brand logo

Data Protection Bill to Cabinet this month

13 Sep 2020

By Madhusha Thavapalakumar The much-awaited Data Protection Bill is expected to reach the Cabinet of Ministers by the end of this month following a final round of drafting necessitated by members of the Ceylon Chamber of Commerce (CCC). Data Protection Drafting Committee Chair Jayantha Fernando told The Sunday Morning Business that the draft Bill that would be submitted to the Cabinet is a revised version of the initial Data Protection Bill draft which was made available to the public for viewing last year. Fernando stated that the revisions were made to the initial draft following a meeting between the members of the CCC and the Drafting Committee that took place before the seven week-long countrywide lockdown. “Some of the companies of the CCC that were reviewing the Bill raised some concerns. As a result, we asked the CCC to do a set of FAQs (Frequently Asked Questions) so that we can make the necessary changes and provide clarity to them. That is what we were doing prior to the general election,” Fernando noted. Upon receiving approval from the Cabinet of Ministers, the Bill would be sent to Parliament. According to Fernando, it is still unclear where this Bill would fall in the new Parliament’s list of priorities. However, he added that the Drafting Committee was told that the Bill is set to be given a lot of recognition and importance by the present Government. The legislation will be implemented in stages and the entire Bill will come into operation within a period of three years from the date the Speaker of Parliament certifies the Bill and the time period would provide adequate time for the Government and private sector to prepare for the implementation of the legislation. The initial final draft of the Data Protection Bill that was released in September 2018 provides a new set of rights to citizens under the title “Rights of Data Subjects” while imposing obligations on those who collect personal data. The Bill allows personal data to be collected only for specified purposes. However, a media release issued by the Ministry highlighted that processing of data in public interest and scientific or historical research would be allowed. Under the Bill, individuals would have the right to withdraw his or her consent given to controllers and the right to rectify the data without undue delay. In addition to this, the “Data Subjects”, as the people are referred to, have been given the right to object to the processing of their data. These rights of Data Subjects can be exercised directly by the individuals with the controllers, who are required to respond within a defined time period and are obliged to give reasons for refusing to meet the request or reasons as to why the controllers would refrain from further processing said data. The individual has a right to appeal against the decision of the controllers to the Data Protection Authority. The drafting of the legislation was initiated by then Minister of Digital Infrastructure and Information Technology Ajith P. Perera on 5 February 2019. In June last year, the Ministry put out the framework of the Bill for stakeholder comments and following that, substantial modifications were made to the said framework, based on consultations held with key stakeholders. Sri Lanka is in dire need of data protection and information security laws as they are crucial in attracting foreign direct investment (FDI). Economists have noted that stakeholders complain that foreign investors are deterred by the lack of such a legal setup in Sri Lanka. The first steps towards a Data Protection Act were made following a request made by the Central Bank of Sri Lanka (CBSL) in 2018 as well as Sri Lanka’s drive towards becoming a digital economy, resulting in an increase in personal data collection by the private sector. The Ministry took steps to formulate data protection legislation during a stakeholder meeting held at the CBSL in September 2018.


More News..