.webp)
Bangladesh's amended Data Protection Ordinance grants citizens enforceable rights but risks surveillance through weak regulatory independence.
Bangladesh took an important step toward digital sovereignty and data protection with its newly enacted Personal Data Protection Ordinance (PDPO), but there are structural weaknesses that may undermine protections to citizens. The PDPO is a landmark moment in this developing nation because it provides for the recognition of personal data as a form of property and creates enforceable rights for citizens to access, amend, erase and opt out from automatic decisions made about their lives.
The framework also extends beyond Bangladesh to apply to global technology companies, making it an uncommonly remarkable success story among developing countries. Moreover, the protections of the PDPO are consistent with protections provided by the General Data Protection Regulation (GDPR) in the European Union.
The new PDPO contains significant improvements over the 2025 version by imposing financial penalties (up to 5% of annual revenue) for companies who fail to comply with the PDPO instead of the prior version's prison sentences. This pragmatic approach may convince large technology companies to set up local branches in Bangladesh, which will contribute to the nation's economy. Streamlined data localization requirements that apply only to critical sectors (banking and healthcare) will also improve Bangladesh's attractiveness for foreign direct investments, while preserving national security.
Nonetheless, there are serious flaws that could undermine the BDPO's accomplishments. The National Data Management Authority (NDMA) is responsible for enforcing the protections of the PDPO; however, the NDMA is under the direct oversight of the Prime Minister's Office and is not an independent regulatory authority. The structural dependency of the NDMA on the Prime Minister's Office is inconsistent with regulatory models in the EU and Singapore, where regulatory authorities for personal data protection are independent of governmental authorities.
More concerning is Section 24, which permits broad exemptions for national security, public order, and crime prevention without explicit definitions or judicial oversight. Unlike India's framework, which mandates transparency and public disclosure of government exemptions, Bangladesh's ordinance contains no such safeguards—potentially enabling the very surveillance culture the ordinance was designed to prevent.
Business Honor is of the view that Bangladesh's Personal Data Protection Ordinance represents significant progress toward digital sovereignty despite structural regulatory weaknesses.
About the Author
Rohan Pius is an experienced news writer with extensive expertise across multiple sectors. He combines sharp analytical skills with thorough research to produce clear, insightful reporting on industry trends and their economic impact.
.webp)
