Senior researcher and privacy advocate Dr. Sanjana Hatthotuwa has raised serious concerns over the newly launched ‘eTraffic’ app by the Sri Lanka Police, which is intended to allow citizens to report traffic offences. In his detailed critique, Dr. Hatthotuwa questions the credibility of the app, arguing that it may put user privacy and data security at risk, particularly due to the lack of secure measures and proper legal compliance.
Dr. Hatthotuwa highlights the app’s unavailability on official platforms like Google Play Store, a significant red flag. Instead, the app can only be downloaded from an unofficial site at https://srilanka-etraffic-app.vercel.app. This raises concerns about potential cybersecurity risks, as apps downloaded from unverified sources are more vulnerable to malicious activity and data breaches.
The researcher also stresses the Sri Lanka Police’s recent track record of being targeted in cyberattacks, which casts doubt on the app’s security measures. Given that the Police have struggled to secure their own social media accounts, Dr. Hatthotuwa questions their ability to properly safeguard sensitive user data on the new application.
Another major concern raised is the app’s potential non-compliance with the Personal Data Protection Act (PDPA), a law that aims to protect individual privacy in Sri Lanka. Dr. Hatthotuwa explains that once fully implemented in March 2025, the app may violate provisions of the PDPA due to its use of cloud services located outside Sri Lanka. This could expose user data to foreign jurisdictions, which may not adhere to the same privacy standards as Sri Lankan law.
Furthermore, Dr. Hatthotuwa argues that the Sri Lanka Police should not have launched the app without obtaining approval from the Google Play Store, which is the standard process for ensuring that apps meet security and data protection requirements. Releasing the app before undergoing this approval process is unorthodox and could indicate that proper testing and vetting have not been conducted.
The researcher’s statements highlight broader concerns about the potential misuse of personal data collected through the ‘eTraffic’ app. With no clear assurances regarding the handling, storage, and sharing of user data, the app could expose Sri Lankans to privacy breaches. Dr. Hatthotuwa calls on the Sri Lanka Police and government authorities to address these issues, conduct a comprehensive security audit, and ensure full compliance with data protection laws before the app is more widely used.
These concerns add weight to the ongoing debate about the balance between technological advancements and the safeguarding of citizens’ rights and personal information in Sri Lanka.
