The Personal Data Protection Bill has been drafted in order to ensure the security of the private data when using the collected data by the institutions such as government institution, banks, telecommunication facility providers and hospitals and to make provisions that are necessary for the digital economy of Sri Lanka.

Accordingly, the Sri Lanka Cabinet of Ministers approved the proposal submitted by President Gotabaya Rajapaksa as the Minister of Technology to publish the said bill in the gazette notification and subsequently submit to the parliament.

The personal data protection bill, defining measures to protect personal data of individuals held by banks, telecom operators, hospitals and other personal data aggregating and processing entities, was formulated by the Legal Draftsman Department and the Data Protection Law Drafting Committee, appointed by the Ministry of Digital Infrastructure.

The first version of the draft bill, published in June 2019, was subject to seven rounds of stakeholder consultations and the revised version received policy level approval from the Cabinet of Ministers in January 2020. Thereafter, further stakeholder consultations were conducted by the Bar Association, the Ceylon Chamber. In addition, the Ministry of Justice, Hon Attorney General, the Central Bank and TRCSL provided observations on the draft bill during 2020 and further revisions were made to the Bill.  The Attorney General recently issued the certificate under Article 77 of the Constitution on the bill’s constitutionality, and therefore the bill is cleared for next steps. The Bill is being translated into Sinhala & Tamil and thereafter submitted to the Cabinet of Minister to proceed with next steps.