Politick Parliament. On record. For every citizen.
Sri Lanka
Sri Lanka
10th Parliament· 154 sittings on record · 30,475 speeches · latest 10 June 2026

The Hon. Ajith P. Perera

Samagi Jana Balawegaya· Kalutara· 3 June 2025 ·Debate: Debate: Personal Data Protection (Amendment) Bill - Second Reading

Public FinanceLaw & Order
AI summary generated by gpt-5.5

Hon. Ajith P. Perera recalled initiating draft data protection and cyber security legislation as IT Minister in 2019, noting that the Personal Data Protection Act was later enacted in 2022 and welcoming the current amendment to address practical issues. He questioned why the Cyber Security Bill has still not been presented, arguing that it is important for national security, economic development and the IT sector, and urged that it be brought to Parliament urgently with updated standards. He also raised concern over Clause 13 of the amendment, asking that public corporations and state-owned companies not be excluded from the requirement to designate a responsible data protection officer.

Verbatim record (translated)

Machine-translated from Sinhala / Tamil / English

¶ 01 Hon. Presiding Member, after the 52-day conspiratorial Government in 2018, I had the opportunity to serve as Minister of Information Technology. I met experts from the public and private sectors and, knowing I would have about one year, I asked what must be done for IT sector development in that short time. They requested leadership to bring a cyber security law and a data protection law. Within days I convened trained legislative drafters, legal scholars, and private-sector stakeholders and, on 4 January 2019, appointed two committees — one to draft the data protection law and another for cyber security. Within about five months we completed the work because experts had studied this field for years, with strong familiarity with GDPR and related standards. By the 2019 presidential election, both drafts and translations were ready.

¶ 02 Unfortunately, the President changed. The experts worked with the new President too, but tabling both Bills was delayed. Fortunately, Act No. 9 of 2022 — the Personal Data Protection Act — was enacted. Having seen practical issues after more than two years of use, I thank and appreciate the effort to update it through this Amendment. However, I cannot understand why the Cyber Security Bill has not been presented to Parliament. Since the Hon. Minister is present, I wish to know why. Cyber security is not only about security; it is essential for economic development, for the IT sector’s growth, particularly the private sector, and for national security. I understand drafting is largely complete. Please bring it urgently, updated to current standards.

¶ 03 I have a concern with this Amendment. Under Clause 13, the requirement to appoint Data Protection Officers excludes public corporations and companies incorporated under the Companies Act, No. 7 of 2007. If we are to make data protection effective, it is essential to have a responsible officer within state entities. If appointment is difficult, the responsibility can be assigned to another officer — but do not exclude public corporations and state-owned companies.

Provenance

Source
Hansard, Tuesday, 3 June 2025 ·No. 1750149440002739 ·English daily/uncorrected Hansard
Page · column
not yet extracted — page/column anchors are not in the current dataset; the source PDF is the citable location.
Permalink
/lk/speeches/10143
View source PDF ↗ Suggest a correction

Cite as: The Hon. Ajith P. Perera. 10th Parliament, Parliament of Sri Lanka. Hansard, 3 June 2025. No. 1750149440002739. Politick, https://staging.politick.io/lk/speeches/10143