![Railways Minister Dismisses AG Report, Claims Rs115 Billion Revenue Achievement]](https://i2.wp.com/i.dawn.com/large/2026/06/300928354570186.webp?w=1024&resize=1024,1024&ssl=1 "Railways Minister Dismisses AG Report, Claims Rs115 Billion Revenue Achievement]")
• Government data is declared a strategic national asset held in trust for citizens
• Public bodies are designated as custodians, not owners, of government data
• Citizens are granted the right to know who accessed their personal data, when, and why
ISLAMABAD: The Ministry of Information Technology and Telecommunication has released the Draft Data Governance Policy 2026 for public consultation. The policy positions government data as a strategic national asset to be managed in trust for the people, emphasizing sovereignty, public value, citizen empowerment, and lawful use.
Published on the ministry’s website for comments until July 10, the draft specifies that while it forms the core national data governance framework, it does not encompass personal data held outside the public sector, primary legislation, judicial proceedings, or matters pertaining to national security, defence, parliament, or the judiciary.
In response to an inquiry, Minister for IT and Telecommunication Shaza Fatima highlighted that data protection and usage rules have become essential amid rapid digitisation.
She reiterated that the draft will remain open for feedback until July 10 and will be formally notified after incorporating relevant suggestions.
The policy declares that government data is not the property of the agency holding it; instead, public bodies act as custodians.
It grants citizens the right to identify which government officials accessed their personal data, the timeframe of access, and the purpose for which it was used.
“This right shall not be denied except on narrow grounds expressly provided by law, and reasons must be recorded,” the draft policy states.
Under the proposed framework, public bodies processing personal data will be required to adopt appropriate Privacy‑Enhancing Technologies, in line with the Data Security Standards Instrument and the Privacy by Design and Impact Assessment Instrument.
Citizens will also be able to obtain personal data held about them in a structured, commonly used, machine‑readable format, and to have such data transmitted directly between public bodies where technically feasible and legally permissible.
The Pakistan Digital Authority (PDA) will serve as the national authority responsible for issuing, overseeing, and implementing the policy and its supporting instruments under the Digital Nation Pakistan Act, 2025.
The policy further states that government data will remain under the lawful authority and effective control of Pakistan, while cross‑border transfers will be permitted only under specific governance mechanisms, justified circumstances, and adequate safeguards.
The proposed framework will apply to all federal ministries, divisions, departments, attached entities, subordinate offices, statutory corporations, regulators, authorities, commissions, autonomous bodies, and public‑sector companies under federal jurisdiction. It will also cover entities receiving public funds to manage government data, as well as contractors, processors, concessionaires, grantees, and partners performing public functions or processing government data on behalf of the federal government.
The draft encourages provincial governments to adopt the policy or develop equivalent frameworks.
It proposes that public‑sector data should be open by default and made available through the National Open Data Portal in machine‑readable formats with appropriate metadata, except where classification or statutory restrictions apply.
The policy also requires all processing of personal data by public bodies to be lawful, fair, and transparent, while respecting the constitutional right to privacy guaranteed under Article 14 of the Constitution.
Personal data may be processed only on lawful grounds recognized under applicable laws, including consent, contractual obligations, legal requirements, vital interests, or the performance of public functions.
The draft states that once a comprehensive Personal Data Protection law is enacted, the policy will be updated to align with the new statutory framework.
Sensitive personal data will be subject to enhanced safeguards, including stricter access controls, mandatory encryption, shorter retention periods, explicit lawful basis, and enhanced audit requirements.
Children’s data will receive additional protection through age‑appropriate notices, restrictions on profiling and behavioural advertising, and parental or guardian involvement where required.
Public bodies will also be required to notify the Pakistan Digital Authority without undue delay in the event of a personal data breach. Where a breach poses a high risk to the rights and freedoms of individuals, affected citizens must also be informed.
The policy permits cross‑border transfer of government data only through approved pathways based on data classification, sensitivity, intended use, and the legal jurisdiction of the recipient.
Published in Dawn, June 30th, 2026
Also Read
- Railways Minister Dismisses AG Report, Claims Rs115 Billion Revenue Achievement]
- Venezuela Launches Large‑Scale Rescue and Aid Operations Amid Ongoing Aftershocks
- Parliament Committee Highlights Concerns Over Unregulated Wastewater Discharge in Islamabad
- Norway’s Fans Ignite World Cup Stadiums With Signature ‘Viking Row’ Ritual
