Online searches can be conducted by many parties, such as clients, associates, partners, opposing counsel, staff, personal contacts and others. Online, negative references to you and your firm can scare off potential clients, sour business relationships, harm recruiting efforts and have a number of other negative effects on your practice. Moreover, negative information can live online long after the underlying issues have been resolved, and this information can become lodged at the top of search results. This can cause ongoing damage to your firm or company and your professional reputation.

We have one and the only aim, to be the best in the industry. That means our attorney and law firm reputation management services have to be second to no one. We work directly with law firms and legal professionals to ensure that the best strategy is used for each unique case. Our experienced team of Search Engine Optimization and Internet Marketing Experts have developed strategic relationships with authoritative legal websites in order to enhance the effectiveness of our online reputation management services for attorneys and law firms. What’s more, we equip our skilled SEO technicians with the most advanced software and tools available to manage, repair and/or protect the online reputations of legal professionals and law offices with which we do business.

Recent Case Studies

A popular CEO whose company runs in 74 countries was a victim of reputation attack by competitors , scandals and her customer following was reducing because of the same. Currently signed off for monthly reputation insurance package.


‘Not really’, was the response from many in my audience when I posed this question while speaking at a recent event on the right to privacy and Internet freedom organised by the Bar Association of Sri Lanka (BASL).

That has been our historical legacy, I argued: Ours is a rather nosy culture, where many want to know far too much about others’ private lives. Not just in villages, but in cities and towns as well.

Communal living has some benefits, for sure, but as societies advance socio-economically, people begin to cherish more privacy and value greater individuality. They like to draw clear distinctions between public and private spheres. Many in Sri Lanka haven’t crossed this threshold, yet, which makes privacy protection a difficult issue to advocate.

Privacy is like trust and security – it’s much easier to define when we don’t have it. We value privacy more when we realize it is breached or missing. Now, our increasingly digital lives and greater use of online services have added a new layer of complexity. The demarcation between public and private lives is blurred, or lost in cyber space. The challenge is to strike the right balance between digital utilities and privacy protection.

● Data Misuse
Absolute privacy is not possible online—every action is documented somewhere, and is ultimately traceable. Within this reality, however, reasonable levels of privacy controls can still be achieved. But, that is the shared responsibility of technology service providers and their customers. The problem is that many users are unaware of multiple privacy pitfalls online.

Facebook is a case in point. Over the years, the platform’s administrators have kept changing its privacy rules. Their ongoing ‘tug of war’ between public and private information has led to embarrassing incidents where some users shared information thinking it was private, but it was visible to everyone. Facebook Founder Mark Zuckerberg claimed in 2010 that the rise of online social networking means that “people no longer have an expectation of privacy”. That view was widely contested by those who argued that the spread of social media just means that privacy has new conditions – and involves greater challenges of safeguarding these. Are these primarily the concerns of more economically advanced countries? Is privacy a luxury for developing country residents? Not so.

While 30% of Lankan population that regularly use the Internet are definitely more exposed, all citizens are affected in different ways – for example, by various government agencies storing citizen data in digital formats, and companies retaining mobile phone numbers or tracking consumer behaviour in their systems. Both governments and corporations can use such data beyond the immediate and stated purpose for which it is provided. Data protection laws and regulations are meant to minimise such misuse. Sri Lanka urgently needs to legislate for such protection. Individuals often have no choice but to provide their data, especially when required by the state – like in annual revisions of electoral registers for censuses and other data-gathering processes. During the war, citizen data was gathered by law enforcement agencies at various levels, even without a proper legal framework.

How safe and secure is such data within the state machinery? Who has access and under what conditions? This is a very valid question.

Privacy is like trust and security – it’s much easier to define when we don’t have it

As digital activist Sanjana Hattotuwa, who was part of the BASL panel, reflected: “There are enduring concerns around a very porous firewall between information collected by the Department for Registration of Persons and the Ministry of Defence, and an assorted array of intelligence services.

In the absence of robust, modern data protection laws, information on individuals, their families, professions, home addresses, work addresses and biometric data that with little or no judicial oversight or due process can be accessed by State intelligence services is a dystopian future best resisted.”

Although it is not mandatory, we as consumers have to provide basic information like mobile number and email address when signing up for various ‘free’ online services such as Gmail, Facebook and Instagram. Their operators may not charge us for the service, but they usually make money by extracting data from users and selling this data to advertisers.

This is summed up by the aphorism that “When something online is free, you’re not the customer, you’re the product.” Privacy is a casualty in such processes.

● Digital ‘Bread Crumbs’
Then, there are electronic trails, also known as ‘digital bread crumbs’, we leave behind as we browse the web. Every search, every item we read, every email or other form of messaging we exchange, and every product or service we buy leaves electronic traces. These can be aggregated to form an accurate profile of our likes, dislikes, moods, purchasing power, sexual preference, medical history and shopping patterns. Given enough time and data, these can be used to map our political, religious and philosophical interests as well.

What we choose to disclose or not disclose, and in which situations, is deeply personal. Everyone should have that choice, and not find it taken away by an overbearing government or a cynically exploitative service provider.

“Individual privacy is not the only societal value under pressure in the current data-saturated infrastructure. The effects of data practices without ethics can be manifold – unjust treatment, discrimination and unequal opportunities. But privacy is at its core. It’s the needle on the gauge of society’s power balance,” says Gry Hasselbalch, an expert on Internet policy and digital rights who co-founded the initiative.

She adds: “In a well-functioning democracy, those in power are open and transparent about how they exercise their power. One should not expect [similar] transparency from individuals. The more transparent people are, the more vulnerable they become.” This is the balance that right to information (RTI) laws seek to strike.

Section 5 (1) (a) of Sri Lanka’s RTI Act of 2016 says personal information of a citizen, held by the government, need not be disclosed if it would “cause unwarranted invasion of privacy of the individual”. But the Act also has the provision: “…unless the larger public interest justifies the disclosure of such information.”

● Right to Privacy
Right to privacy is not new. It was enshrined in the Universal Declaration of Human Rights of 1948 (in Article 12), and subsequent conventions. The European Union has been especially active on this front. Half the world’s population now using the Internet has created new challenges for safeguarding this right. Recognising this, the United Nations Human Rights Council appointed Professor Joseph Cannataci of Malta the first-ever Special Rapporteur on the right to privacy in July 2015. It was partly in reaction to public disclosures (by Edward Snowden and others) of the existence of certain governments engaging in mass scale electronic surveillance.

In his first report, released in March 2016, Prof Cannataci clarified that his work will focus on informational privacy. He also called for a more integrated approach to human rights that considers right to privacy, along with freedom of expression and right to publicly held information.

He noted how tension between security, corporate business models and privacy continues to take centre stage. These require a measured response from legal and human rights communities, so as to counter what he called “disproportionate, privacy-intrusive measures such as mass surveillance or breaking encryption”.

Can the new Constitution include the right to privacy in its enhanced framework of fundamental rights? Let’s hope so

Encryption is the process of converting information or data into a code to prevent unauthorized access. Seen as the most effective way to achieve data security, it has become a bone of contention between technology providing companies and law enforcement agencies.

In his report, Prof Cannataci noted how privacy is emerging as an important commercial consideration, “with some major companies adopting it as a selling point”. While some companies are accused of violating user privacy, others are discovering business opportunities in enhanced privacy protection, online and offline.

He added, “If there is a market for privacy, market forces will provide for it. The rapid increase in the availability of encrypted devices and software services is a strong indicator that consumers worldwide are increasingly aware of the risks to their privacy, and that they will increasingly choose privacy-friendly products and services over ones that are privacy neutral or privacy unfriendly.”

These global discussions are relevant as we evolve our own information society. There is no right to privacy under our Constitution, although under the Roman Dutch law, the right to privacy is protected in some specific instances. Can the new Constitution include this in its enhanced framework of fundamental rights? Let’s hope so.

After all, as Edward Snowden famously said, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

The right to privacy and a data protection act: Need of the hour

The right to privacy has been long held to be synonymous with other human rights. However, in Sri Lanka, the absolute need for one has been largely overlooked. In this article I hope to highlight the importance of the right to privacy and a data protection act. Moreover, the dangers of not having both rights as a constitutional provision or in a statutory form, will be detrimental.

‘Private’ has been defined in the Oxford Dictionary as ‘confidential: not to be disclosed to others/kept or removed from public knowledge or observation’. A more comprehensive and pragmatic view has been offered by Alan Westin, author of ‘Privacy and Freedom’ who defines privacy as “the desire of people to choose freely under what circumstances and to what extent they will expose themselves, their attitudes and their behaviour to others”.1

In this article I will be focussing the discussion on the right to privacy to the digital forum, and thereby the emphasis on a data protection act.

If the Government of Sri Lanka becomes electronically active, and if the executive and administrative arms of the Government by their actions infringe the right to privacy of a citizen, such action can be questioned by invoking the exclusive jurisdiction by the Supreme Court albeit only if the right to privacy exists as a fundamental right and not otherwise
Every sector and industry (including health, transport, education and insurance to name a few) have been influenced by the IT revolution in the rapid and advanced introduction of computer technology. If computers are the vessels then the information that flows through them is referred to as ‘data’. The world has become a ‘global village’. Sovereignty of states have become blurred and the propensity of international transactions through the internet have given rise to many legal complexities. Thereby the need for extensive laws regulating this information is imperative; now more than ever.

International Treaties have long recognised the importance of these provisions. However, most of the ‘vigilant gatekeeping’ for international human rights does not occur at the international level but in the domestic arena, by holding States accountable to the enforcement of those national laws that codify international obligations.2

The UN General Assembly, in its Resolution on the Right to Privacy in the Digital Age, noted that “the rapid pace of technological development enables individuals all over the world to use new information and communication technologies (ICT) and at the same time enhances the capacities of governments, companies and individuals to undertake surveillance, interception, and data collection, which may violate or abuse human rights, in particular the right to privacy.” Further, both the U.N. General Assembly, in its Resolution 68/167 on Digital Privacy Rights, and the Office of High Commissioner for

Human Rights, in its Report on The Right to Privacy in the Digital Age to the Human Rights Council, affirmed how “the rights held by people offline must also be protected online.”

The International Treaties themselves support this. Article 17 of the ICCPR3 clearly provides for this right and also Article 6 of the ASEAN Declaration of Human Rights.4

When States ratify treaties or declarations, such as the ones mentioned above, they obligate themselves to respect, protect and fulfil the rights enshrined within those instruments.5 Because the nature of technology is such that it can be used “for both legitimate and impermissibly intrusive ends”, it is the responsibility of States to take measures, such as enacting national legislation, to guarantee the protection of citizens’ rights on the internet and communications networks.

The challenges of a data protection act

A challenge to any State would be the delicate balancing of the freedom of expression and the right to privacy. Frank LaRue, Special Rapporteur on Freedom of Expression, in his 2013 report to the Human Rights Council, discussed how ICCPR Art. 17 on privacy does not provide for a clear-cut limitation test as Art. 19 does for freedom of expression. Therefore, he asserts that Art. 17 “should be interpreted as containing elements of a permissible limitations test already described in other General Comments of the Human Rights Committee”, such as those contained in the articles on the right to liberty of movement, the right to peaceful assembly, etc. These can be summarised in three main requirements:


  • Any restriction must be provided by law and must represent a legitimate, compelling state interest.

  • The restriction must be necessary for achieving such legitimate aim and the measure must be proportional, meaning it must be appropriate to achieve its protective function; and 

  • The limit must be narrowly tailored to the end sought, thus representing the least restrictive way to achieve the desired result.

Note that the determination of what constitutes a legitimate restriction should be “undertaken by a competent judicial authority or a body which is independent of any political, commercial, or other unwarranted influences….”6

The most recent milestone in Data Protection laws has been the EU General Data Protection Regulation [2016/679]. This will come into effect on 25 March 2018. It builds on existing concepts and strengthens requirements for the collection and use of personal data though it does introduce a number of significant changes. For example, companies that have no physical presence in the EU will also need to comply with the GDPR if they offer goods and services in the EU or monitor a data subject’s behaviour taking place in the EU. Also the GDPR does not require that all personal data has to be kept within the EU. However if the personal data travels outside the EU the controller should ensure a level of protection which is similar to that in the EU for the data.

The Hong Kong ‘Private Data Protection Ordinance’, which was brought into force in three stages in 1997 has been described as an ‘economic selling point, safeguarding the free flow of personal information to Hong Kong”, as much as it was a “human rights related initiative”7. The content of the Ordinance clearly reflected both the OECD Guidelines and EU Directive, but not as any direct pressure from abroad, rather as a long-term protection of the trading position of Hong Kong and as an elite concern to be in keeping with international best practice.

The laws in Australia are also very contextual. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 includes 13 Australian Privacy Principles guiding the collection, use, storage, and disclosure of personal information, and access to and correction of that information. The new amendment in 2014 will affect all Australia-based organisations that store any personal data about their customers including cloud and communication service providers.

The Data Privacy Act of 2012 in the Philippines is an Act also to be commended in encompassing the possible complications. That law requires that the collection and processing of personal information be done fairly and legitimately within the bounds of law, subject to “the fundamental rights (including privacy) and freedoms of the data subject” protected under the Filipino Constitution.8

The position in Sri Lanka

Althaf Marsoof, in his article titled ‘The Right to Privacy in the Information Era: a South Asian Perspective’9, has provided a preliminary analysis of this. He explains how in Chapter III of the Sri Lanka Constitution, the Fundamental Rights of the people of Sri Lanka are exhaustively guaranteed. However, on the face of it, it seems that Chapter III guarantees no right to privacy, Article 17 read with Article 126 (1) of the Constitution makes it clear that an application may be made to the Supreme Court in relation to the infringement of an individual’s fundamental right by administrative or executive action. It has been stated that, “A public value of privacy derives not only from its protection of the individual as an individual but also from the usefulness as a restraint on government or on the use of power.”10

Therefore, if the Government of Sri Lanka becomes electronically active, and if the executive and administrative arms of the Government by their actions infringe the right to privacy of a citizen, such action can be questioned by invoking the exclusive jurisdiction by the Supreme Court albeit only if the right to privacy exists as a fundamental right and not otherwise.

The Computer Crimes Act 2007 of Sri Lanka, (the primary aim of which is to protect the right to privacy of Sri Lankans through penal sanctions) also gives cause for concern. Section 18 of the CCA 2007 gives the power to an expert or police officer included in an investigation under the Act to tap any ‘wire or electronic communication’ or obtain any information (including any subscriber information or traffic data) from any service provider. Even thought it might seemingly have some parameters surrounding this section, in that a warrant is required from a magistrate, it is nonetheless very concerning. And this concern is compounded in there not being an express guarantee of a fundamental right to privacy.11

Article 14A of the 19th Amendment to the Constitution does touch on privacy, though very minimally. It states that a fundamental right to information can be not complied with if the privacy of an individual is tampered with. However, on the flip side, if the public interest of the people outweighs the right to privacy, that right outweighs the latter. Also it is noteworthy that this sublime right is connected to the right to information and fails to stand on its own. This is clearly not an express provision where the right to privacy is a separate and compounded fundamental right of the citizens in Sri Lanka. Also in order for this right to be exercised against private organisations, a statute is needed where it is encapsulated separately. Hence the absolute necessity for the citizen to have rights against the state and each other.


Laws exist to protect the rights of the members of a society and to ensure that they do not have to protect those rights through their own actions. Philosopher, John Locke, argued that a society without laws would be one in which individual people only had as many rights as they could protect. In other words, you only had the right to life if you could keep others from killing you. According to Locke, societies devised laws and governments as a way to get themselves out of this state of nature. In this purview laws exist in order to protect our most fundamental human rights. Because of the existence of laws and means to enforce them, we all have rights even if we would be too weak to protect those rights in a state of nature.12

In this digital age, the strong connection between the right to privacy and data protection is prevalent, now more than ever before. All information of citizens, confidential and otherwise are held in diverse industries such as the health industry, education and insurance to name but a few, in the form of ‘data’. Thereby, a provision of the right to privacy, I strongly feel, comes in perfect synchrony with provisions for data protection.

Also due to rapid globalisation taking place, and Sri Lanka, in particular being in an important time of history, where its entrance as a global player in international economics is about to be launched, the importance of its laws being synonymous with international treaties cannot be stressed more. The lure of FDIs is based on many factors, admittedly, and the laws of a country being up-to-date cannot be overemphasised.

Finally, in pursuing a ‘democracy’, one must ask oneself, is not the right to privacy an integral element of this pursuit? As much as freedom of expression and speech are to be applauded, the parameters by which we as a society and as individuals operate needs protection of the highest order; from the judiciary. Thereby I humbly propose, without further ado, that we as a nation give our people these fundamental rights that they can stand by and I am confident that the democracy and freedom we all want will come by.


1A Westin, Privacy and Freedom, Atheneum 7 (cited in Marsoof, A; The Right to Privacy in the Information Era, a   South Asian Perspective; Volume 5 Issue 3 December 2008)

2 ABA Rule of Law Initiative; George Washington University Law School 2015; p. 5

3 (1) No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.

(2) Everyone has the right to the protection of the law against such interference or attacks.

4 ‘The enjoyment of human rights and fundamental freedoms must be balanced with the performance of corresponding duties as every person has responsibilities to all other individuals, the community and society where one lives. It is ultimately the primary responsibility of all ASEAN Member States to promote and protect all human rights and fundamental freedoms.’

5 ABA Rule of Law Initiative; op.cit. 2; p.6

6 Ibid

7 ‘Comparative Study on Different Approaches to new privacy challenges in particular light in the light of Technological Developments : Hong Kong’ by Graham Greenleaf []

8 ABA Law Initiative Rule; op.cit.2; p 5

9 Marsoof, A; ‘The Right to Privacy in the Information Era, a South Asian Perspective; Volume 5 Issue 3 December 2008’ []

10 D Solove, M Rotenberg & P Shwartz, Information Privacy Law (2nd ed., Aspen), 61 (cited in ibid)

11 Marsoof,A ; op.cit. 9

12 http;//

[The writer, LL.B (Hons.) Warwick; Barrister (of Lincoln’s Inn), is an Attorney-at-Law.