Electronic IDs and privacy

Last week the Government unveiled the Electronic ID cards, or eNICs, that will hold a plethora of information and potentially be used to track everything from financial information to where citizens live. The new technology demands much more debate before it is implemented.  

The Supreme Court earlier this month was petitioned against the Government’s new regulations to create an electronic database. The petition noted that a creation of such a database would allow the Commissioner General for the Registration of Persons “virtually unrestricted access to any information concerning any citizen recorded with any public authority.” 

The resistance to such a move however is understandable. Since the regulations envisage the centralisation of information concerning a citizen, separate databases can be linked together to obtain a full profile or biodata of any citizen and their families. 

Consequently, it would be possible through a searchable database to, for example, enter the assessment number of any property or building and discover the names of the owners and the names of any tenants.

As the petition points out, citizens’ data would be at the risk of being hacked, both for personal and political gain, while all of the data collected would be freely available to state officials. The lack of regulation to prevent the abuse of such vast amounts of data is deeply worrisome.

Putting aside major privacy issues – and the potential creation of a surveillance state – the capability, or lack thereof, of Sri Lanka’s present legislation to handle any number of other problems a shift towards a digital economy bring should alone realistically make this entire scheme a difficult one for a democracy.

New reports indicate that gaps still exist in current Sri Lankan laws that regulate consumer rights and data protection in mobile and online platforms. Legal experts have pointed out that the Consumer Affairs Act of Sri Lanka is inadequate as a dispute resolution mechanism in the current digital era, where transactions occur in online trading platforms.

Digital consumer rights protections must be introduced into the law to prevent and keep privacy-violating companies at bay. To compound matters, most consumers are unaware of their digital rights and cannot fight these issues individually. Though an inter-ministerial committee came to a determination to fast-track consumer protection, laws are way behind the new technology.

Sri Lanka also lacks an adequate and fair mechanism to protect online traders’ rights. These issues become important because about 30% of the local population is now connected to the internet today. Gaps in the Electronics Transaction Act 19 of 2006 in respect of cybercrime, security and data have also been publicly pointed out. These developments highlight the need for a comprehensive data protection regime based on an adequate institutional framework.

On the whole, the rights of traders, the needs of consumers in the e-market, greater entrepreneurship to expand e-commerce in Sri Lanka and the changing regulatory landscape for consumer protection in the digital area are all outstanding issues to be resolved. That is without even getting into the murky issue of privacy and unchecked State surveillance.

It is imperative that the Government brings through legislation that is up to allaying these concerns prior to implementation. If not, the public then may find themselves needing to adopt more proactive approaches in protecting their rights.