National public-private dialogue on proposed Data Protection Bill today

• Collaborative event by Ministry of Digital Infrastructure, the European Union and ITC

The Ministry of Digital Infrastructure and Information Technology (MDIIT) in partnership with the International Trade Centre (ITC) are co-organising a National Public-Private Dialogue (PPD) on the ‘Legal Framework for the Proposed Data Protection Bill’, on 27 June. 

The event will be held within the framework of the EU-Sri Lanka Trade-Related Assistance Project, funded by the European Union (EU) of which ITC is the lead implementing agency. 

The primary objective of the PPD is to provide an overview of the proposed Data Protection Bill and seek comments and suggestions from diverse stakeholders from the government and private sectors to make improvements to the bill.

Speaking at the event, European Union Head of Cooperation Frank Hess said: “In 2016, the global market in ecommerce was worth EUR 12 trillion. One out of five enterprises in the EU-28 made electronic sales. The percentage of turnover on e-sales amounted to 18% of the total turnover of enterprises with 10 or more persons employed, and this is growing. Sri Lanka has high internet penetration. It is essential to ensure adequate consumer data protection by putting in place a conducive regulatory framework. The right steps must be taken to encourage innovation and benefit from the opportunities opened through digital commerce and technology.”In view of the digital transformation taking place in Sri Lanka with government agencies, banks, internet service providers, and other private sector organisations collecting personal data via the internet, the subject of data protection has become an important public policy consideration. Taking these into account, the Ministry of Digital Infrastructure and Information Technology took the lead initiative to formulate data protection legislations. Thus, a committee led by the chairperson of the Sri Lanka Computer Emergency Readiness Team (CERT) and the legal adviser for the Information and Communications Technology Agency (ICTA) was appointed to spearhead this initiative and draft legislations. Representatives in this committee included legal experts from the Central Bank and other private sector specialists. 

In the process of formulating draft legislation, the committee examined international best practices, such as the OECD Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, the EU General Data Protection Regulations as well as laws enacted in other jurisdictions, such as in Australia, Mauritius, Singapore, and the Indian draft legislation.The draft bill seeks to provide a regulatory framework for data protection in Sri Lanka, and among other vital interventions, the bill will seek to establish provisions for data processing, data retention, and cross border flow of data. With many countries acknowledging the importance of data protection and introducing data protection legislations, the proposed Data Protection Bill for Sri Lanka comes at a good time. It is important for private sector stakeholders and consumer organisations to discuss and deliberate upon a policy framework that would best position the country to benefit from rapid digitisation of the domestic and global economy.

The event will see the participation of representatives from various government departments and agencies as well as the private sector. The PPD looks to enhance effective cross-sectoral dialogue to develop an inclusive bill, taking into consideration the pragmatic business and societal interests of all concerned stakeholders.