Daily Mirror - Print Edition

Government rusheS to amend Online Safety Act amidst pressure

06 Feb 2024 - {{hitsCtrl.values.hits}}      

  • Industry giants rally against potential threats 
  • Act seeks to establish commission with sweeping powers 
  • Some provisions of Act violate ICCPR, experts argue

By Kelum Bandara 

Amidst concerns by the industry stakeholders about the  possible impact on digital economy, the government has already worked  out fresh amendments to be incorporated into the recently introduced  Online Safety Act.  Speaker Mahinda Yapa Abeywardena gave his ascent to the new  law passed in Parliament. The government proceeded with the enactment  of the new law despite criticism from various corners including the  industry stakeholders who argued that the new law borders on the  infringement of freedom of expression and will have an impact on digital  economy in the future.   


The Act provides for the establishment of a Commission  which is empowered to issue directives to persons, internet service  providers or internet intermediaries, who have published or communicated  or whose service has been used to communicate any prohibited statement.  It can notice any internet service provider or internet  intermediary to disable access to an online location which contains a  prohibited statement by the end users in Sri Lanka or to remove such  prohibited statement from such online location.   


In the backdrop of mounting criticism, an official of the  Public Security Ministry said new amendments had been worked to be  referred to the Cabinet for approval in another two weeks’ time. 

 
The official said the government completed the consultation  process with the industry stakeholders- Google, Yahoo, Meta, X, Amazon  etc.  


“We will proceed with the incorporation of the new amendments after Cabinet approval,” he said.   
The government can no longer disregard the industry’s  viewports, it means. According to the UN, digital advances can support  and accelerate the achievement of each of the 17 Sustainable Development  Goals – from ending extreme poverty to reducing maternal and infant  mortality, promoting sustainable farming and decent work, and achieving  universal literacy.  


The COVID-19 pandemic accelerated the digital  transformation and changed the way societies and businesses function  forever. Digital platforms mainly with support from social media and  tech companies, including Meta, Google, AWS, Microsoft etc helped  businesses in Sri Lanka during the pandemic, enabling them to overcome  lockdowns through remote work and online operations.   


Therefore, Sri Lankan businesses, especially SMEs  benefitted from digital platforms to carry out their sales and  operations during this period. Currently, the digital economy in Sri  Lanka is estimated to be around US $ 3.5 billion or 4.37 per cent of GDP,  with exports at around US $ 1.25 billion. The Government plans to  elevate this figure to 15 per cent of GDP by 2030 and thereby increase  the digital economy contribution from US $ 3.5 Billion to US $ 15  billion.   


However, the digital economy targets can only be achieved  if there are mechanisms to make Sri Lanka an attractive destination for  digital investments. Since we cannot provide tax breaks and other  financial incentives, the only option is to make it attractive through  policy initiatives which are compatible with global standards.  
Over the years, Sri Lanka has adopted digital laws and  policies, which are compatible with international standards. The  Electronic Transactions Act was amended in 2017 to align with the UN  Electronic Communications Convention (the gold standard for digital  transactions & digital commerce), making Sri Lanka the first country  in South Asia to achieve this standard.  


In 2015 Sri Lanka was able to join the Budapest Cybercrime  Convention because our Computer Crimes Act (2007) was formulated in line  with International standards. The Payment and Settlement Systems Act  (2005), which is the framework governing digital payments, is also based  on a global standard, enabling Sri Lanka to become the second in Asia  to adopt real-time online payments and settlements. All these laws were  drafted adopting an open transparent process.  


The Computer Crimes Bill (2005) was referred to a Special  Standing Committee of Parliament after the debate (without putting it  into second reading), which resulted in the Bill being comprehensively  reviewed with stakeholders and experts.  

Most recently the Personal Data Protection Act (2022), the  first legislation of its kind to be adopted in South Asia, followed an  open and transparent process. The Drafting process which started in  January 2019 ensured that every version of the Bill was published  online.  


However, concern is raised that the Online Safety Act is  not based on a global best practice and does not follow a transparent  consultation process. Therefore, the Act requires further review by  experts, not only from a legal perspective but from a Technology  perspective.  


According to the experts, the basic amendments proposed by  Public Security Ministry and the Attorney General does not make it  implementable and workable, because the SC determination does not  address implementation aspects.  
Some of the offences in the Act violate Articles 17 & 19 of ICCPR (International Covenant on Civil and Political Rights).  
 Even if those provisions are amended, it must be noted that the evidence required to successfully prosecute those offences are not in  Sri Lanka.   


Therefore, electronic evidence needs to be obtained from  tech companies. This requires Sri Lanka to have a successful  international cooperation regime with tech companies. Therefore, it has  to be amended in cooperation with tech companies.  


Making amendments to the Act in a rush without a  consultative process will not create a conducive framework, where  digital platforms and other tech companies will have the confidence to  invest in Sri Lanka to enable us achieve the digital economy targets.   


This bill also impacts the implementation aspects of the  Data Protection Act No 9 of 2022 given the sweeping powers vested in the  new Commission.