Comparative analysis of Sri Lanka's legal framework to protect the customer data privacy in E-banking - the way forward

Abstract

New technological advancements have made it possible for Licensed Commercial Banks (LCBs) to transition from conventional banking activities to electronic banking activities. Customers no longer rely on conventional brick-and-mortar banks because they may now access a wide range of e-banking services. E-banking offers users cost-effective, efficient, and quick financial services. E-banking has a lot of advantages, but it also exposes customers to a lot of unforeseen hazards. The primary emphasis of this study is to study the eminent data privacy risk faced by customers in E-banking. When offering E-Banking services, LCBs can collect, retain, process, disclose, and use an enormous amount of consumer information, including potentially sensitive information like customer purchasing decisions, credit card information, behavior patterns, locations, etc. Regardless of how advanced the technology is, if the data used in e-banking services is susceptible, it is likely that customers will not use them. Hence, as a result, Sri Lanka has recently introduced the Personal Data Protection Act (PDPA) to legislate the privacy of individuals. Data has now become the most valuable resource on earth. Most countries in the world including Singapore are having their own Personal Data Protection Regulations. Large firms have changed their emphasis to data privacy and allocated a considerable amount of their budget to secure their customer data and Information assets. Given this, regulators, law enforcement authorities, and consumer advocacy organizations should evaluate the adequacy of data privacy laws to safeguard the personal information of customers. This study offers suggestions for the Sri Lankan legal framework to address the gaps in the country's data privacy legislation and encourage users and service providers to use e-banking services ethically going forward.