|SLASSCOM Chairperson Sandra de Zoysa|
|FITIS Chairman Prasad Samarasinghe|
|CSSL President Damith Hettihewa
SLASSCOM, Sri Lanka’s national chamber for the IT-BPM industry, FITIS, Federation of Information Technology Industry Sri Lanka and CSSL, the Computer Society of Sri Lanka, yesterday congratulated the Government’s
recent move to pass the new Personal Data Protection bill, as part of the country’s efforts to move towards a modern digital state and economy, and was appreciative of the role played by the Ministry of Technology and ICTA. The Bill is the first of its kind to be passed in the South Asian region.
The new Bill defines measures to protect the personal data of individuals held by government entities, banks, telecom operators, hospitals and other public and private personal data aggregating and processing entities. The Bill mandates controllers to process data lawfully, to a specified, explicit and legitimate purpose, and to ensure accurate, adequate and relevant processing that is backed by confidentiality and integrity of the personal data, limit retention of the data until the purpose is fulfilled and comply with the detailed transparency and accountability obligations.
Additionally, “data subjects” are guaranteed a host of rights by this bill as a means of harmonizing the interests of data subjects against the interests of the controllers.
These rights can be exercised directly by the individuals with the controller and includes the individual right of appeal against the decision of the controller to the data protection authority.
This legislation became one of the first such laws in South Asia. The timely bill has been a long time in the making and underwent seven rounds of stakeholder consultations and had over thirty written submissions. In drafting this Bill, the drafting committee had considered international best practices, such as the OECD Privacy Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, EU General Data Protection Regulation and laws enacted in other jurisdictions such as United Kingdom, Singapore, Australia and Mauritius, the State of California as well as the Indian data protection bill and other international best practices.
Sri Lanka also recently signed the joint declaration on privacy and data protection, along with the EU, Australia, Comoros, India, Japan, Mauritius, New Zealand, South Korea and Singapore in Paris this year at the Ministerial Forum for Cooperation in the Indo-Pacific. The event brought together ministers from 27 EU countries and 30 from the Indo-Pacific region.
This aligns with SLASSCOM’s vision of achieving the goal of $ 5 billion in annual revenue, employing over 200,000 highly skilled professionals, and launching over 1,000 start-ups by 2025 as the Bill showcases Sri Lanka’s strong commitment to fostering the free flow of data with trust, while ensuring the right to privacy and protection of personal data.
This move also aligns with one of the FITIS mandates which is to lead and drive digital transformation in Sri Lanka moving towards a digital economy and encouraging private sector, public sector, and citizens towards digitization with the aim of helping Sri Lanka achieve 18% of its GDP through the Digital Economy by 2025, from the current level of 4.37% of its GDP.
SLASSCOM Chairperson Sandra de Zoysa said: “In a world where digitalization is growing rapidly, and countless people increasingly using online facilities every day, it is becoming more arduous to navigate and interact with the online world, from the collection and dissemination of individual’s personal data to the increasing lack of privacy. As such, this Bill aims to safeguard the rights of individuals and ensure consumer trust in information privacy in online transactions and information networks resulting from growth and innovation in the digital economy. This also stems from the fact that Sri Lanka treats the data generated by its citizens as a national asset.”
She also added: “With data being borderless and accessible, a country often faces the challenge of governing and regulating data and hence, a balanced and internationally aligned regulation is crucial and inevitable. Digital sovereignty is the right of any country to govern its network to serve its national interests, the most important of which are security, privacy, and commerce. Such regulation becomes important to ensure an orderly digital ecosystem which shall lead to a win-win situation for citizens, nations, and multinational corporations. Good data protection legislation, therefore, makes good economic sense.”
FITIS Chairman Prasad Samarasinghe said: “FITIS believes that the Personal Data Protection Bill is a positive step and serves as a catalyst to attract investment in BPO and other data processing industries. FITIS would like to request all stakeholders, ICTA and Ministry of Technology to work together to ensure proper implementation of this new legislation in collaboration with industry and professional bodies. For this bill to be fully operational, the Data Protection Authority should be established as soon as possible and professionals who have reached eminence in the fields, as prescribed in the law should be appointed to the Board. Strategic capacity building initiatives are required to be launched with support from the private sector and there is a need to establish certification programs for privacy professionals. FITIS would join hands with other industry bodies to support these endeavours. FITIS is also confident that this bill would be continuously reviewed, and regular public feedback will also be sought to further refine it.”
CSSL President Damith Hettihewa said: “to stimulate the digital economy, timely policy initiatives backed by necessary legislation are critical. It is vital for progressive nations to identify necessary policy interventions in advance to reap the benefits of technological advancement as well as to be ahead in this fiercely competitive business environment. Policy making and legal enactments take time and CSSL, as the apex ICT professional body which facilitated ICTA’s public consultations on Data Protection Act way back in 2019, welcomes the passing of the Personal Data Protection Bill in March 2022. CSSL will fully support its implementation in a speedy manner to reap the benefits of this important piece of legislation for the country”.
SLASSCOM drives the Imagination Economy: Sri Lanka’s ‘industry of the future’ and is uniquely positioned to help lead the industry as a key contributor to the nation’s prosperity, sustainability, and equitable future. FITIS Contributes towards making Sri Lanka the most preferred IT/BPO destination in Asia, leading a digital society that continuously delivers prosperity and competitiveness in the global market and CSSL to add value for ICT professionals by facilitating diverse initiatives for the development of their professional career and personal growth.