Abstract:
Recent technological developments and globalization have converted the day to day activities
of a person to an internet based life. Technology allows doing many activities such as ordering
foods and household goods, getting travel information, bookings travel and accommodations,
bank related transactions, searching for job opportunities through internet etc. All of these
activities require producing some personal details before concluding the performance most importantly the name, email address, and contact numbers of the user. According to European
Union General Data Protection Regulation (GDPR) 2016/679, those data are treated as any information relating to an identifiable natural person who can be identified directly or indirectly.
Whereas submission of those data might flow among irrelevant users and it is obvious that it
would affect the personal life of any person. ‘Right to personal data protection’ has been a
devoted topic for many of legal studies. GDPR 2016/679 is treated as the cornerstone of the
discussion and it introduces a set of principles which can be used whenever a personal data is
collected or processed whether if it is paper based or internet based. It states that personal data
shall be processed lawfully, collected for specific and legitimate purpose, adequate and relevant
for the purpose, keep accurate, store for a permitted time and ensure the integrity and confidentiality. The problem of this research is, in Sri Lanka we have not yet sufficiently recognized the
necessity of introducing a new procedural law regarding personal data protection for internet
based activities. Computer Crime Act of 2007 provides for all types of computer related crimes
but it does not adequately address the protection of personal data. Therefore, the main objective
of this research is to analyze an implementation of a new legal framework for internet based
personal data protection with reference to the Sri Lankan context. Thus, the methodology of
this research is based on more specifically, analysis on GDPR 2016/679 and foreign legislations
on data protection, literature review of research articles and policy reports. Finally, as a conclusion it suggests to introduce a new legal framework for protection of internet based personal
data in Sri Lanka.
