COLOMBO – Sri Lanka’s new Data Protection Authority has come into operation following a gazette issued by President Ranil Wickremesinghe in his capacity as Minister of Technology.
A gazette notification dated July 19 said that provisions of part V of the Personal data Protection act, No. 9 of 2022 comes into operation from July 17 onwards.
“By virtue of the powers vested in me by Subsection (5) of Section 1 of the Personal data Protection act, No. 9 of 2022, read with paragraph (3) of article 44 of the Constitution of the democratic Socialist republic of Sri Lanka, I, Minister of Technology, Ranil Wickremesinghe, do by this Order, appoint July 17, 2023 as the date on which the provisions of Part V of the aforesaid act shall come into operation,” the gazette signed by President Wickremesinghe said.
Part V of the act deals with the establishment of a Data Protection Authority, first proposed in November 2022.
Section (1) of Part V reads: “There shall be established an authority which shall be called the Data Protection Authority of Sri Lanka for the purposes of this Act.
Section (2) reads: “The Authority shall, by the name assigned to it by subsection (1), be a body corporate and shall have perpetual succession and a common seal and may sue and be sued in such name.”
Wickremesinghe told Parliament in November that the government would take steps to set up the Data Protection Authority in 2023 and the body would be independent and engaged with the Central Bank of Sri Lanka, Securities and Exchange Commission, Telecommunications Regulatory Commission (TRCSL) and all relevant sectoral regulators to ensure a proper governance of personal data.
Sri Lanka Parliament enacted the Data Protection Act aiming to promote a digital economy amid concerns raised over the privacy of individuals and adverse impact on media reporting on March 10, 2022
The bill was passed without a vote after a raft of amendments was made to the original version.