Sri Lanka is on the verge of introducing a bill on Personal Data Protection which aims to regulate the processing of personal data, while identifying and strengthening the rights of data subjects in relation to the protection of personal data. Transparency International Sri Lanka (TISL) has taken steps to create a legislative brief on the proposed Personal Data Protection bill of 2021 and has highlighted a number of recommendations that law makers should take into consideration when enacting this bill into law.
The creation of a legal framework on personal data protection can be viewed as an important juncture in safeguarding human rights, specially at a time when information has become both a tool to be used by the people and against them. TISL takes this opportunity to thank all the stakeholders who were involved in the drafting of the Personal Data Protection bill of 2021. The legislative brief highlights TISL’s five key recommendations for the bill to become an effective law. The recommendations are as follows.
1. Include a specific exception to ensure that the Right to Information Act is not overridden in case of an inconsistency.
2. Establish an independent Data Protection Authority.
3. Harmonize the understanding of ‘personal data’ between the Personal Data Protection Bill and the Right to Information Act. Such amendment would ensure that when a request is made to obtain information under the Right to Information Act, the possibility that the request clashes with the Personal Data protection bill is minimised.
4. Remove ‘Financial Data’ and ‘Personal Data Relating to Offences, Criminal Proceedings and Convictions’ from the list of special categories of personal data. This will ensure that people's right to access information pertaining to corruption and malpractices is not infringed.
5. Recognize ‘Journalistic purpose’ as a legitimate condition to process data.
The main purpose of these recommendations was to prevent the possibility that this particular bill could in effect infringe on the Right to Information of the citizens of this country.
TISL’s Executive Director Nadishani Perera commenting on the importance of the proposed recommendations stated that, “If the law relating to Personal Data Protection infringes on the law relating to the Right to Information, there is a possibility that the public could lose faith in both of these laws. This could also lead to confusion between the agencies tasked with upholding these laws. Therefore, it is of paramount importance that steps are taken to amend the proposed legislation in order to ensure that both pieces of legislation are able to accomplish their expected goals”
It must also be highlighted that the establishment of an independent Data Protection Authority is vital to ensuring that the new legislation would not be abused by individuals or groups who aim to use the legislation to the detriment of the public.
Copies of the legislative brief created by TISL have been sent to Legal Draftsman Mrs. Dilrukshi Samaraweera as well as Mr. Jayantha Fernando who heads the committee that drafted the bill on Personal Data Protection.
The drafting of the Personal Data Protection bill commenced in 2018. By December 2019 the bill was submitted for cabinet approval and subsequently cabinet approval was granted in January 2020.The original Draft Bill was also reviewed by the Attorney General and the drafting committee was able to incorporate all reccomendations made by the Attorney General by October 2020.
The right to information as well as the right to ensure the security of personal data are both vital in a democratic framework. In such a backdrop TISL calls on the lawmakers of Sri Lanka to ensure that enacted legislation do not infringe upon any one of these rights.