Sri Lanka’s draft data protection and privacy laws should not hamper markets, innovation: IPS

Mobile broadband usage has been rising rapidly in Sri Lanka, giving rise to concerns over leakage of personal data. Source: Telecommunications Regulatory Commission of Sri Lanka

ECONOMYNEXT- Sri Lanka’s draft privacy and data protection law should not place unnecessary burdens on businesses and stifle innovation, competition and trade, Colombo-based think tank Institute of Policy Studies said.

Research Assistant Nuwanthi Senaratne, writing in the IPS flagship publication State of the Economy, said that the two public interests of privacy and efficient markets have to be balance in the draft law.

“Although data protection and privacy are vital in an increasingly digitizing and information society, there are some concerns around it, and debates on how best to structure it,” Senaratne said.

“One key concern is that it (the law) may unduly restrict business activities by increasing the administrative burden on businesses in order to comply with multiple stringent data regulation policies,” she said.

She said new regulations are costly and an additional burden to businesses.

“This is a concern, especially in relation to small and medium enterprise businesses, and may even act as a barrier to trade and restrict innovation.”

Senaratne said stringent data regulation could reduce market competition and create monopolies.

Aggregate data, after removing personal details which could identify residents, is useful for businesses to make decisions for product development and marketing, using big data analytics and machine learning.

Senaratne said businesses should be provided assistance to overcome barriers of adopting the new laws.

She said increased digitization of the economy and the use of smartphones is generating large amounts of data from the 6.2 million internet users in Sri Lanka, requiring laws to protect personal data.

Consumers in Sri Lanka are bombarded with dozens of spam messages daily from businesses and the government as consumer data is shared, activists say.

Total mobile phone penetration in Sri Lanka was 150 percent in 2018, rising from 132 percent, according to the central bank.

Telcos will be launching 5G networks in Sri Lanka in 2020, making data speeds faster, while e- commerce revenue is expected to reach 400 million US dollars by 2020 as well.

Senaratne said violations of data privacy risk undermining consumer confidence in digital services.

She said the existing Electronic Transaction Act of 2017 and the Computer Crimes Act of 2007 facilitates e- commerce but do not for sufficient privacy and data protection.

Sri Lanka currently has no specific laws for privacy and data protection, although there are certain legislation for electronic transactions, consumer protection and cybercrime, she said.

A United Nations Conference on Trade and Development study in 2019 said that out of 107 countries Sri Lanka is among 21 percent of countries that have no legislation around privacy and data protection.

Another risk to privacy is the use of Virtual Private Networks (VPNs), especially when the country is in states of emergency with bans on social media.

Senaratne said free VPNs sell users’ internet activity data, including messages and contact information with advertising agencies.

Data may also be vulnerable due to rising digitization of government services, she said. Sensitive information is submitted through online visa forms and customs documentation, Senaratne said.

“The need for cyber security and data protection becomes increasingly urgent with the onset of e-government services in Sri Lanka.”

“The risk of fraud and identity theft increase along with a heightened risk for cyberattacks.”

She also said with rising surveillance due to national security concerns, fears are rising over leakage of personal data, and the needs of public safety and data laws must balance. (Colombo/Nov06/2019)