This report is to evaluate the impact of interventions (written comments on the draft bill during the stakeholder consultation) by LIRNEasia on the Personal Data Protection Act, No. 9 of 2022, which was passed by the Parliament of Sri Lanka on 9th of March 2022. The report also provides details of media coverage of LIRNEasia interventions on the Act.
Can nation states, especially those in the Global South effectively regulate Global Tech Companies? Should they try? Why is it important to separate the data localization issue from data protection? GDPR is not fully enforceable even in Europe; should it be the model for countries in the Global South?
"Data protection is considered an esoteric subject, but it can have powerful effects in the emerging digital economy. Depending on the success of digitalisation efforts, pretty much every organization may fall within the scope of data protection regulation. Few developing countries have enacted data protection legislation. There may be lessons to be drawn from the Sri Lankan effort."
“Sri Lanka has wellcrafted laws but rarely are they implemented satisfactorily. If the regulator is underresourced, little more than ticking the boxes so that Sri Lanka will pass the EU’s adequacy test is likely to be achieved, and even that is uncertain. The best law is not one that is optimal in a technical sense, but one which is most appropriate for the local conditions”
An Expert Round Table discussion on “Data Protection in an Interconnected World” was held on the 28th of June 2021, as the first of a series of discussions under the theme of “Frontiers of Digital Economy”