The Scope of the Data Protection Regime in Sri Lanka; The Way Forward

Abstract

In the age of business where information is recognized as one of the most essential factors, the methods by which data is obtained and maintained can jeopardize the privacy of persons and may result in multiple violations of one’s rights. Thus, proactive measures imposed through legislation is a necessity as data protection is proven to be a concern that should not be treated as trivial. Sri Lanka has, within the past few decades, made individual attempts to ensure the safety of data in various fields including the banking sector, registration of persons and in relation to the usage of computer devices. However, it remains a question as to whether Sri Lanka has successfully afforded protection against modern-day perils. A comprehensive analysis of domestic legal provisions exemplified a clear collective attempt made by the local legislature to ensure protection for data at the domestic level. However, concerns in terms of the sufficiency of the existing legal provisions in the Sri Lankan legislative framework is notable when compared with different jurisdictions such as the United Kingdom which contains recent laws regarding the subject area of data protection. Even though Sri Lankan legislative framework consists of multiple laws in the discipline of data protection in varying capacities as an umbrella of protection, similar to the United States of America, improvements can be incorporated to guarantee optimum efficiency in protection for data. Hence, the conclusion that is made, considering the prevalent legal stance of Sri Lanka and the international standards, is to ensure the recognition of the Data Protection Bill of Sri Lanka to effectively address related challenges to a level satisfactory with accountability and diligence in line with the support of the existing legislative framework on data protection.