The World Bank, in association with the D’MADD Project, conducted a two-day stakeholder consultation workshop on the Personal Data Protection Bill and National Cybersecurity Bill Drafts. It facilitated the Ministry of Homeland Security and Technology, the National Centre for Information Technology, and the National Cyber Security Agency to engage with the stakeholders on the “Personal Data Protection Bill” and the “National Cyber Security Bill.” These bills are part of the government’s legislative agenda for the Maldives’ drive for a digital economy.

The project with the World Bank provided international expertise support for the subject areas through Ms. Nay Constantine and Mr. Keong Min Yoon, both acclaimed experts in their respective fields.

In the inaugural keynote, Minister of State for Homeland Security and Technology, Dr. Mohamed Kinaanath stated, “The Personal Data Protection and the National Cyber Security Bill aims to establish a comprehensive framework that ensures the privacy, security and resilience of our data systems while promoting trust and innovation in the Maldives”. On behalf of the World Bank, Mr. Jerome Bezzina (Task Team Leader, Sr. Digital Development Specialist) highlighted the World Bank's commitment to supporting the digital Maldive agenda in many aspects, including expertise in helping the legislative agenda required for the digital transformation initiatives by the government of Maldives.

The two-day workshop was held from November 6th to 7th, 2024, at Meerumaa event hall. Day one focused on the Personal Data Protection Bill. The Bill will help govern the collection, use, and disclosure of personal data by organizations in a manner that recognizes both the right of individuals to protect their privacy and personal data and the need of organizations to collect, use, or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

On behalf of the National Centre for Information Technology, Deputy Minister of Homeland Security, Mr. Abdulla Hussain, presented the bill to the stakeholders. The presentation was focused on the general overview of the Personal Data Protection Bill. Entailing as to the purpose and relevance of the bill. This was followed by the provisions of each chapter of the bill covering the general principles of the Data Protection Authority and the Rights of the Owners of Data. The presentation also emphasized the importance of stakeholder engagement with a summarized general overview of the preliminary comments received by some of the stakeholders.

Ms. Nay Constantine is a legal and policy expert at the World Bank, specializing in digital economy regulations. She helps create and implement global best practices for data protection, digital IDs, trust services, and e-government. Nay has played a key role in legislative reforms in countries like Lebanon, Jordan, Cameroon, and the Central African Republic, focusing on modernizing civil registration, strengthening data protection laws, and developing frameworks for e-signatures and cybercrime. Her contributions span over 15 World Bank projects, and she coordinates legal and regulatory reforms for digital ID systems in more than 30 countries.

Day 2 focused on the National Cyber Security Bill. Dr. Ahmed Naufal Ahmed Hadee, the Chief Executive Officer of the National Cyber Security Agency, presented the bill draft. He explained the key areas of the draft along with the current feedback provided by the stakeholders.

Mr. Keong Min Yoon provided international expertise for the discussion. Mr. Yoon is Counsel for Cybersecurity and Data Infrastructure in the World Bank's Legal Department. He leads cybersecurity legal reform operations in this role and provides essential support in related areas. He also serves as the World Bank's representative to the United Nations Commission on International Trade Law (UNCITRAL), contributing to discussions and negotiations on international legal standards for digital commerce. Lastly, he headed the World Bank delegation to negotiate the UN cybercrime convention.  

The sessions were interactive, and the panel members answered the stakeholders' queries.

The session's stakeholders were officials from government ministries/authorities, law enforcement bodies, tourism, finance, telecom industry members, and NGO representatives. Sixty-nine officials from 39 organizations participated in the Personal Data Protection Bill session, and 60 Officials from 32 organizations participated in the National Cyber Security Bill session.

The government intends to incorporate feedback from the stakeholders before submitting the bills to Parliament.