Data Dominion: Directives Define Digital Rights

Bangladesh has redefined data ownership, emphasizing that personal data belongs to individuals rather than the government or any collecting agency. This landmark shift was outlined by Faiz Ahmad Taiyeb, Special Assistant to the Chief Advisor, during a press conference held on Thursday, October 9, at the Foreign Service Academy following the Advisory Council meeting at the Chief Advisor’s office in Tejgaon, Dhaka.

“We have lived under a governance system where data ownership was assumed to rest with the government or the ministry, department, or agency that collected it. This law changes that perspective,” Faiz Ahmad Taiyeb said. “Through the new legislation, we are asserting that data belongs to the people. In other words, an individual owns the data they generate. With their consent, data can be collected, stored, exchanged, or processed on their behalf. Consent is mandatory for these four actions. The law also provides clear guidelines on how one organization may share data with another, and how that data can be used domestically and internationally.”

Addressing companies licensed to operate in Bangladesh, he stated, “If such an entity commits an offense and a court issues instructions, it is legally bound to comply. Non-compliance may result in penalties. Even if they do not have a local office, they must fulfill the court’s directives through a liaison office or other mechanisms.”

Faiz Ahmad Taiyeb also highlighted the government’s decision to remove mandatory data localization requirements. “Since most global cloud services operate under a ‘cloud-first’ principle—like Microsoft and Apple—we realized that enforcing data localization could potentially block business. Therefore, for practical reasons, we have relaxed this requirement.”

However, he emphasized that data protection and sovereignty remain priorities. “To safeguard these interests, we have classified data into four categories: government open data, private open data, confidential data, and restricted data. For confidential and restricted data, all platforms, software, hardware companies, or data processors must fall under the legal jurisdiction of Bangladeshi courts. For instance, if a court issues a directive to Meta or Facebook, compliance is now legally mandated under this law.”

This legislative framework, encompassing the Personal Data Protection Ordinance 2025 and the National Data Management Ordinance 2025, aims to provide a structured, enforceable system for digital data governance while balancing innovation and privacy.