All DSA cases now dismissed as Advisory Council okays amendments to Cyber Security Ordinance

The Advisory Council has approved an amendment to the Cyber Security Ordinance 2025, which allows the dismissal of all cases filed under the Digital Security Act 2018.

As a result, all individuals convicted or accused under the previous law will be acquitted once the amendment is officially published in a gazette.

Faiz Ahmad Taiyeb, special assistant to the chief adviser on the Ministry of Posts, Telecommunications and Information Technology, confirmed the matter to the media following an Advisory Council meeting today (9 October).

Alongside the Cyber Security Ordinance, the Advisory Council also approved drafts of the Personal Data Protection Ordinance 2025 and the National Data Protection Ordinance 2025, which officials said would further strengthen the protection of citizens' personal information.

Photo: PID

Earlier, on 6 May, the Advisory Council approved the Cyber Security Ordinance 2025, which repeals nine sections of the previous law and adds new ones.

Personal Data Protection Ordinance

The Personal Data Protection Ordinance 2025 was formulated to ensure the confidentiality, integrity, and security of personal data, while safeguarding the potential of the digital economy. Once implemented, it will play a vital role in the collection, processing, storage or retention, use or reuse, transfer, disclosure, destruction of data, maintaining international standards, and ultimately in the development of the digital sector.

Explaining the details of the ordinance, Faiz Ahmad Taiyeb said that the proposed ordinance contains 57 sections. It recognises any individual's information as their property. The ordinance includes provisions requiring consent before using such information. 

For children or persons unable to give consent, parental or legal guardian approval is required. Provisions have been made for the conditional processing of sensitive personal data. It also allows individuals to withdraw their consent at any time after it has been granted. Information collected for a specific purpose with consent cannot be used for any other purpose.

The ordinance further states that exemptions from consent requirements may apply in cases of national security, defence, public order or public interest, prevention or investigation of crimes, prevention of tax evasion, public health, misuse of public funds, research or investigation, preparation of statistics, education, or artistic and literary works, where the processing of personal data is deemed necessary.

It also provides for administrative fines and compensation in cases of violation of the data subject's rights.

Under this ordinance, personal data has been classified into four categories: public or open personal data, internal personal data, confidential personal data, and restricted personal data.

National Data Protection Ordinance

The National Data Protection Ordinance 2025 aims to ensure technological progress in the country's data management and the protection of personal information. The draft ordinance, formulated by the Information and Communication Technology Division, proposes establishing a framework for the secure and lawful exchange and interoperability of data among government, non-government, domestic, and foreign institutions.

The draft law, which contains 68 sections, mentions the formation of a policy-making board to be chaired by the prime minister or chief adviser. In addition, a provision has been made for the establishment of an independent organisation named the "National Data Management Authority," which will oversee data preservation, transfer, and security.

The ordinance includes provisions for data analysis using Artificial Intelligence (AI), the establishment of a National Code Repository, the determination of Government Software Security Protocols, and the creation of the "Bangladesh National Data and Interoperability Architecture (BNDGIA)" and the "National Responsible Data Exchange (NRDEX)" platform for interoperability.

Furthermore, provisions have been made to ensure the rights of the data owner, the formation of a tribunal for the resolution of complaints, and administrative fines and compensation for violations of the law. Those associated with the information technology sector believe that the passage of this law will usher in a new era in data security and digital governance in Bangladesh.