This document is intended to understand the extant policy context in relation to healthcare data protection, providing international comparisons, and raise important questions for Sri Lanka to consider in relation to data protection, albeit within a narrow sector specific scope.
Based on presentation and discussion at Digital Health Week 2018, Colombo.
I was recently listening to some Microsoft officials asserting that they would be fully compliant with the new European General Data Protection Regulation, implying that it could be applied here too. There is no doubt that countries that seek to do business with Europe will have to pay special attention to GDPR. But that does not mean that we should simply do a cut and paste. The GDPR bears the marks of its birth. It may be appropriate for Europe (this article suggests, that too will be a problem).
The second panel was on digital rights and multistakeholderism. I did not think there can be much debate about a Rorschach inkblot so I devoted only one slide to it and made some passing comments, which still managed to elicit some response from the people who live under the protection of the concept. Digital rights was where the robust exchange occurred. Not because of the relatively uncontroversial issue of governments being prevented from arbitrarily shutting down the Internet and the underlying telecom networks that I proposed. But it was because one of the panelists proposed the wholesale importation of the European data protection regime and rights such as the “right to be forgotten.
Europe has been the fount of data protection absolutism. Not a problem for anyone else but countries such as Thailand and Indonesia are well on the way to model their legislation on the European model. But Chancellor Merkel has seen that the absolutist approach poses dangers to European consumers and businesses as well. Europeans are famous for banning things, Merkel said. These bans are put in place for good reason, she said, but can be damaging if taken to excess.