TISL moots 5 recommendations on Data Protection Bill

Transparency International Sri Lanka (TISL) has made five recommendations for the Data Protection Bill to become an effective law.

It said Sri Lanka is on the verge of introducing a bill on Personal Data Protection that aims to regulate the processing of personal data while identifying and strengthening the rights of data subjects in relation to the 

protection of personal data.

TISL has taken steps to create a legislative brief on the proposed Personal Data Protection Bill of 2021 and has highlighted a number of recommendations that lawmakers should take into consideration when enacting this bill 

into law.

The creation of a legal framework on personal data protection can be viewed as an important juncture in safeguarding human rights, especially at a time when information has become both a tool to be used by the people and against them. TISL thanked all the stakeholders who were involved in the drafting of the Personal Data Protection bill of 2021. 

The legislative brief highlights TISL’s five key recommendations for the bill to become an effective law. The recommendations are as follows.

1. Include a specific exception to ensure that the Right to Information Act is not overridden in case of an inconsistency

2. Establish an independent Data Protection Authority

3. Harmonise the understanding of ‘personal data’ between the Personal Data Protection Bill and the Right to Information Act. Such amendment would ensure that when a request is made to obtain information under the Right to Information Act, the possibility that the request clashes with the Personal Data protection bill is minimised

4. Remove ‘Financial Data’ and ‘Personal Data Relating to Offences, Criminal Proceedings and Convictions’ from the list of special categories of personal data. This will ensure that people’s right to access information pertaining to corruption and malpractices is not infringed

5. Recognise ‘Journalistic Purpose’ as a legitimate condition to process data

TISL said the main purpose of these recommendations was to prevent the possibility that this particular bill could in effect infringe on the Right to Information of the citizens of this country.

TISL Executive Director Nadishani Perera, commenting on the importance of the proposed recommendations, stated: “If the law relating to Personal Data Protection infringes on the law relating to the Right to Information, there is a possibility that the public could lose faith in both of these laws. This could also lead to confusion between the agencies tasked with upholding these laws. Therefore, it is of paramount importance that steps are taken to amend the proposed legislation in order to ensure that both pieces of legislation are able to accomplish their expected goals.”

It must also be highlighted that the establishment of an independent Data Protection Authority is vital to ensuring that the new legislation would not be abused by individuals or groups who aim to use the legislation to the detriment of the public.

Copies of the legislative brief created by TISL have been sent to Legal Draftsman Dilrukshi Samaraweera as well as Jayantha Fernando, who heads the committee that drafted the bill on Personal Data Protection.

The drafting of the Personal Data Protection bill commenced in 2018. By December 2019 the bill was submitted for Cabinet approval and subsequently Cabinet approval was granted in January 2020.The original Draft Bill was also reviewed by the Attorney General and the drafting committee was able to incorporate all recommendations made by the Attorney General by October 2020.

The Right to Information as well as the right to ensure the security of personal data are both vital in a democratic framework. In such a backdrop, TISL calls on the lawmakers of Sri Lanka to ensure that enacted legislation do not infringe upon any one of these rights.