Watching the watchers

Tuesday, 17 October 2017 00:00 -     - {{hitsCtrl.values.hits}}

The Supreme Court earlier this month was petitioned against the Government’s new regulations to create an electronic database. The petition noted that a creation of such a database would allow the Commissioner General for the Registration of Persons “virtually unrestricted access to any information concerning any citizen recorded with any public authority”. Naturally, this brings up a plethora of privacy concerns. 

Electronic ID cards, or eNICs, are expected to start being rolled out sometime next year with Minister of Telecommunication and Infrastructure Harin Fernando previously stating that among its benefits will be a shift towards digital wallets and online social welfare mechanisms.

The resistance to such a move however is understandable. Since the regulations envisage the centralisation of information concerning a citizen, separate databases can be linked together to obtain a full profile or bio-data of any citizen and their families. Consequently, it would be possible through a searchable database to, for example, enter the assessment number of any property or building and discover the names of the owners and the names of any tenants.

As the petition points out, citizens’ data would be at the risk of being hacked, both for personal and political gain, while all of the data collected would be free available to state officials. The lack of regulation to prevent the abuse of such vast amounts of data is deeply worrisome.

Putting aside major privacy issues – and the potential creation of a surveillance state – aside for the moment, the capability, or lack thereof, of Sri Lanka’s present legislation to handle any number of other problems a shift towards a digital economy bring should, alone, realistically make this entire scheme a non-starter.

New reports indicate that gaps still exist in the current Sri Lankan laws that regulate consumer rights and data protection in mobile and online platforms. Legal experts have pointed out that the Consumer Affairs Act of Sri Lanka is inadequate as a dispute resolution mechanism in the current digital era, where transactions occur in online trading platforms.

Digital consumer rights protections must be enacted into law to prevent and keep privacy violating companies at bay. To compound matters, most consumers are unaware of their digital rights and cannot fight these issues individually. Though an inter-ministerial committee came to a determination to fast-track consumer protection, laws are way behind the new technology.

Sri Lanka also lacks an adequate and fair mechanism to protect online traders’ rights. These issues become important because about 30% of the local population is now connected to the internet today. Gaps in the Electronics Transaction Act 19 of 2006 in respect of cybercrime, security and data have also been publicly pointed out. These developments highlight the need for a comprehensive data protection regime based on an adequate institutional framework.

On the whole, the rights of traders, the needs of consumers in the e-market, greater entrepreneurship to expand e-commerce in Sri Lanka and the changing regulatory landscape for consumer protection in the digital area, are all outstanding issues to be resolved. That is without even getting into the murky issue of privacy and unchecked State surveillance.

It is imperative that the Government bring through legislation that is up allaying these concerns prior to implementation. If not, the public then may find themselves needing to adopt more proactive approaches in protecting their rights.

COMMENTS