Sri Lanka Passes Data Protection Bill - Without A Vote

06 April 2022

Sri Lanka Passes Data Protection Bill - Without A Vote

The Sri Lankan Parliament has passed the Personal Data Protection Bill without a vote after multiple revisions. Legislators and others expressed worries over the proposed Data Protection Authority's influence on individuals' privacy and independence. At the same time, media organisations argued the measure might prohibit media from utilizing personal data while reporting, infringing on journalists' rights. Before implementing the changes, Justice Minister Ali Sabry stated that the law was essential, adding that "perfect legislation does not exist."

The Act in itself contains various provisions for the safeguard of the individual's data. It also specifies that a designated public corporation, statutory body or any other institution established by or under any written law and controlled by the government be set up and known as the “Data Protection Authority of Sri Lanka”. Currently, the data matters are being handled by the Ministry of Technology of Sri Lanka. It also talks the processing of the data and also lays down obligations
for the Controller.

"While this act does provide a number of rights for individuals or as they are referred to in the act as “data subjects” it does not have as comprehensive reach as it should, nor are the fines that stringent," says Govind Chaturvedi, a trademark, social media law, and data expert. "It allows for the right to erasure but the right to be forgotten is not mentioned. Hence, while the law is well enunciated in certain aspects, it lacks to provide the broad overview of protection that it should.  It will give the citizens of Sri Lanka to contest the right of privacy, but I see concerns of more complex problems in regard to substrata’s of data protection flaring up. "

He adds that as times change and data becomes more valuable the government will enact policies to safeguard it, but the citizens also need to do their own due diligence like they need to be aware of the data they are sharing with mobile applications, websites, social media websites, among others.
"Hence, they should control the settings on their phone, they can also regulate the information they share with these online platforms," he says. It is common practice, in fact, when we visit public places to ask for our data - email address, date of birth. Please know you can refuse to give this information and I would suggest limiting such sharing of information. The policies and the government decisions will take time to be structured and made effective in operation because of the time it takes to make decisions and also the big gap in legal understanding of the fast-emerging world of technology. Until then, the citizens need to be able to regulate and control their data."


Excel V. Dyquiangco


Law firms

Please wait while the page is loading...

loader