Majority of CARICOM states back controversial United Nations resolution on Cybercrime

What

A resolution at the United Nations – Countering the use of information and communications technologies for criminal purposes – was put to a vote and passed on November 18, 2019. The resolution is geared at creating an

“open-ended ad hoc intergovernmental committee of experts, representative of all regions, to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes…”.

Draft Resolution – Agenda item 107 – Countering the use of information and communications technologies for criminal purposes (link)

In plain-speak: the resolution could result in an eventual UN convention on cybercrime.

How they voted

There were 88 votes for the resolution, 58 against and 30 abstentions.
According to the note of the votes, 14 of the 15 full CARICOM member countries voted on the Resolution. This is the breakdown of CARICOM votes on the resolution:

YES: Antigua & Barbuda, Dominica, Jamaica, Suriname, Saint Vincent, Saint Kitts and Saint Lucia

NO: Belize

ABSTAIN: Bahamas, Barbados, Grenada, Guyana, Haiti and Trinidad & Tobago

Why the Controversy?

The countries sponsoring the resolution were: Algeria, Angola, Azerbaijan, Belarus, Bolivia, Burundi, Cambodia, China, Cuba, North Korea, Egypt, Eritrea, Iran, Kazakhstan, Laos, Libya, Madagascar, Myanmar, Nicaragua, Russian Federation, Sudan, Suriname, Syria, Tajikistan, Uzbekistan, Venezuela and Zimbabwe.

A number of these countries are authoritarian regimes and/or enjoy a less than stellar reputation in respect of human rights violations.

The resolution has come in for criticism from the United States and the Europe Union as well as civil society bodies. The key points are:

  • The language of the resolution appears to be very vague and, per APC’s open letter to the UN, “opens the door to criminalizing ordinary online behaviour that is protected under international human rights law.”
  • There is already an existing, robust de-facto international convention on cybercrime – the Budapest Convention with just under 70 signatories.
  • In the blunt words of David Ignatious “[Russia], the country that hacked the 2016 U.S. presidential election and various European campaigns is now leading the process to write international rules about hacking.”

The underlying fear of many of the resolution’s critics is that this proposed convention is an attempt to use an international law instrument to legitimize the repression of free speech online. Naturally, the question becomes: if this is the case, have the majority of CARICOM states unwittingly helped lay the foundation for the erosion of fundamental human rights online?

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

[Panel discussion] The Barbados Data Protection Act – SMART Barbados Week 2019

I was honoured to be part of a panel discussion on the newly passed Barbados Data Protection Act at the inaugural Smart Barbados Week 2019.

The Smart Barbados Week was a 4-day symposium hosted by Barbados’ Ministry of Innovation, Science and Smart Technology (MIST). Its purpose was to engage the Barbadian public with the knowledge needed to support the country’s transition to ‘smart’ status.

My panel was a useful moment to discuss aspects of the new legislation. It also created an opportunity to make the connection between enabling legislation, like privacy laws, and achieving larger technology-focused developmental outcomes like smart societies.

Links:

By clicking submit, you agree to share your email address with Mailchimp and I, to receive marketing and updates. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Number portability is now a reality in the Eastern Caribbean

In June, the Eastern Caribbean States witnessed a quiet revolution: the introduction of mobile number portability (“MNP”).

Number portability refers to the ability of a telephone network subscriber to retain use of their telephone number after switching networks. MNP is the cellular telephone-specific implementation of this concept.

MNP is revolutionary to the degree that it potentially opens up a significant degree of consumer choice for mobile subscribers in the EC. The availability of MNP means that a consumer who has maintained a long, valuable association with a particular telephone number, no longer has to be tethered to their mobile service provider in the face of either poor service from that provider or, a better deal from a competitor. The implementation of strategies like MNP by regulators ensure greater choice and, by extension, more competition among mobile service providers for a much more liberated customer-base.

The EC’s implementation of MNP is not without precedent in the Caribbean. Similar developments took place in Cayman in 2012, Jamaica, in 2015 and Trinidad in 2016.

Limitations

  • The implementation of MNP will be island-specific: a Lime mobile subscriber in Grenada will not be able to port his number to Digicel’s network in Saint Lucia, for example.
  • The implementation is mobile-specific and so land line subscribers cannot benefit. ECTEL has indicated that fixed-line telephone porting will be allowed in the future when there is competition for this service.

Highlights

  • There will be no cost to the mobile subscribers for porting. It is, however, possible that subscribers will have to cover the cost of unlocking phones for use on another network.
  • Both post and pre-paid customers in the EC will have access to MNP. Post-paid customers will have to settle their bills as a pre-cursor to switching networks.
  • Mobile subscribers will be able to request a reversal of the number porting within 14 days of the switch. Once this 14-day window has expired, subscribers will not be able to request a further switch for another 46 days.

Implementing number portability is a signal acknowledgment of the importance of a more consumer-centric regulatory framework. It may be seen as a move towards further enabling the ‘invisible hand’ of market forces to work in the various EC jurisdictions. Taken to its logical conclusion, this should result in greater competition among the different telecos operating in that region. Given the relatively small size of the EC markets, however, its left to be seen whether MNP’s impact will be more than negligible.

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

[Published] Article in the Business Authority on the Barbados Data Protection Bill*

credit "In 30 Minutes guides" : in30minutes.com
Credit In 30 Minutes guides in30minutes.com

The Business Authority newspaper (Barbados) published an article under my name. The article is based on my written submissions to the Barbados Parliament’s Joint Select Committee on the Data Protection Bill, 2019.

The article zooms in on my comments on the lack of protection offered to the Data Protection Commissioner’s office and the need for a staggered approach to implementation.

A copy of the Business Authority article can be found here (.pdf). For better context, my complete written submissions can be found here.

* Note: shortly after the publication of the article, the Bill was passed by both houses of Parliament.

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

[Quoted] Global Data Review article on the Eastern Caribbean States accessing Facebook’s disaster mapping technology

Global Data Review recently reached out for comments on a recently announced collaboration between the Organisation of Eastern Caribbean States and Facebook. Under the initiative, the OECS will have access to Facebook’s Disaster Maps feature in the event of natural disasters.

Links:

Jamaica’s Court declares freestanding constitutional right to informational privacy

Image result for constitution

The Jamaican Constitutional Court in a 3-judge panel decision recently struck down an entire statute. The act – the National Identification and Registration Act 2017 – was being implemented with a view to making registration in a national ID database mandatory.

The complainant in the case had argued that it breached his constitutional rights.

The case is made interesting as the Jamaican Constitution does not include an express broad-based right to privacy and, certainly not informational privacy. In striking down the act, the Court took a weaving path that required an assessment of the degree to which the Jamaican Constitution provided a basis for protecting the right to privacy, despite this.

The Constitutional Court, having reviewed prior case law from throughout the Commonwealth, concluded that given the necessity of the right to privacy as a precursor to the enjoyment of the other rights in the Jamaican Constitution, a general right to privacy must be read into the Jamaican Constitution.

A copy of the case can be found here.

[FinTech] Barbados launches Regulatory Sandbox

In Barbados, the Financial Services Commission  and the Central Bank have jointly created an important regulation: the Regulatory Sandbox Framework for the Financial Services Sector.

Sandbox Benefits

The no-fluff definition of a regulatory sandbox? A temporary observatory where regulators try to figure out whether a new financial product/service is fish or foul.

Let’s flesh that out a bit.

Where an entity wishes to introduce an innovative financial product or service in Barbados, it may not be immediately clear which regulatory requirements should be complied with. Why? Financial services are regulated by two separate entities: the Central Bank and the FSC. Broadly speaking, the Central Bank regulates banking-type institutions whereas the FSC regulates all other financial service providers (think: insurance companies, credit unions, pension funds etc).

Applying to and being accepted in the Sandbox allows the applicants some well needed regulatory breathing space. In this period, applicants do not need to comply with and be licensed under the regimes of either the FSC or the Central Bank.

Regulatory Review Panel

For the duration of the applicant company’s time in the Sandbox, governance oversight will be provided by the Regulatory Review Panel (RRP). The RRP will be comprised of no less than 3 persons (there is no upper limit on the number of appointees to the RRP). The Director of Finance and Economic Affairs, the Central Bank and the FSC will be responsible for the appointments to the RRP.

The RRP, among many other governance functions, will determine whether the applicant’s product or service should be regulated pursuant to the FSC’s regime or the Central Bank’s. Alternately, the RRP may conclude that the particular product/service being considered is so novel that entirely new legislation is required.

Key Beneficiaries

In practical terms, the kinds of financial products or services most likely to  benefit from sandboxing would be new technology-centric financial service providers a.k.a. FinTech companies. Most FinTech startups tend to focus on disrupting traditional models of operating and will typically employ a combination of novel processes, unconventional business models and innovative products. In doing so, FinTechs will – almost by definition – defy the existing regulatory frameworks which were conceived with the brick-and-mortar realm in mind.

FinTech companies are the primary targets of the Regulatory Sandbox
FinTech companies are the primary targets of the Regulatory Sandbox – Internationalbanker.com photo

More Information

The Sandbox was launched at the end of October 2018 and the main documentation can be found on the websites of both the FSC and the Central Bank.

[Presentation] Data Protection: What Service Providers Should Know – Bimtech Digital Forum 2018

I was one of the speakers at the Bimtech Digital Forum 2018. The forum focused on pertinent considerations for service sector entities participating in the digital economy. The forum was put on by the Barbados Coalition of Service Industries (BCSI) which is dedicated to the acceleration of service sector development and enhancing the export potential of service providers in Barbados.

My ‘power chat’ presentation focused on fundamental data protection considerations for entities in the Barbados services sector. During the presentation, some emphasis was placed on the General Data Protection Regulation (GDPR), key data protection principles and practical next steps for Barbadian service providers.

You can view a copy of my presentation here (.pdf).

 

Comments on the Barbados Data Protection Bill, 2018

I was recently tasked with drafting comments on the 2018 Barbados Data Protection Bill on behalf of three public interest groups – the Barbados ICT Professionals Association, the Barbados Information Systems Security Association and the Barbados Chapter of the Internet Society. Effectively, civil society and professional development organisations with separate areas of focus but all interested in matters at the intersection of ICT and development.

Link: Comments on the Data Protection Bill, 2018 – BIPA ISSA ISOC.