Right to Privacy in Cyberspace: Comparative Perspectives from Sri Lanka and other Jurisdictions

Abstract

Right to privacy in cyberspace could be considered as a critical issue which has many implications towards individual liberty in the modern world. In view of the incidence of violations of right to privacy through abuse of personal information in cyberspace, it becomes necessary to explore the legal mechanisms that have been employed to address this issue and ensure the right to privacy in cyberspace in Sri Lanka and other comparative jurisdictions. The first research objective is to identify and examine legal provisions regarding right to privacy in cyberspace at the international level. The second research objective is to identify and analyze laws relating to right to privacy in cyberspace in United Kingdom and compare these legal provisions with Sri Lankan law. Thereby the strengths and weaknesses of the Sri Lankan legal framework regarding right to privacy in cyberspace would be examined and options for necessary reforms would also be suggested. Qualitative research methodology was employed in the research. The results of the research revealed that right to privacy has been recognized at the international level under UN Guidelines for Regulation of Computerized Personal Data Files (1989) and more recently under UN General Assembly Resolution on Right to Privacy in Digital Age (2013). In UK, the Data Protection Act (1998), Regulation of Investigatory Powers Act (2000) and a series of regulations enacted pursuant to EU Directives assume significance. In spite of the positive features in these statutes, UK approach towards data privacy has been criticized for its inherent lacunas and inconsistencies (Raab & Goold, 2011). In fact, the need to reform UK law according to privacy principles which would result in strengthening the right to privacy in cyberspace within the country has been considered (Raab & Goold, 2011). On the other hand, it could be seen that Sri Lanka does not recognize right to privacy in its Constitution or in any other specific legislation. In fact, relevant Sri Lankan statutes such as Electronic Transactions Act (2006) and Computer Crimes Act (2007) could be seen to be devoid of specific provisions relating to right to privacy in cyberspace. However, certain legislation in this area contain provisions which are relevant to right to privacy in cyberspace. For example, the Telecommunication Act (1991) has provided that interception of telecommunication transmissions is a punishable offence and it could be seen that preventing or obstructing the transmission of a telecommunication messages or intruding, interfering or accessing telecommunication messages have also been prohibited. Furthermore, it could be seen that this issue has been addressed to a certain extent through the Computer Crimes Act, which has penalized dealing with unlawfully obtained data, illegal interception of data and unauthorized disclosure of information. In addition, right to privacy has been recognized by the judiciary under the common law of Sri Lanka, where actions have been brought under Roman-Dutch Law. Thus it is evident that in spite of the absence of specific constitutional or legislative recognition of right to privacy, it has been recognized under common law by the Sri Lankan judiciary in a variety of legal contexts. Therefore it is to be seen whether the Sri Lankan courts would recognize this right in relation to protection of personal information in cyberspace. However, it is asserted that there is a pressing need to reform Sri Lankan law in order to reflect the recent trends at the international level. In spite of the availability of a remedy for violation of right to privacy under the common law of Sri Lanka, statutory recognition of right to privacy in cyberspace would provide for clarity and certainty in this area of law, which would ensure effective legal protection regarding right to privacy in cyberspace in the country.