行政主导、执法能力薄弱以及社会技术实践(如“人桥”)绕过正式保障的影响

ABSTRACT

Rapid digitization across government services, financial platforms, and telecommunications has intensified the collection and processing of large scale personal data in Bangladesh. In response, the state has introduced multiple regulatory instruments, including the Personal Data Protection Ordinance, the Cyber Security Ordinance, and the National Data Governance Ordinance in 2025. While these initiatives signal an emerging legal regime for data protection, little scholarly work examines how these frameworks operate collectively in practice. This paper presents a legal and institutional analysis of Bangladeshs emerging data protection regime through a systematic review of these three ordinances. Through this review, the paper provides an integrated mapping of Bangladeshs evolving data protection framework and identifies key legal and institutional barriers that undermine the effective protection of citizens personal data. Our findings reveal that this emerging regime is constrained by limited institutional independence, uneven regulatory capacity, and the misaligned legal assumption of individualized, autonomous data subjects. Furthermore, these frameworks invisibilize prevalent sociotechnical layers, such as informal data flows and mediated access via human bridges, rendering formal protections difficult to operationalize. This paper contributes to HCI scholarship by expanding the concept of data protection as a complex sociotechnical design problem shaped by the informal infrastructures of the Global South.

研究动机与目标

  • 分 map 孟加拉国的个人数据保护条例、网络安全条例与国家数据治理条例如何共同构建个人数据治理。
  • 识别被假设用于执法的制度、技术与社会技术基础设施。
  • 解释为何正式的数据保护法在实践中未能提供有意义的保护。
  • 通过突出非正式媒介的数据流与治理缺口,为去殖民化和人机交互(HCI)学术研究做出贡献。

提出的方法

  • 对三项孟加拉国数据治理工具(PDPO、CSO、NDGO)自 2025 年起的定性法律–制度分析。
  • 对法定条文及相关法律进行归纳性主题分析,并将孟加拉语文本翻译成英文。
  • 制定结构性失效逻辑以解释纸面权利与实际保护之间的差距。
  • 以三个维度进行分析框架:权威/裁量、能力与权利的可行性。
  • 与现有监控和行业法进行比较,以理解相互作用和重叠。
Figure 1. Figure 1 models the structural failure logics of Bangladesh’s data protection regime. Rather than a single point of breakdown, failure emerges from the interaction of three systemic conditions: (1) unconstrained state authority that enables parallel access pathways, (2) weak institutional
Figure 1. Figure 1 models the structural failure logics of Bangladesh’s data protection regime. Rather than a single point of breakdown, failure emerges from the interaction of three systemic conditions: (1) unconstrained state authority that enables parallel access pathways, (2) weak institutional

实验结果

研究问题

  • RQ1RQ1:孟加拉国的数据保护法律体系是什么?
  • RQ2RQ2:这些框架为执法所假设的制度与技术基础设施有哪些?
  • RQ3RQ3:为何现有的数据保护法在实践中未能为公民提供有效保护?

主要发现

  • 监管权力在很大程度上嵌入行政系统,限制了对国家数据处理的独立监督。
  • 广泛的国家豁免与行政覆盖权削弱了对政府数据处理的有意义约束。
  • 执法假设需要的先进基础设施与能力尚未到位,阻碍实际权利保护。
  • 权利条款依赖数字基础设施(如联邦互操作生态系统、NRDEX、BNDIA),在实践中尚未全面实现。
  • 正式的数据保护与管控国家对 PDPO 保障之外的行业监控法并存,影响政府对数据的访问。
  • 社会技术层面如非正式中介者(“人桥”)对正式监管体制仍然不可见,削弱了有效性。
Figure 2. It illustrates the mismatch between formal data protection logics and their operational reality. Figure 2a shows the legal fiction of direct, rights-based interaction between an autonomous data subject and the data protection framework. Figure 2b demonstrates how this pathway breaks in pra
Figure 2. It illustrates the mismatch between formal data protection logics and their operational reality. Figure 2a shows the legal fiction of direct, rights-based interaction between an autonomous data subject and the data protection framework. Figure 2b demonstrates how this pathway breaks in pra

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。