The Government of Pakistan has introduced a transformative framework that fundamentally changes how citizens interact with government data. The National Data Governance Policy declares government-held data a strategic national asset while granting citizens expanded personal data access rights. These new rights will allow citizens to see their personal data held by the government, including who accessed it and why.
The Ministry of Information Technology and Telecommunication issued the policy, which creates a nationwide framework for how government data is collected, shared, protected, stored, and disposed of. Therefore, all federal ministries, departments, statutory bodies, and public-sector organizations must comply. Additionally, contractors and partners that handle government data fall under these requirements.
Citizens Get New Rights
The policy introduces one of the biggest changes through a comprehensive set of new personal data access rights for citizens. Citizens will now have the right to know what personal information the government holds about them. Additionally, they can request details about who accessed their data, when access occurred, and the reason for the access.
People will also be able to request corrections to inaccurate or incomplete records. Moreover, they can ask the government to delete their personal data in specified circumstances. Furthermore, citizens can obtain their information in structured, machine-readable formats. The policy also requires government agencies to provide accessible complaint and redress mechanisms for citizens. So multiple pathways exist for citizens to exercise their personal data access rights.
Government Data to Be Held in Trust
Under the new policy, individual departments will no longer own government data. Instead, public institutions will act as custodians of data held in trust for citizens. Therefore, the relationship between government and data fundamentally shifts. Government agencies will have responsibility for ensuring data accuracy, security, lawful use, and controlled sharing across the public sector.
The policy also introduces a “once-only” principle to reduce bureaucracy significantly. This means citizens should not repeatedly provide the same information to different government departments. If authorized government systems already contain information, citizens should not need to resubmit it. So this principle streamlines citizen interactions with multiple agencies.
Stricter Privacy Rules
The new framework imposes strict conditions on how agencies process personal information. Officials must obtain consent that is specific, informed, and capable of withdrawal. The policy also introduces stronger protections for sensitive personal information and children’s data. Government agencies must build privacy protections into digital systems and services from the start. Therefore, privacy considerations inform design rather than being added later.
PDA to Oversee Implementation
The Pakistan Digital Authority will oversee the implementation of the policy. It will establish a National Data Governance Council and monitor compliance across federal government institutions. Officials intend the policy to strengthen digital governance. Additionally, it aims to improve public service delivery and protect citizens’ privacy. Finally, the framework should build public trust as Pakistan continues its digital transformation journey.












