Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
The government has taken a tougher stance on safeguarding citizens' personal information through the newly approved Personal Data Protection Ordinance 2025.
The ordinance aims to establish a strict accountability framework for both public and private institutions handling personal data.
Announcing the move at a press briefing on Sunday, Faiz Ahmad Taiyeb, special assistant to the chief adviser on posts, telecommunications and information technology, said the ordinance would ensure confidentiality, security, and the lawful use of citizens' personal data, while introducing judicial oversight to prevent the misuse of authority.
"Our goal is to secure citizens' data and guarantee accountability across all stakeholders - from government agencies to private platforms," Taiyeb said at the ICT Division auditorium in the capital's Agargaon.
"This is a national initiative built on technical expertise, not secrecy."
To implement the new ordinance, a data protection authority will be established, comprising six specialised wings that will focus on key areas, such as the National Cloud Policy, Artificial Intelligence (AI) Policy, National Software Policy, and Enterprise Culture, among others.
Taiyeb said the authority would include experts from both government and private sectors.
The executive chairman's post could be filled by a qualified private-sector professional, while members of parliament (MPs) with expertise in data governance may also be included in the council.
To reinforce transparency, a quasi-judicial council will be formed under the authority to hear complaints from citizens whose data has been misused.
"The authority itself will be accountable to this council," Taiyeb noted.
The special assistant said 18 months had been allocated for the full rollout of the data protection framework.
He said three national data centres were already being established under the Bangladesh Computer Council (BCC), with vendors given six to 12 months to complete installation.
"If the government can build a data centre in a year, private platforms can comply within 18 months," Taiyeb said, calling on all entities to adhere to the time frame.
He stressed that data ownership lay with individuals, while the authority would oversee whether institutions handling such data had the technical capacity to ensure its protection.
"There are no non-bailable clauses or unlimited powers in this law," Taiyeb said. "Judicial mechanisms are in place to ensure the authority remains accountable."
The new data protection ordinance has drawn criticism from the Transparency International Bangladesh (TIB), which said the government had approved it hastily and in secrecy.
But rejecting the claim, Taiyeb asserted that extensive consultations had been held with local and international stakeholders, including Meta, Google, and representatives from the business community.
"We worked for more than six months, day and night, consulting all relevant actors," he said. "We had to move quickly, but we did not compromise on quality."
He acknowledged past errors in the Cyber Security Act but said those had been corrected in the new amendment.
"If we find any mistake in this ordinance, we will fix it again. We are open to criticism and discussion," he added.
Taiyeb also urged media outlets to verify facts before reporting on the new laws.
"If you report without consulting us or understanding the technicalities, misinterpretations are likely. We request you to engage with us and report based on knowledge," he said.
Taiyeb said the government had moved away from depending on foreign experts to draft digital policies and was instead relying on domestic technical capacity, while taking guidance from internationally recognised legal experts.
He said the ordinance would soon be published in the gazette, and training programmes would be introduced within the government to facilitate its implementation.
Under the broader digital governance framework, the government would also introduce guidelines for software use in public offices to prevent piracy and enhance cybersecurity, he said.
"There will be specific instructions on what software each government office can use," Taiyeb said. "Working in digital space means shared responsibility - citizens, government, and institutions must collaborate to make the system secure."
Taiyeb said the new ordinance marked a turning point in Bangladesh's digital governance, noting that the country had long lagged behind global standards, such as the European Union's data protection framework introduced in 1999.
"We are bridging a 25-year knowledge and policy gap," he said. "We are building a complete cyber ecosystem with our own resources and expertise."
He added that the ordinance had defined platform liability, data ownership, and government oversight of data storage, creating a legal and technical structure that balanced innovation with public interest.
bdsmile@gmail.com