Transparency International Bangladesh on Saturday urged the interim government to suspend the Personal Data Protection Ordinance and the National Data Governance Ordinance.
It also called on the government to move forward regarding the ordinances only after ensuring meaningful stakeholder participation and taking expert opinions.
The anti-corruption watchdog in a statement sent to the media also expressed concern, frustration and disappointment over the hasty approval of the two ordinances by the Council of Advisers of the interim government without adequate expert consultation and stakeholder engagement.
‘The draft of the data protection law had been going through a prolonged phase of contention between stakeholders and the former authoritarian government before its fall,’ said TIB executive director Iftekharuzzaman.
‘After assuming responsibility, the interim government initially followed a proactive and inclusive participatory process, which led to several positive changes,’ he further mentioned.
The TIB chief then criticised the government, alleging that it ignored stakeholders’ recommendations regarding critical weaknesses and risks in the drafts and secretly approved the latest drafts unilaterally without informing stakeholders.
Expressing surprise at the exclusion of internationally recognised data protection principles of ‘lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, integrity and confidentiality and accountability’ from the drafts, Iftekharuzzaman said that such exclusion would make the ordinances ‘crippled and ineffective from the very beginning’.
According to the version of the draft obtained by TIB, the provision under Subsection 15(4) creates scope to exempt data controllers and processors from their duties and responsibilities, which TIB describes as a deceptive loophole.
Referring to Section 24 regarding exemptions, Iftekharuzzaman said that the ordinance allowed broad access to personal data in the name of ‘crime prevention’.
‘It is essential to clarify under what considerations and objectives such provisions—intended to protect data—have instead been kept as tools for control and surveillance,’ he pointed out.
The authority to use personal data in the name of national security and public interest had also been retained, he said.
‘Allowing government agencies unrestricted access to data servers without judicial oversight creates serious risks of misuse. Furthermore, the core constitutional commitment to ensuring the privacy of personal information is not reflected in the draft, which is truly alarming,’ he also said.
TIB has also objected to the way misuse of information has been criminalised in the ordinances, expressing concern over its potential negative impacts on business and commerce.
Commenting on the lack of an independent authority for data protection—despite longstanding demands, Iftekharuzzaman added, ‘Almost abruptly, the draft National Data Governance Ordinance 2025 has been approved to form a so-called interoperability authority, despite being inconsistent with global practices and based on unrealistic concepts…’
Referring to expert opinions, it also warned that it posed serious risks of self-defeating consequences.
Criticising the lack of broader stakeholder feedback outside government and bureaucratic circles in the process, TIB termed it as a disappointing example of authoritarian practice.
TIB also called on the government not to enforce the two ordinances in their current form, iterating for necessary amendments through the inclusion and reflection of stakeholders’ opinions.