The Bitter Cookie: Right to Cyber Privacy in Sri Lanka Vs. the Misappropriation of Data Gathered Using Cookies

Abstract

Success and progress in the technological age is dependent on the ability to collect, process and disseminate information at lightning speeds, with incredible efficiency. Ironically, the same technology which improves life in the 21st century is often responsible for its setbacks. The use of cookies is a prime example of how convenience has come at a steep price. Through a qualitative analysis of legislation, case law, and academic opinion, this paper focuses on how the use of cookies, if not properly regulated, can lead to violations of an individual"s right to privacy, and how the Sri Lankan legal system is ill-equipped to counteract such violations. The study begins with the proposition that the right to cyber privacy exists as a positive legal right, despite its absence from the Sri Lankan Constitution. It then details the function of cookies, as well as their constructive and destructive potential. The crux of the paper highlights the inadequacies within the Sri Lankan legal system, focusing on the Computer Crimes Act No. 24 of 2007. Finally, it proposes certain amendments to the law with reference to international jurisprudence; specifically, the UK judgement in Vidal-Hall v. Google and the recent EU General Data Protection Regulation (GDPR).