The interim government on Thursday approved a proposal to amend the ‘Cyber Security Ordinance 2025’, under which all cases and convictions under eight sections of the now-repealed ‘Digital Security Act 2018’ will be nullified.
The government also approved drafts of the ‘Personal Data Protection Ordinance 2025’ and the ‘National Data Governance Ordinance 2025’, both under the ICT Division, to strengthen digital privacy, data management, and governance in line with global standards.
The approvals came at a meeting of the ‘Advisory Council of the interim government’, held at the office of chief adviser Professor Muhammad Yunus at Tejgaon in Dhaka.
After the meeting, the chief adviser’s special assistant for ICT affairs, Faiz Ahmad Taiyeb, at a press conference at the Foreign Service Academy in Dhaka, said that the cabinet approved a proposal to amend Section 50 of the CSO 2025, which would formally nullify all cases and punishments under eight specific sections of the repealed DSA.
‘All cases, convictions, and investigations under eight sections of the Digital Security Act will be cancelled following the amendment,’ he said, and added that no further legal actions would be pursued under those provisions.
According to the approved amendment, all pending cases or proceedings—whether before a court, tribunal, or under investigation by the police or any other authority—related to offences under sections 21, 24, 25, 26, 27, 28, 29, and 31 of the DSA will be cancelled.
Moreover, any punishment or fine imposed by any court or tribunal under those sections will be considered null and void, and no further legal process will continue in those cases.
The now-defunct sections covered offences such as propaganda or campaigns against the liberation war or its spirit, offences against the father of the nation, national anthem, or flag, publication or transmission of false, offensive, or defamatory information, digital intrusion into sensitive or confidential data, hurting religious sentiments, and publication of content inciting hatred, hostility, or damaging communal harmony.
Chief adviser’s press secretary Shafiqul Alam at the press conference said that the advisory council also approved the draft of the ‘Personal Data Protection Ordinance 2025’, aimed at ensuring privacy, integrity, and security in personal data processing.
According to the draft, the proposed ordinance seeks to tackle challenges such as fairness, interoperability, and responsible innovation, while enhancing trust in Bangladesh’s digital ecosystem.
Once enacted, the ordinance will set international standards for data collection, processing, storage, transfer, disclosure, and destruction, contributing significantly to the country’s growing digital economy.
The ordinance comprises 57 sections, including personal data, which will be recognised as individual property, requiring lawful processing based on consent.
Data collectors must inform individuals about the purpose, retention period, transfer, and withdrawal process before obtaining consent.
Parental or guardian consent is mandatory for minors or persons unable to provide consent while data subjects can access their data and withdraw consent at any time.
Processing of sensitive personal data will be subject to specific conditions and independent data audits will be conducted by authorised auditors under a designated authority.
Exemptions from consent will apply in cases involving national security, defense, public order, crime prevention, tax evasion, misuse of public funds, public health, education, or artistic and literary work.
The government will classify personal data into four categories – public/open, internal, confidential, and restricted data.
The ordinance also provides for administrative penalties up to Tk 25 lakh and compensation for data rights violations.
Penalties will also apply for unauthorized processing, illegal access, tampering, misuse, or handling of sensitive data without approval.
Data controllers will not be allowed to retain personal data beyond the prescribed retention period, the draft states.
In addition, the advisory council approved the draft of the National Data Governance Ordinance 2025, designed to align with global technological developments, improve citizen services, and create an integrated framework for data management across government and private entities.
According to Taiyeb, the ordinance consists of 68 sections and provides for the lawful processing and secure sharing of data among different institutions.
It also proposes the establishment of an independent body titled the National Data Management Authority, responsible for overseeing data governance and ensuring interoperability.