Navigating digital IDs

This week the long-touted digital identity cards were pushed further on the backburner, with Minister Harin Fernando citing the significant gap in laws governing digital rights and databases as reason for the increased delay.

While such setbacks are usually cause for derision, in this case there is certainly a case for credit to be given where it’s due, as implementing ‘Smart ID cards’ without the necessary regulation would have been at best incompetent and at worst downright disastrous.

By way of a refresher, a Smart ID is set to include a citizen’s photograph and biometrics data, while the eventual upgrade to an electronic ID is expected to comprise security features against tampering, counterfeiting and forgery, and will include a person’s photograph, bio data, fingerprints and blood group. 

While undoubtedly sound in theory, in practice several problems – as rightly cited by Minister Fernando – need to be addressed. While the main cause for concern has centred around privacy and the recording of biometrics data, more pressing is the capability or, lack thereof, of Sri Lanka’s present legislation to handle the array of new problems a shift towards a digital economy may bring.

While cash remains the most preferred payment mode in Sri Lanka and account for more than 90% of all retail payments, according to the Central Bank, Sri Lanka has some 1.5 million credit cards in use at present. However, reports indicate that gaps still exist in the current Sri Lankan laws that regulate consumer rights and data protection in mobile and online platforms. Legal experts have pointed out that the Consumer Affairs Act of Sri Lanka is inadequate as a dispute resolution mechanism in the current digital era, where transactions occur in online trading platforms.

Digital consumer rights protections need to be enacted into law to prevent and keep privacy violating companies at bay. To compound matters most consumers are unaware of their digital rights and cannot fight these issues individually. Though an inter-Ministerial Committee came to a determination to fast track consumer protection, laws are way behind the new technology.

Sri Lanka also lacks an adequate and fair mechanism to protect online traders’ rights. These issues become important because, about 30% of the local population is now connected to the internet today. Gaps in the Electronics Transaction Act No. 19 of 2006 in respect of cybercrime, security and data have also been publicly pointed out. These developments highlight the need for a comprehensive data protection regime based on an adequate institutional framework.

On the whole, the rights of traders, the needs of consumers in the e-market, greater entrepreneurship to expand e-commerce in Sri Lanka and the changing regulatory landscape for consumer protection in the digital area, are all outstanding issues to be resolved. 

While the goal of an electronic ID is a progressive ideal which will put Sri Lanka at the global forefront when it comes to census data and ICT in general, it is crucial that policymakers ensure the country’s legislation is up to the task of supporting such bold steps prior to implementation – something the Government, thankfully, seems to be taking seriously at this crucial juncture.