MDIIT, EU and ITC jointly hold PPD on Proposed Data Protection Bill today
The Ministry of Digital Infrastructure and Information Technology (MDIIT) in partnership with the International Trade Centre (ITC) will be holding a National Public-private Dialogue (PPD) on the ‘Legal Framework for the Proposed Data Protection Bill’ today.
The event will be held within the framework of the EU-SRI Lanka Trade-related Assistance Project, funded by the European Union (EU) of which ITC is the lead implementing agency.
The primary objective of the PPD is to provide an overview of the proposed Data Protection Bill and seek comments and suggestions from diverse stakeholder from the government and private sector sectors to make improvements to the bill.
Speaking about the event Frank Hess, Head of Cooperation of the European Union said, “In 2016 the global market in ecommerce was worth € 12 trillion. One out of five enterprises in the EU-28 made electronic sales. The percentage of turnover on e-sales amounted to 18 percent of the total turnover of enterprises with 10 or more persons employed. And this is growing. Sri Lanka has high internet penetration. It is essential to ensure adequate consumer data protection by putting in place a conducive regulatory framework. The right steps must be taken to encourage innovation and benefit from the opportunities opened through digital commerce and technology.”
In view of the digital transformation taking place in Sri Lanka with government agencies, banks, Internet Service Providers and other private sector organisations collecting personal data via the internet, the subject of data protection has become an important public policy consideration. Taking these into account the Ministry of Digital Infrastructure & Information Technology took the lead initiative to formulate data protection legislations. Thus, a committee led by the chairperson of the Sri Lanka Computer Emergency Readiness Team (CERT) and the legal adviser for the Information & Communications Technology Agency (ICTA) was appointed to spearhead this initiative and draft legislations. Representatives in this committee included legal experts from the Central Bank of Sri Lanka and other private sector specialists.
In the process of formulating draft legislation, the committee examined international best practices, such as the OECD Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, the EU General Data Protection Regulations as well as laws enacted in other jurisdictions, such as in Australia, Mauritius, Singapore and the Indian draft legislation.
The draft bill seeks to provide a regulatory framework for data protection in Sri Lanka and among other vital interventions, the bill will seek to establish provisions for data processing, data retention, and cross border flow of data. With many countries acknowledging the importance of data protection and introducing data protection legislations, the proposed data protection bill for Sri Lanka comes at a good time. It is important for private sector stakeholders and consumer organizations to discuss and deliberate upon a policy framework that would best position the country to benefit from rapid digitization of the domestic and global economy.
The event will see the participation of representatives from various government departments and agencies as well as the private sector. The PPD looks to enhance effective cross-sectoral dialogue to develop an inclusive bill taking into consideration the pragmatic business and societal interests of all concerned stakeholders.