By Nishel Fernando 

Sri Lanka needs to educate the stakeholders and contextualise the implementation of the Personal Data Protection Act, otherwise it risks becoming a forcible legislative transplant, a top legal scholar warned. 

Data is considered to be the lifeblood of Artificial Intelligence (AI) innovation. 

Although, Sri Lanka’s landmark Personal Data Protection Act is set to come into full force from next March onwards, University of Colombo   Law Faculty Dean Prof.  Nishantha Sampath Punchihewa 
highlighted that much of the country not aware of the law requirement.

“After next March, this Act will come into full force, and is the business community or the country educated of requirements of under this Act? Those are the questions which remain unanswered,” he said.

He shared these remarks speaking at the Data Protection Hybrid Conference 2024, held in Colombo, under the theme of ‘Development of Data Protection Law under AI in the Asia Pacific Region’ last Friday,  organised by the LAWASIA Communication, Data Protection and Technology Committee, in collaboration with the ICT Law Committee of the Bar Association of Sri Lanka.

He stressed that when it comes to implementation of this Act, it’s critical to contextualise by looking at the experiences of other countries.

“… Sometimes our personal data can be compromised to the advances of AI templates. In this sense, we need to foresee future challenges here. I think we need to collectively and collaboratively work with others countries and agencies in addressing these issues. This is a good piece of legislation, however, we need to go forward and contextualise, otherwise, it will become a forcible legislative transplant which will take us nowhere,” he added.
Although, this Act is regarded as a salutary drawing inspiration from EU general data protection regulation (GDPR), Prof. Punchihewa stressed that it needs to be taken into the context of the Sri Lankan society when it comes to implementation.

“I think European perspectives are shaped very much by the underline philosophy of European directive of personal human rights approach, because the European charter embraces data privacy as a fundamental right , but in Sri Lanka, we don’t have a constitutionally guaranteed right to privacy and data protection rights. Nevertheless, we have the Roman-Dutch law principals embedded into our legal heritage. 

“My understanding is that we have to look at in that context, perhaps we have to learn from the South African experience,” he elaborated. 

He professed that Sri Lanka needs to look at more advanced European Data Protection Regime as well as more business oriented U.S approach when it comes to implementation of this Act,” he added.