The Hon. Chathuranga Abeysinghe - Deputy Minister of Industry and Entrepreneurship Development

¶ 01 Hon. Presiding Member, today’s debate on this Bill has, in many Opposition speeches, drifted away from substantive points into politics. If its value and purpose had been appreciated earlier, our country would not have fallen 20 years behind.

¶ 02 Over the last two decades, the world transformed through digitalization. The Bill’s title itself—Personal Data Protection—captures three core words: personal, data, protection. Digitalization aggregates our data. There are personal and non-personal data; personal data can be sensitive or not. If data like my name, village, phone number, blood group, and health records can identify me, that is personal data. The risk of misuse of personal data has increased globally with digitalization. Legal frameworks evolved to ensure data subjects’ rights if their data is used beyond the purpose consented to. These frameworks keep developing.

¶ 03 We should be pleased that, while ensuring personal data protection, this is also now recognized as a foundation for a digital economy. Without a Personal Data Protection law and a Cybersecurity law, we cannot truly speak of a digital economy.

¶ 04 These amendments align Sri Lanka with other countries as we move into a digital economy. For cross-border transactions and cloud storage, we need common standards on cross-border data exchange, storage, and processing. Practical issues in the earlier Act—definitions, ambiguities, feasibility of compliance, and the Authority’s powers—are now being rectified through consultation.

¶ 05 The Bill pivots on three roles: the data subject, the data controller (or processor), and the Data Protection Authority. While fundamentals are set in law, regulations will be issued by the Authority over time. Those regulations can be discussed, assessed for practicality, and adjusted with the business sector.

¶ 06 Crucially, this framework ensures the data subject’s rights against private, state, and foreign entities that collect and use our personal data. Today, we routinely provide data to digital apps and social media. If a breach or misuse occurs, there is presently no place to go. Going forward, one can complain to the Authority, which can assess the controller’s or processor’s systems, processes, and storage, issue directions, and where harm continues, provide for compensation. This establishes a new layer of security for citizens.

¶ 07 We often store data with foreign platforms like Facebook, Google, Amazon. If misuse occurs, we currently lack recourse. The Authority can at least investigate and require explanations. This gives citizens protection.

¶ 08 Another important aspect is interoperability. With this law, we can present Sri Lanka as ready for the digital economy, enabling our applications and services to operate across borders and participate in the broader digital marketplace.

¶ 09 The Bill clearly defines “data,” whether digital or non-digital, and sets out what is highly sensitive personal data. Public awareness is essential, as is awareness within institutions that use personal data. Data collectors exist across the economy—from SMEs to banks to large enterprises. Wherever personal data are collected, compliance is required. Organizations must designate responsible data officers or procure such services externally, and establish valid consent relationships with data subjects. The Bill allows time for such preparations.

¶ 10 Looking ahead, these amendments lay the foundation for accelerating digitalization in the state, which prior administrations failed to implement. Cybersecurity and other necessary bills are also coming. The legal environment for startups in the digital economy has been lacking; the Ministry of Digital Economy is addressing this. This Government is rapidly building the necessary foundations.

¶ 11 Finally, digitalization brings transparency, efficiency, and auditability. When we digitize state systems, oversight by COPE, COPA, and others becomes faster and more effective. We aim to build systems that prevent corruption, protect public funds, and deliver an efficient public service, growing the digital industry toward USD 5 billion. We trust Opposition Members, as citizens, will support this effort. Thank you.