New Data Protection Bill Aims to Formalise Digital Privacy Standards in Maldives

The Maldivian government has submitted a legislative proposal to the Parliament designed to establish a comprehensive legal framework for the collection, processing, and use of personal data. The Data Protection Bill, presented by West Henveyru MP Ali Ibrahim, aims to formalise digital privacy standards and protect the information of citizens in an increasingly digital era. If passed, the legislation will create a stringent regulatory environment that defines the fundamental rights of individuals over their personal information. Simultaneously, it imposes rigorous responsibilities and guidelines on entities that handle such data, ensuring that organizations are held accountable for how they manage private citizen information. Recognizing the complexities of global data flows, the bill introduces specific protocols for transferring personal information across borders. This includes the legal requirements for sharing data with foreign nations and international organizations, bridging a critical gap in the current legal landscape. To ensure the law is effectively enforced, the bill proposes the creation of a Privacy Commissioner. Under the draft provisions, the current Information Commissioner—originally appointed under the Right to Information Act—will assume the additional duties and responsibilities of the Privacy Commissioner. The bill also outlines clear mechanisms for data subjects to exercise their rights and mandates that entities provide procedural responses immediately following a security breach. Furthermore, it delineates record-keeping requirements for both data controllers and processors. To maintain institutional compliance, the legislation identifies specific operational circumstances under which organizations will be legally required to appoint designated data protection officers. These officers will serve as internal checkpoints to ensure that data handling practices remain within the bounds of the new law.