CSSL calls for ‘specialised expert outfit’ to run personal data protection authority

In recent industry consultation held for the draft Personal Data Protection Bill, CSSL called for an institutional arrangement with professionals and industry experts to run the regulatory body for the personal data protection laws in Sri Lanka. 

It also called upon the Government to ensure at least a proportion of the fines imposed under the new Bill is used to ensure regulatory effectiveness of the proposed authority, in line with similar bodies that exist in the country at present. 

Computer Society of Sri Lanka (CSSL), the apex IT professional body facilitated industry-wide deliberations on the Draft Data Protection Bill at an industry consultation held at Taj Samudra Hotel recently. 

Wide representation of ICT and other professionals representing diverse industry sectors participated in the deliberations. The Data Protection Legislation is a long-felt need of the country and Computer Society of Sri Lanka has been advocating for data protection regulation for considerable time. 

Minister of Digital Infrastructure and Information Technology Ajith P. Perera has provided the leadership in formulating all important piece of legislation. 

The Ministry of Digital Infrastructure and Information Technology took necessary measures and appointed a Personal Data Protection Bill Drafting committee, chaired by Acting Chairman, Sri Lanka CERT and Director/Legal Adviser of ICTA Jayantha Fernando to draft the data protection framework. The Drafting Committee, includes both Government and private sector specialists.

Fernando along with some of the members of the committee, Kanchana Ambagahawita, Sanduni Wickramasinghe, and Sunali Jayasuriya, addressed the recent workshop.

President of Computer Society Prabath Wickramaratne commented, “The data revolution is inevitable as world is embracing more and more digital technologies. Our use of technology have resulted in digital footprints. The world creates a massive amount of data when we use social media including our sensitive information such as our emotions. We also produce data as a by-product of our all online activities. 

“This widespread use of technology has resulted in individuals becoming information to producers from information consumers. Internet of Things which is expected billions of devices to internet also is expected to produce massive amounts of data. Hence it is vital that policy makers and governments pay attention to regulation and safeguarding the privacy of ever-increasing citizens’ data which will be in position of governments and private sector. CSSL commends the Government of Sri Lanka taking appropriate measures to introduce Data Protection Regulation in the country.” 

More advanced nations have already taken measures to introduce legislative measures, such as Data Protection Regulations and General Data Protection Regulation (GDPR) being the more prominent regulation introduced in May 2018. 

Hence Sri Lankan companies which process data of EU citizens and promote investments in Europe are affected by GDPR. Many other countries such as UK, Canada, Hong Kong, Australia, New Zealand, and Singapore have introduced far-sighted data protection regimes several years ago.

Sri Lanka’s Data Protection regulation which governs collection, use and disclosure of individuals’ data is based on fundamentals of Constitutional guarantee right of access to information together with the exemption of right to privacy, improve consumer confidence and ensure the growth of a digital democracy, applying best international standards governing data protection, strengthening information security, ensuring the consumer trust and confidence in the privacy and security of online transactions, improving interoperability among privacy frameworks, strengthening cross-border co-operation among enforcement authorities, providing clear guidance and direction to government and businesses entities located or operational in Sri Lanka on generic data protection and the manner in which legitimate business practice and Government functions are to be conducted. This framework has been subjected to thorough public and industry consultation before the Draft is finalised by the Legal Draftsman’s Department.

The Computer Society of Sri Lanka is an apex association which represents all ICT professionals in the country. The CSSL was established in 1976 in Sri Lanka for the purpose of promoting Information and Communication Technology and professionalism among those engaged in the field of Information and Communication Technology (ICT), and of maintaining the highest professional standards among the Information and Communication Technology fraternity.