Open Letter to the Digital Community members of Bangladesh 

Dear, 

Thank you for your interest and for your continued engagement with Bangladesh’s ongoing digital governance reforms.

At the outset, I would like to reaffirm that the Government of Bangladesh has undertaken extensive consultations with stakeholders—both domestic and international—throughout the drafting process of the Personal Data Protection Ordinance (PDPO). It has been consistently communicated that the Government will establish an Authority, whose role is defined by and within the PDPO itself.

The Authority is not limited to overseeing PDPO implementation alone; rather, it is designed primarily as an institutional mechanism for internal, inter-ministerial, and intra-governmental data governance and coordination. Its structure, functions, and mandate were finalized after wide inter-ministerial consultation.

We would also like to humbly request that all parties kindly refrain from practicing or communicating beyond their professional scope and avoid spreading unnecessary speculations regarding these legislative efforts. All commitments and assurances communicated during previous consultations have been respected and accurately reflected in the final PDPO.

For clarity, please note:

The Government has not introduced any provision mandating data localization, as mistakenly reported in a recent newspaper article. The claim that “all data must be stored domestically” is 100% incorrect.

The PDPO only requires personal data classification that certain highly sensitive data—such as NID, biometric identifiers, voter information, date of birth, and banking data—be governed under Bangladeshi law, as is standard practice globally.

Common data, such as text messages, photos, contents, videos, documents and emails are not included under this category.

Even for restricted personal data, the law allows processing abroad, provided it remains legally accountable to the Bangladeshi court's jurisdiction.

The Ordinance uses the term “substantial volume” regarding the transfer of restricted personal data abroad — meaning bulk transfers of such data would require consent/approval for security and sovereignty reasons.

It appears that a recent Daily Star article was based on an outdated draft from a previous administration and does not reflect the final, balanced provisions now adopted. Also the ordinance does not force 5% of turnover as penalty. The Government strongly rejects such misrepresentations.

Furthermore, Bangladesh has adopted a cloud-first approach — not data localization.
We are offering an 18-month transition period and have introduced a consent-based data fiduciary and processing framework that aligns with global best practices, including the EU GDPR and ASEAN standards.

In fact, the Government has taken a progressive and balanced approach:
* We have removed data localization requirements, meaning platforms will not be forced to store data only within Bangladesh.
* We are only requiring that digital platforms remain under the jurisdiction of Bangladeshi courts — which is a global standard practice, ensuring accountability without restricting business.
*By comparison, India mandates financial data localization, and Vietnam enforces strict regulations on personal data.

Bangladesh, in contrast, is adopting a cloud-first policy, encouraging innovation while maintaining sovereignty. Moreover, the Act offers:
- An 18-month transition period for all organizations to comply,
-A consent-based data fiduciary and processing framework,
-And alignment with international data protection principles used in the EU, UK, and ASEAN.

At the same time, let us not forget the ground reality — over 50 million Bangladeshi citizens’ personal data have already appeared on the dark web, and our software industry continues to lose international contracts for failing to meet global compliance standards.

These realities make strong, modern data governance not a choice — but a national necessity.

Our focus remains unwavering: to protect citizens’ data, uphold digital sovereignty, and build a trusted, ethical digital future. We cannot allow vested interests or misinformation campaigns to block essential national reforms.

Bangladesh welcomes open dialogue and responsible engagement — but we will firmly defend our citizens’ rights, our digital future, and our sovereign authority to set fair, modern rules for data governance.

Before the end of my current tenure, I will personally ensure that open discussions is organized to provide further clarification and engagement with industry stakeholders, including local and foreign business Councils.

Thank you again for your understanding and continued collaboration.

--
Warm regards,
Faiz Ahmad Taiyeb

Special Assistant to the Chief Adviser
Ministry of Posts, Telecommunications and Information Technology
People's Republic of Bangladesh