1. Constitutional Basis of Privacy

Article 43 – Constitution of Bangladesh

Article 43, Constitution of Bangladesh

Principle:

• Protects privacy of home, correspondence, and communication
• Forms the constitutional foundation of privacy rights

Relevance to crowdfunding:

Crowdfunding platforms often involve:

• Online communication between donors and campaigners
• Sharing of personal stories (medical, disaster relief, etc.)

👉 Any unauthorized disclosure of donor identity or campaigner data may violate constitutional privacy principles.

2. Cyber Security Act, 2023 (Data Protection Elements)

Cyber Security Act, 2023

Principle:

• Criminalises unlawful collection, use, or disclosure of identity information
• Covers data such as name, phone number, biometric and financial identifiers
• Introduces penalties for unauthorized access and misuse

Relevance:

Crowdfunding platforms must:

• Secure donor databases
• Prevent hacking or leakage of financial contributions
• Avoid selling donor data to third parties

👉 Unauthorised sharing of donor lists or campaign contributors can be criminally liable.

3. Emerging Personal Data Protection Ordinance, 2025

Personal Data Protection Ordinance, 2025

Principle:

• Establishes data ownership in individuals
• Requires consent-based data processing
• Imposes obligations of transparency, purpose limitation, and security safeguards

Relevance to crowdfunding:

Platforms must:

• Obtain clear consent before collecting donor data
• Clearly explain how funds and personal data are used
• Limit data usage strictly to donation processing
• Allow users to request deletion of their data

👉 This is the most direct legal framework affecting crowdfunding privacy.

4. ICCPR-Based Privacy Protection (International Principle)

Bangladesh is a party to the International Covenant on Civil and Political Rights (ICCPR).

Principle:

• Recognises protection against arbitrary interference with privacy
• Requires lawful, necessary, and proportionate data collection

Relevance:

Crowdfunding platforms cannot:

• Collect excessive personal data “just in case”
• Share donor data without lawful justification

👉 This strengthens donor anonymity expectations in sensitive campaigns (e.g., political or medical donations).

5. Digital Security Case Law Principles (Data Misuse Prevention)

General Judicial Recognition of Privacy in Bangladesh

Bangladesh privacy jurisprudence (constitutional interpretation line of cases)

Principle:

• Courts in Bangladesh have repeatedly acknowledged privacy as part of constitutional rights
• Privacy violations arise from unauthorised collection and disclosure of personal data

Relevance:

In crowdfunding:

• Publishing donor names without consent may be actionable
• Leaking campaign beneficiary medical or financial data may violate privacy expectations

👉 Courts treat personal data misuse as a rights violation, even without explicit crowdfunding laws.

6. Comparative Data Protection Principles (Global Influence)

Informational Self-Determination Principle

Informational Self-Determination Principle

Principle:

• Individuals control how their personal data is collected, stored, and shared

Relevance:

Crowdfunding platforms must ensure:

• Donors can choose anonymous vs public contributions
• Campaign creators control what personal story data is published
• Users can withdraw consent

👉 This principle strongly influences Bangladesh’s emerging legal approach.

7. Data Breach Liability and Security Obligations

Cyber Risk Framework under Bangladeshi Law

Cyber Security Act, 2023

Principle:

• Platforms must implement reasonable security safeguards
• Unauthorized access to identity or financial data is punishable

Relevance:

Crowdfunding platforms must:

• Encrypt payment and donor data
• Prevent phishing or impersonation scams
• Report breaches (emerging compliance expectation)

👉 Failure to protect donor data can result in criminal liability and reputational damage.

Key Privacy Obligations in Online Crowdfunding Platforms

1. Consent-Based Data Collection

• Donors must knowingly agree before data collection
• No hidden tracking or silent profiling

2. Data Minimisation

• Only essential data (payment + identity verification) should be collected
• Avoid unnecessary demographic or behavioural tracking

3. Purpose Limitation

• Donor data can only be used for processing donations
• Cannot be reused for marketing or resale

4. Transparency Requirement

Platforms must clearly disclose:

• How funds are handled
• Who can access donor data
• Whether anonymity is supported

5. Security Safeguards

Must include:

• Encryption of financial data
• Secure authentication systems
• Protection against hacking and insider misuse

6. Right to Privacy and Control

Users should be able to:

• Delete accounts
• Withdraw consent
• Control visibility of donations

7. Special Protection for Sensitive Campaigns

Higher protection applies to:

• Medical crowdfunding
• Disaster relief cases
• Political or religious donations

Conclusion

Privacy obligations in online crowdfunding in Bangladesh are based on a hybrid legal framework, combining constitutional rights under Article 43, Constitution of Bangladesh, cybercrime provisions under the Cyber Security Act, 2023, and emerging data protection principles under the Personal Data Protection Ordinance, 2025.

While Bangladesh does not yet have a fully mature crowdfunding-specific privacy regime, courts and legislation increasingly recognise that donor data, financial records, and campaign information must be treated as sensitive personal data requiring consent, security, and strict purpose limitation.