Data and rights

Monday, 15 July 2019 00:51 -     - {{hitsCtrl.values.hits}}

Today, data is valued higher than oil. Data, containing the most intrinsic and important details, is regularly and routinely collected from citizens. So surely how it’s safeguarded, used, by whom and for what purpose are surely things the citizens must have a say on.  

With this in mind, it was reported over the weekend that a Digital Infrastructure Ministry committee has now released a draft framework for a Personal Data Protection Bill, a law it is hoping to push through by October this year. Among other things, it will give someone the right to know who holds his or her personal information, from supermarket loyalty programs to other private companies and Government bodies.

The purpose of personal data protection isn’t to just protect a person’s data, but to protect the fundamental rights and freedoms of persons that are related to that data. Whilst protecting personal data, it is possible to ensure that persons’ rights and freedoms aren’t being violated. For example, incorrect processing of personal data might bring about a situation where a person is overlooked for a job opportunity or, even worse, loses their current job.

Secondly, not complying with the personal data protection regulations can lead to even harsher situations, especially when the State can have access to that information as it wishes. This is particularly worrisome in countries with weak democratic institutions, and in the worst case scenario, can lead to political repression.  

Thirdly, data protection regulations are necessary for ensuring fair and consumer-friendly commerce and provision of services. Personal data protection regulations cause a situation where, for example, personal data can’t be sold freely, which means that people have a greater control over who makes them offers and what kind of offers they make.

Under the proposed law, a citizen will also be able to withdraw consent to have his or her data processed; demand that inaccurate personal data is rectified; and hold a right to erasure of data on prescribed grounds. Sri Lanka has digitised National Identity Cards, birth and death registrations as well as a host of other services. Additionally, banks, hospitals, insurance companies and multiple entities, like educational institutions and associations, collect personal data.

Protecting this data so it cannot be misused is especially important in Sri Lanka as the Government, after the Easter Sunday attacks, has proposed the establishment of a national database that aims to amalgamate data held by different State entities.

Prime Minister Ranil Wickremesinghe had already described the plan to implement the Centralised and Integrated Population Information System (CIPIS) in Parliament in May. Addressing the House, he had argued on the need for a sophisticated system to track citizens, insisting that it would be an effective tool to counter terrorism and money laundering, as well as transnational and financial crimes.

There is no question that people want to feel safe, but the security forces and intelligence agencies in Sri Lanka need support to conduct wide-ranging, systematic, and sustained intelligence gathering. Their efforts also need to be supported by efficient and effective laws, so that only the people who deserve to be penalised are caught. These efforts deserve public funds and backing, and supporting the process by pushing forward progressive laws will be hailed by all law-abiding citizens.

COMMENTS