16.4 C
Monday, July 22, 2024

Sri Lanka’s proposed data protection bill:Data protection or data secrecy?

Image courtesy of youthforeurope.eu.
(Editorial.Sunday Times) In an era of information disclosure that Sri Lanka has pledged to be part of after passing a world class Right to Information (RTI) Act in 2016, it is puzzling why a Bill on Data Protection presented to Parliament recently by the Prime Minister must revert to ancient terminology by including a clause on Official Secrecy.

Officers appointed to a ‘Government controlled’ Data Protection Authority are required to guarantee ‘strict secrecy’ in respect of information in discharging their duties, the only exceptions being when a court of law orders otherwise, or when called upon to do so under the Act or ‘any other written law’. We are reminded of the excuse often given by state officers when refusing to release information quoting the colonial era’s official secrets prohibitions. Are we returning to that thinking?

There is no doubt that Sri Lanka needs a Personal Data Protection law in line with the modern world. That said, there are important conditions that such a law must meet. First, it must establish an oversight entity that is independent, not ‘Government controlled’ as this Bill specifically mandates. This is particularly needed when a body is given enormous powers to fine, as is the case in the Sri Lankan Bill, up to Rs. 10 million per each ‘non-compliance’.

Second, a clear and specific exemption on processing for ‘journalistic purpose’ must be inbuilt into the law. This is the case in other countries, including even in Malaysia and Singapore, notably not countries with strong records of protecting freedom of expression. In India, where a Data Protection Bill is pending before the legislature, lawyers, the media and activists have taken the position that protections, even though already in the draft, are still not enough. They have demanded stronger safeguards. In contrast, the Sri Lankan Bill has no safeguards other than only a general reference to ‘protection of the rights and fundamental freedoms of persons, particularly the freedom of expression and the right to information’.

Third, care must be taken to ensure that protection of data does not prevent the release of information which is in the public interest. This Bill, as it stands, contains too many ambiguities that must be corrected before it passes into law. For example, it has cited several categories of personal data including ‘personal data relating to offences, criminal proceedings and convictions’. This may have a direct impact on journalists reporting on offences, criminal proceedings and convictions of politicians and hence, make reporting on political corruption even more difficult.

Despite the RTI unlocking hitherto closed doors relating to public information, the culture of secrecy among certain powerful politicians afraid of public scrutiny and officialdom prevails. With no official definition of what is ‘official data’ and the proposed law wider in scope than a Personal Data Protection law, is this law going to put a lid on exposing corruption of powerfully connected persons?

There are a host of other issues with this Bill. A more careful look is warranted at its contents. Meanwhile, it is a shame, one might say, that the Bill overrides the progressive RTI Act. No doubt, conflicts between the two laws will arise in the future. It is also a pity that the Supreme Court found itself unable to rule on the constitutionality of the Bill due to a technical objection raised by the State that the filing of a challenge by a group of young journalists was out of time, by the proverbial whisker, as it were.

Now it is up to the Parliament to make sure that bad laws are not passed that will return the country to a very secretive state, where the citizen is starved of credible information opening the doors even wider for fake news on social media platforms.

(Excerpt only/ ST)


Latest news

Related news