Abstract:
The Covid-19 has had a profound impact on the daily lives of the individuals where
everyone has been put under surveillance with the ultimate objective of keeping
them protected from the Covid-19 pandemic. Many systems were put in place to
track the movements of people when they travel from one place to another, where
biometric data belonging to such were collected using both primitive means as
taking their information in a record book to advanced systems of data gathering
such as using QR scanners. While these data are extracted from individuals which
is a part of their identity, the extent to which these data are going to be processed
and used is not properly mentioned at the time of collecting such data and the legal
system in the country is inept to provide any protection to those individuals since
neither the statutory law or the common law has recognized a right to privacy
which could come in aid to help these people protect their data. In this background,
by using a qualitative method with a comparative analysis of the existing law in
the United Kingdom, this paper attempts to critically evaluate the rights of the
data subjects from whom such data is gathered and to propose changes in the
existing legal system to better protect the personal integrity of those who have to
give their personal data to both governmental and private institutions, especially
in situations where the national security and public health becomes a major
concern, as in the instance of the Covid-19 pandemic. The results reveal that the
existing legal framework in the country is totally inadequate to provide any kind of
protection to these data subjects and developing a legal framework based on the
eight principles of data protection as advanced in the United Kingdom inclusive
of Fairness, specificity, adequacy, accuracy, time limitation, consideration of other
rights, security and non-sharing with unprotected countries is a sine qua non to
protect the data subjects in Sri Lanka