Govt eases data localisation rules

Jail terms scrapped, financial penalties remain

9 January 2026, 05:24 AM

UPDATED 9 January 2026, 05:24 AM

Staff Correspondent

The government has largely removed data localisation requirements for technology companies from the Personal Data Protection Ordinance and scrapped jail terms for violations by tech firms, including global giants such as Meta and Google.

The amendments were approved at a meeting of the advisory council in Dhaka yesterday.

For all latest news, follow The Daily Star's Google News channel.

Under the revised ordinance, only data related to government-designated Critical Information Infrastructure (CII), as defined in the Cyber Security Ordinance, will be required to be stored within Bangladesh.

The blanket requirement for technology companies to keep local copies of user data has also been eased.

Under the original ordinance, gazetted in November last year, technology companies were required to store at least one synchronised real-time copy of data inside Bangladesh.

Under the amendment, this requirement will now apply only to restricted personal data, for which at least one synchronised real-time copy of cloud-stored data must be kept within the country.

The amendment also revises the punishment provisions. Previously, violations of the ordinance -- including breaches of personal data or infringement of users’ rights -- could result in both imprisonment and financial penalties.

The revised ordinance removes the provision for imprisonment, leaving financial penalties as the sole form of punishment.

“Millions of people in Bangladesh use Facebook and Google, and companies such as Meta and Alphabet raised some concerns regarding certain provisions of the Personal Data Protection Ordinance. Two changes were made to address those concerns,” said Shafiqul Alam, press secretary to the chief adviser.

“With this amendment, we hope Bangladesh will now be able to attract more investment in data and cloud-related services,” he added.

Restricted personal data refers to any personal data that may impact national security, public order, defence, critical infrastructure, or an individual’s fundamental rights and freedoms, and is therefore subject to the strictest controls.

It may also include classified datasets, critical health- or security-related information, or any other personal data designated as “restricted” by the authority or the government.

Click to comment

That’s what she said about politicking

When could the US-Israel war on Iran end?

Let ’71 stand above everything else for us: Mahfuz Anam

Editor's Pick

Column by Mahfuz Anam / The challenges before the prime minister

Iran-US-Israel War / Endgames and lessons for Bangladesh

Family cards could reduce poverty to 11.3%

The unfinished promise to Bangladesh’s women

International Day of Action for Rivers / Bangladesh's rivers are dying, and so is its future

Govt eases data localisation rules

For all latest news, follow The Daily Star's Google News channel.

Comments

Related News

War on Iran: What you need to know today

US military identifies 6 soldiers killed in Iraq plane crash

Iran's ability to stop shipping through the Strait of Hormuz poses a difficult problem for the US and its allies

Israeli-occupied West Bank has experienced a surge in deadly settler violence

AI fakes about Iran-US war swirl on X despite policy crackdown