The government on Friday urged all parties to avoid spreading speculation or miscommunication over the approved Personal Data Protection Ordinance and National Data Governance Ordinance.
The special assistant to the chief adviser for the posts, telecommunications and information technology ministry, Faiz Ahmad Taiyeb, came up with the cautionary instruction in an open letter to the media.
Faiz in the letter assured that the government maintained transparency and all commitments and assurances made during previous consultations and accurately reflected in the ordinances.
He warned that the government would not allow vested interests or misinformation campaigns to block essential national reforms.
Faiz’s remarks came amid criticisms of the ordinances by several organisations, including the Transparency International Bangladesh, over the approval of the two ordinances alleging that the ordinances were passed without adequate consultations with the stakeholders.Â
Faiz’s letter titled ‘Clarification and Further Engagement on PDPO and NDGO’ stated that the government had undertaken extensive consultations with stakeholders — both domestic and international — throughout the drafting process of the Personal Data Protection Ordinance.Â
The letter requested all parties to refrain from practicing or communicating beyond their professional scope and avoid spreading unnecessary speculations regarding these legislative efforts.Â
‘All commitments and assurances communicated during previous consultations have been respected and accurately reflected in the final PDPO,’ he said.
The letter addressing the digital community members of Bangladesh said that it had been consistently communicated that the government would establish an authority, whose role had been defined by and within the PDPO itself.
The authority is not limited to overseeing PDPO implementation alone; rather, it is designed primarily as an institutional mechanism for internal, inter-ministerial, and intra-governmental data governance and coordination.
Its structure, functions, and mandate were finalised after a wide inter-ministerial consultation, it added.
The letter said that the government had not introduced any provision mandating data localisation as reported in a recent newspaper article rather adopted a cloud-first approach.
The PDPO only requires that personal data classification that certain highly sensitive data — such as NID, biometric identifiers, voter information, date of birth, and banking data — should be governed under Bangladeshi law, as is standard practice globally.
Common data, such as text messages, photos, contents, videos, documents and emails are not included under this category, it said, adding that even for restricted personal data, the law allowed processing abroad, provided it remained legally accountable to the Bangladeshi court’s jurisdiction.
The ordinance uses the term ‘substantial volume’ regarding the transfer of restricted personal data abroad — meaning bulk transfers of such data would require consent/approval for security and sovereignty reasons.
According to the letter, the PDPO offers an 18-month transition period and has introduced a consent-based data fiduciary and processing framework that aligns with global best practices, including the EU GDPR (General Data Protection Regulation) and ASEAN standards.
On October 9, the government during a meeting of the council of advisers approved the Personal Data Protection Ordinance, 2025, designed to safeguard citizens’ data privacy and establish a comprehensive legal framework in the digital domain.