Holistic Approach in Introducing Proper Legal Framework to Regulate Data Protection and Privacy in Sri Lanka

Abstract

Data protection and privacy law have never been important as they are today. Data protection and privacy ensure that data is safeguarded from unlawful access by unauthorised third parties and misappropriation of the same. A successful data protection strategy will be helpful to prevent data loss, theft, or corruption of data. It is evident that information and communication technology is developing daily and privacy issues or the threats against personal data of the persons also equally increasing. Responsibility of a government to provide effective privacy and data protection laws/policies cannot be disregarded at any point. Until very recent Sri Lanka did not have a separate  legislation to deal with data protection and privacy and it was identified as a major lacuna in our law. At present, in addition to the Personal Data Protection Act No. 09 of 2022  there are several other legislations that may be applied to regulate certain aspects of data protection and privacy. In this research, researcher is aiming to assess whether existing legal framework on data protection and privacy in Sri Lanka is adequate and effective. This will be done by comparing the Sri Lankan legal framework with UK and Singapore, countries that are known as pioneers of data protection and privacy. Ultimate goal of the researcher is to contribute towards assurance of data protection and privacy right of the individuals in Sri Lanka. Keywords: Data protection, Privacy, Information Communications Technology, Personal data