• Thanuki Goonesinghe on the importance of building robust legal frameworks for the digital age

Despite our position in the digital age, law is something that seems to still remain fairly removed from technology. The latter makes the practice of law easier, certainly, but what of how the law in and of itself needs to adapt to better keep up with the needs (and pitfalls) of the digital age? 

The Sri Lankan context for example, recently saw tech come to the forefront of legal discourse with the enactment of the Online Safety Act. There is much criticism surrounding the act of course and it is now under review. Having said that, how else does law, and Sri Lankan law in particular, need to adapt to meet the demands of the digital age? 

The Sunday Morning Brunch spoke to lawyer and technology law trainer and educator Thanuki Goonesinghe on this very subject for some insight. A lawyer by profession, since taking her oaths, Goonesinghe has increasingly found herself drawn to tech law and policy, something she attributes to her father, who himself worked in IT and instilled a love for technology in her. 

“Though initially trained in traditional legal practice, my passion for tech law and policy has always been undeniable, but in Sri Lanka there isn’t much opportunity for that kind of thing. Part of my interest in tech law and promoting discussion on tech law and policy is to create such opportunities; I conduct corporate trainings and educational programmes on tech law and this month I will also launch ‘Tech Circle’ – a talk series that brings together people primarily from tech and law backgrounds to discuss issues in tech law and policy.” 

What is the Lankan tech law space like? 

While not as robust as in other countries, there is tremendous room for growth in Sri Lanka’s tech law and policy space. The country is waking up to the need to build new laws that are more sensitive to the digital world. 

For example, Sri Lanka is in the process of crafting its first Personal Data Protection Act (PDPA), a significant milestone in Sri Lanka’s journey towards strengthening data privacy regulations. Goonesinghe remarked: “The PDPA marks a crucial step forward in safeguarding individuals’ privacy rights in the digital age. It establishes guidelines for the collection, processing, and storage of personal data, laying the groundwork for a more secure and accountable data ecosystem.”

Furthermore, she discussed the ongoing discourse surrounding the proposed Cybersecurity Bill, which aims to address cybersecurity threats and vulnerabilities in Sri Lanka. “The Cybersecurity Bill represents a concerted effort to enhance the nation’s cyber resilience and protect critical infrastructure from cyberattacks,” she explained. “By establishing legal mechanisms for threat detection, incident response, and information sharing, the bill seeks to bolster Sri Lanka’s cybersecurity posture in an increasingly digitised world.”

However, amidst these strides, Goonesinghe acknowledged the need for continuous refinement and adaptation of existing laws to keep pace with technological advancements. Indeed, as technology evolves at a rapid pace, the landscape of tech law in Sri Lanka must evolve in tandem. 

Goonesinghe underscored the importance of proactive policymaking and stakeholder engagement in shaping the future of tech law in the country. “We must adopt a forward-thinking approach that anticipates and responds to the complexities of the digital age,” she asserted. “By fostering collaboration between policymakers, industry stakeholders, and legal experts, we can create a regulatory environment that fosters innovation while upholding fundamental rights and values.”

The ‘Tech Circle’ series

Part of Goonesinghe’s efforts to build a more robust environment within which tech law and policy can thrive is her newest initiative ‘Tech Circle’ – a talk series she hopes will serve to drive the revolutionising of the landscape of tech law discourse in Sri Lanka. 

“‘Tech Circle’ was born out of a desire to create a space for open dialogue and collaboration in the tech law sphere,” Goonesinghe explained. “I noticed a lack of platforms where professionals and enthusiasts could come together to exchange ideas and insights on pressing tech policy matters.”

The primary goal of ‘Tech Circle’ is to foster a culture of constructive criticism and knowledge exchange across different knowledge bases and industries. “I wanted to create an environment where individuals from diverse backgrounds could engage in meaningful conversations about tech law,” Goonesinghe shared. “By facilitating open dialogue and sharing diverse perspectives, ‘Tech Circle’ aims to drive innovation and progress in the tech law domain.”

The inaugural edition of the ‘Tech Circle’ series, set to take place on 21 March, promises to be an enriching experience for participants. Speaking on what this first session – ‘Building Trust in Technologies’ – will cover, Goonesinghe said: “Our first ‘Tech Circle’ session will feature interactive discussions on trust in technology. We will delve into topics such as data privacy, cybersecurity, and the ethical implications of emerging technologies.”

This inaugural session will feature the perspectives of International Information System Security Certification Consortium (ISC2) Colombo Chapter President Sujit Christy and cybersecurity advocate and educator Asela Waidyalankara, who will both share thoughts and engage with the audience on how greater trust can be built within the technological realm.

Moreover, Goonesinghe emphasised on the inclusive nature of ‘Tech Circle,’ welcoming participants from various disciplines and expertise levels. “Whether you’re a seasoned tech law professional or someone with a keen interest in the field, ‘Tech Circle’ offers something for everyone,” assured Goonesinghe. “We believe that diverse perspectives enrich the conversation and lead to innovative solutions.”

In addition to fostering dialogue, ‘Tech Circle’ aims to empower participants through knowledge-sharing and networking opportunities. “Our events will feature expert speakers who will provide valuable insights and guidance,” shared Goonesinghe. “Attendees will have the chance to learn from industry leaders and connect with like-minded individuals passionate about tech law.”

Looking ahead, Goonesinghe envisions ‘Tech Circle’ as a catalyst for positive change in the Sri Lankan tech law ecosystem. “I hope that ‘Tech Circle’ will inspire collaboration, spark innovation, and drive progress in our tech law landscape,” said Goonesinghe. “By bringing together professionals and enthusiasts, we can collectively work towards shaping a more equitable and ethical digital future for Sri Lanka.”

Goonesinghe also envisions ‘Tech Circle’ as a platform for generating actionable solutions to improve the tech law landscape in Sri Lanka. “After each event, we compile resolutions discussed into a flipboard,” she shared. “This allows participants to reflect on the discussions and think about how they can contribute to addressing key issues.”

Building a more robust tech law and policy space

To build a more robust tech law and policy space in Sri Lanka, Goonesinghe shared that we needed to first and foremost shift our mindsets to become future-proof. It is vital to think of the big picture; short-term thinking cannot be allowed to prevail if frameworks and policies are to be robust.

“The laws need to be future-proofed,” Goonesinghe stressed. “We need provisions that allow for creative interpretations, as we can’t predict every technological advancement in the coming years.” 

The key to this is stakeholder engagement. An example is the Online Safety Act, which saw very little stakeholder engagement. “There was a lot of controversy about the Online Safety Act, and part of this was because there had been very few stakeholder consultations, especially from the public,” she said, noting that outcry from both the legal community and the public had led to active review of the bill.

“As of early last month, the Cabinet approved a resolution to amend the act. Forty-seven out of 50 clauses are to be amended. We now need to see what will come out of that.” Goonesinghe’s insights underscore the importance of robust stakeholder engagement in shaping legislation that addresses evolving challenges in the digital realm.

With tech being so vast and ever-evolving, it is also more important than ever to make legal frameworks adaptive. Also key is addressing specific technological challenges within existing laws holistically. “The Personal Data Protection Act talks about automated data processing, while the Cybersecurity Bill lacks specificity,” she pointed out. “There is a lot of conversation around deep fakes, which have broad applicability across various industries. We need to amend these acts to ensure they can adapt to changes faster than they currently do.”

This is where initiatives like ‘Tech Circle’ also stand the chance to play a role by leading thought and driving conversation both between experts and between larger groups. “It provides a platform for professionals from diverse backgrounds to exchange ideas and insights,” Goonesinghe explained, adding that expert perspectives served to educate. 

“Having experts in cybersecurity, like Christy and Waidyalankara, helps to ensure the conversation is well-informed. These experts provide valuable insights and guidance, especially for participants who may not have a specific background in the topic.”