Personal Data Protection in the Context of Employment: A Discussion of Law in Sri Lanka in the Light of the GDPR

Abstract

The right to privacy is recognized as a fundamental right in various legal instruments including international conventions. Personal data consists of a major part of privacy. Employees are a vulnerable category whose personal data may easily be misused by the employer due to the unequal power between the parties. Employee surveillances are done for many purposes such as improving employee productivity, selecting and retaining honest employees, evaluating employee performance, and maintaining workplace discipline. Under the above context, this research explored the prevailing provisions in the law on individual privacy and data protection in the employment context in Sri Lanka, in the light of the General Data Protection Regulations (GDPR) passed by the European Parliament. Special attention has been given to the public sector employment. This research study utilized the qualitative methodology where the researcher studied, analysed and synthesized a variety of materials gathered from primary and secondary sources to formulate a conclusion and to come up with the study results. Finally, the research revealed that the prevailing laws and regulations in Sri Lanka are not adequate to protect the personal data of employees; however, once the draft Personal Data Protection Bill will become an Act of Parliament, there will be an added responsibility on the part of the employer. This study fills the lacuna of having a comprehensive legal analysis pertaining to the area of employee personal data protection in Sri Lanka by suggesting how the laws should be amended to fill the gaps in the existing law.