LEGAL

Safeguarding Data, Ignoring Clients: The Ethical Blind Spot of Sri Lanka’s Legal Profession

The Second National Data Protection Symposium, organised by the Bar Association of Sri Lanka (BASL) under the impressive banner “Safeguarding Privacy in the Age of Intelligence: From Legal Compliance to Ethical Innovation,” was, on paper, a triumph of modern legal consciousness.

The agenda read like that of a mature digital democracy.
Key rights and obligations under the Sri Lankan Data Protection Act.
The statutory role and accountability of the Data Protection Officer (DPO).
Institutional readiness, governance frameworks, and embedding a privacy culture within public institutions.
Data protection in the age of artificial intelligence, privacy risks in digitalised transactions and e-commerce, safeguards for startups and SMEs in an AI-driven economy, and the ethical boundaries of automated decision-making.

All of it sounded brilliant. Internationally respectable. Conceptually sound.

Yet the symposium revealed a deep and uncomfortable paradox: Sri Lankan lawyers appear far more concerned about abstract data ethics than about their most basic ethical duties towards their own clients.

Client Data Begins With Client Respect

Data protection does not begin with AI algorithms, cloud governance, or compliance checklists. It begins with how lawyers collect, process, store, and account for client information and client money.

On this fundamental point, the profession is failing.

It is an open secret within the legal community that a vast majority of practising lawyers—conservatively estimated at over 90 percent—do not issue receipts to their clients. Fees are often paid in cash, without documentation. No audit trail. No proof of payment. No consumer protection.

Equally troubling is the widespread absence of client care letters—documents that clearly explain fees, scope of work, confidentiality obligations, dispute resolution mechanisms, and data handling practices. In jurisdictions with mature legal ethics regimes, such letters are not optional; they are foundational.

Without receipts and client care letters, lawyers are already in breach of the very principles they lecture others about: transparency, accountability, lawful processing, and data minimisation.

Electronic Payments Are Not a Luxury—They Are an Ethical Necessity

If the BASL is serious about safeguarding privacy and ethical innovation, the first immediate reform should be simple and uncompromising:

Mandate electronic payments only. No cash.

Electronic payments create evidence. Evidence protects clients. Evidence protects lawyers. Evidence deters abuse, money laundering, fee disputes, and professional misconduct.

A legal profession that insists on cash transactions cannot, with credibility, claim leadership in data protection or digital governance.

The Court Corridor Culture and the Breakdown of Professional Discipline

Beyond financial opacity lies another ethical failure: the informal, unregulated, corridor-based practice culture.

Lawyers competing for clients in court corridors, volunteering themselves without proper mandates, pulling files without structured engagement—this is not professional advocacy; it is institutional decay.

Even more damaging is the visible fragmentation of the profession along religious and ethnic lines, particularly in sensitive cases in the North and East. Tamil lawyers aligning with Tamil clients, Sinhalese lawyers clustering separately, religious identity creeping into legal representation—this undermines the very idea of the lawyer as an officer of the court.

No data protection symposium can compensate for a profession that fails to uphold neutrality, independence, and ethical unity.

Ethical Innovation Cannot Be Cosmetic

The uncomfortable truth is this: Sri Lanka’s legal profession risks turning data protection into a cosmetic exercise, designed to impress international observers while ignoring domestic realities.

You cannot speak credibly about:

• ethical boundaries for AI agents,

• automated decision-making safeguards,

• privacy in e-commerce,

• or governance frameworks,

when basic client rights are structurally ignored.

Ethics is not a PowerPoint slide. It is practice.

What Must Be Addressed—Now

If the BASL wishes to move from rhetoric to reform, the priorities are clear:

1. Mandatory electronic payments for all legal fees.

2. Compulsory issuance of receipts and client care letters.

3. Clear professional rules on client data handling, including storage, retention, and confidentiality.

4. Strict enforcement of non-discrimination and professional neutrality, especially in ethnically or religiously sensitive cases.

5. Disciplinary consequences, not symposiums, for ethical breaches.

Until these fundamentals are addressed, showcasing awareness of AI, digitalisation, and international compliance frameworks will remain precisely that—a showcase.

Data protection begins not with intelligence, but with integrity.