The Government of Barbados has released for comment, a 2018 draft of the Data Protection Bill (Mirror ). The draft bill is open for public input until July 31, 2018.
While the timing is somewhat short for a bill with such far reaching implications, I think its commendable that the bill is being opened up to input from all stakeholders, including civil society interests.
This is the second attempt by the Barbados Government to pass a comprehensive data protection bill. A prior iteration of the bill was initially tabled in 2005. However, meaningful progress in Parliament appeared to stall for the better part of the 13 years since.
On my initial scan, a few things jumped out at me which I mentioned in some tweets:
Under the current draft, if you request information about your own data from a data controller then you have to pay for it. This requirement to pay will likely create a hurdle to enforcement of privacy rights under the act.
— Bartlett D. Morgan (@BartlettMorgan) June 23, 2018
I never saw any data breach notification requirements. In the modern era, not having a requirement for data controllers to notify the data subject and/or the data commissioner of a breach is a huge missed opportunity. For my part: pic.twitter.com/v9aeVIU5RC
— Bartlett D. Morgan (@BartlettMorgan) June 23, 2018
I also think the proposed Data Protection Tribunal is a positive. It will counterbalance decisions of the data commissioner (similar to how appellate courts operate).
— Bartlett D. Morgan (@BartlettMorgan) June 23, 2018
If your data rights are breached under the act, you have a right to compensation (as opposed to a fine being paid into Government coffers). Another huge positive. pic.twitter.com/dSyzTzIUWU
— Bartlett D. Morgan (@BartlettMorgan) June 23, 2018
I will be reviewing the bill more closely over the coming weeks, with a view to submitting comments. If personal data protection is something you are interested in, I encourage you to submit comments, via e-mail to Commerce.Comments@barbados.gov.bb.