Assignment On

“The Controllers exclusive power could cause problems with the enforcement
of ICT Act 2006”

Course Title : Cyber law in Bangladesh

Course Code : LLBH(205)

Prepared For :
Dr. Md. Arifuzzaman
Senior Lecturer, Department of law
Green University of Bangladesh

Prepared By :
Nahida Afroj
Id:203011004, Department of law
Green University of Bangladesh

Submission Date : 07-08-2021

 CONTENTS
1. Who is a Controller?
2. What is power of Controller?
3. Functions of the Controller.
4. Recognition of foreign Certifying Authorities.
5. Licence to issue Digital Signature Certificate.
6. Procedure for grant or rejected of licence.
7. Controller to act as repository.
8. Revocation and suspension of licence.
9. Notice of revocation revocation or suspension of licence.
10. Power to delegate.
11. Power to investigate contraventions.
12. Access to Computers and data.
13. My personal Commentary on this view.
14 . Conclusion .
15. Bibliography.
1.Controller :
Controllers are individuals or entities that, alone or in jointly with others, determine the purposes
and the means of the processing of personal data. The first and foremost role of the concept of
controller is to determine who shall be responsible for compliance with data protection rules, and
how data subjects can exercise the rights in practice. Controllers are primarily responsible for
overall compliance.

2. The Power of Controller :

(1) The Controller may, after consultation with the Cyber Regulations Advisory Committee and
with the previous approval of the Central Government, by notification in the Official Gazette,
make regulations consistent with this Act and the rules made thereunder to carry out the purposes
of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such regulations
may provide for all or any of the following matters, namely:-

(a) the particulars relating to maintenance of data-base containing the disclosure record of every
Certifying Authority under clause (m) of section 18

(b) the conditions and restrictions subject to which the Controller may recognize any foreign
Certifying Authority under sub-section (1) of section 19.

(c) the terms and conditions subject to which a license may be granted under clause of sub-
section (3) of section 21.

(d) other standards to be observed by a Certifying Authority under clause (d) of section 30.

(e) the manner in which the Certifying shall disclose the matters specified in sub-section (1) of
section 34.

(f) the particulars of statement which shall accompany an application under sub-section (3) of
section 36.
3. Functions of the Controllers :
We know, The Controller may perform all or any of the following functions :- a. Exercising
supervision over tge activities of the Certifying Authorities.
b. Laying down the standards to be maintained by the Certifying Authorities.
c. specifying the qualifications and experience which employees of the
Certifying Authorities should possess;
(d)specifying the conditions subject to which the Certifying Authorities .
e. specifying the contents of written, printed or visual materials and
advertisements that may be used in respect of a Digital Signature Certifying:
f . specifying the form and content of a Digital Signature Certificate;
g . specifying the form and manner in which accounts shall be maintained
by the Certifying Authorities;
(h) specifying the terms and conditions subject to which auditors may be
appointed and the remuneration to be paid to them for auditing the Certifying
Authorities;
i)facilitatining the establishment of any electronic system by a Certifying
Authority either solely or jointly with other Certifying Authorities and regulation of such
systems;
(j) specifying the manner in which the Certifying Authorities shall
conduct their dealings with the subscribers;
k) resolving any conflict of interests between the Certifying Authorities
and the subscribers;
l) laying down the duties and responsibilities of the Certifying Authorities
(m) maintaining computer based databases, which
(i) contain the discloser record of every Certifying Authority containing such particulars as may
be specified by regulations and
ii) shall be accessible to the member of the public

4. Recognition of foreign Certifying Authorities :

(1) Subject to such conditions and restrictions as may be specified by regulations, the Controller
may, with the previous approval of the Government, and by notification in the Official Gazette
and additionally optionally in Electronic Gazette, recognize any foreign Certifying Authority as a
Certifying Authority for the purposes of this Act.
(2) Where any Certifying Authority is recognized under sub-section (1) of
this section, the Digital Signature Certificate issued by such Certifying
Authority shall be valid for the purposes of this Act.
(3) The Controller may, if he is satisfied that any Certifying Authority has
contravened any of the conditions and restrictions subject to which it was
granted recognition under sub-section () of this section, for reasons to be
recorded in writing, by notification in the Official Gazette and additionally
optionally in Electronic Gazette, revoke such recognition.

5 . Licence to issue Digital Signature Certificate:

(1) Subject to the provision of subsection (2) of this section, any person may make an
application to the Controller for a licence to issue Digital Signature
Certificates.
(2) No licences shall be issued under sub-section
(1) of this section unless the applicant fulfills such requirements with respect to qualification
expertise, manpower, financial resources and other infrastructure facilities which are necessary
to issue Digital Signature Certificates.
(3) A licence granted under sub-section (1) of this section-
(a) shall be valid for certain period;
(b) shall be delivered subject to fulfilling defined terms and conditions;
and
(c) shall not be transferable or heritable.

6.Procedure for grant or rejected of licence :

The Controller may on receipt an application under sub-section (1) of section 22 of this Act, after
considering the documents accompanying the application and such other factors as he deems fit,
grant the licence or reject the application Provided that no application shall be rejected under this
section unless the applicant has been given a reasonable opportunity of presenting his case.
7.Controller to act as repository :
The Controller Shall be the repository of all Digital Signature Certificates issued under this Act.
The controller shall ensure that the secrecy and security of the digital signature are assured and in
order to do so shall make use of hardware, software and procedure that are secure from intrusion
and misuse and follow such standards as may be prescribed.

8.Revocation and suspension of licence :

1) The Controller may Suspend or revoke any licence under this Act, if he is satisfied after
making Such inquiry, as he may think fit, that a Certifying Authority has
(a) made statement in, or in relation to, the application or the issue
renewal of the licence, which is incorrect or false in material particulars;
(b) failed to comply with the terms and conditions subject to which the
licence was granted;
(C) failed to main the standards specified under section 21(2) of this Act:
(d) contravened any provisions of this Act, rules, regulations or orders made thereunder.

2) No licence shall be revoked unless the Certifying Authority has been

given reasonable opportunity of showing cause against the proposed
revocation under sub-section (1) of this section.
The Controller may, if he has reasonable cause to believe that there is
any ground for revoking a licence under sub-section () of this section, by or,
Suspend such licence temporarily pending the completion or any enquiry
ordered by him.
(4) No licence shall be suspended for a period exceeding 14 (fourteen)
days unless the Certifying Authority has been given a reasonable opportunity
of showing cause against the propose suspension under sub-section (3) of this
section;
(5) A Certifying Authority whose licence has been suspended temporarily
shall not issue any Digital Signature Certificate during the period of such
suspension.

9.Notice of revocation revocation or suspension of licence

(1) Where the licence of a certifying Authority is revoked or suspended temporarily, the
Controller shall publish notice of such revocation or suspension, as the case
may be, in the database maintained by him.
(2) Where one or more repositories are specified, the Controller shall
publish notices of such temporarily revocation or suspension, as the case may
be, in all such repositories:
Provided that the database containing the temporarily notice of such
revocation or suspension, as the case may be, shall be made available
electronically including website or any other medium which shall be
accessible round the clock.

10.Power to delegate :
The Controller may in writing, authorize the Deputy Controller Assistant Controller or any other
Officer to exercise any of the power of the Controller under ICT Act -2006.

11 .Power to investigate contraventions :

(1) The Controller or any officer authorized by him in this behalf shall take up for investigation
any contravention of the provisions of this Act, rules or regulations made thereunder.
(2) The Controller or any officer authorized by him in this behalf shall, for
the purposes of sub-section (1) of this section, have the same power as are
vested in a Civil Court under the Code of Civil Procedure, when trying a suit
in respect of the following matters, namely:-
(a) discovery and inspection;
(b) enforcing the attendance of any person and examining him on oath or affirmation;
(C) compelling the production of any document; and
(d) issuing commissions for the examination of witness.

12 .Access to Computers and data :

(1) Without prejudice to the provisions of section 45 of this Act the Controller or any officer
authorized by him shall, if he has reasonable cause to suspect that any contravention of the
provisions of this Act or rules and regulations made there under has been committed, have access
to any computer system, any apparatus, data or any other material connected with such system,
for the purpose of searching or causing a search to be made for obtaining any information or data
contained in or available to such computer system.
(2) For the purpose of sub-section (1) of this section the Controller or any officer authorized by
him may, by order, direct any person in charge of, or otherwise concerned with the operation of,
the computer system, data apparatus or material, to provide him with such reasonable technical
and other assistance as he may consider necessary.
(3) If authorization has been given to a person, the authorized person shall oblige to assist as
instructed under sub-section (1) of this section

13 .My personal Commentary on this view:

I read the ICT Act 2006 and realized that the controller can check any website, anyone's phone,
laptop if he wants. Because, the government has given such power to the controller .The ICT
Act- 2006 is basically the responsibility of the controller to ensure that no one is committing a
crime by phone or other device.

14. Conclusion :
The ICT Act regulates the use of digital security certificates, the provision of data services and
defines a series of offences related to malicious activity online. It provides remedies for offences
such as unauthorized damage to computer systems, tampering with computer source code,
hacking, publishing fake, obscene or defamatory information in electronic form, and publishing
false digital signature certificates.

The ICT Controller is an officer appointed under the ICT Act and regulates its implementation.
Under section 29 of the ICT Act, the Controller, or any officer authorized by him should
investigate any contravention of the ICT Act, or the rules or regulations made under it. In order
to do so, the Controller or authorized officer has the same powers as those vested in a civil court
under Bangladesh’s Code of Civil Procedure, which include powers of discovery and inspection
and compelling the production of any document.
Under section 30, the ICT Controller may access any computer system, any apparatus, data or
any other material connected with a computer system, for the purpose of searching or causing a
search to be made for obtaining any information or data contained in or available to the computer
system. The ICT Controller may, by order, direct any person in charge of, or otherwise
concerned with the operation of, the computer system, data apparatus or material, to provide him
with such reasonable technical and other assistance as he may consider necessary.

15. Bibliography:
1.Text book on Cyber law in Bangladesh written by Dr.Zulfiquare Ahmed
2.BJS written master, written by Emran Hossain
3.Internet :-
(a).BD Laws.com
(b).Lectures document on ICT Act -2006
Dr.Md.Arifuzzaman,Senior lecturer, Department of law
Green University of Bangladesh.