With the recent activities around operationalising data privacy laws in Barbados and Jamaica, I thought it would be a good time to provide an update on the status of privacy laws in the Commonwealth Caribbean*, generally. I have also included, where applicable, recent privacy-related developments in the relevant jurisdictions.
TL;DR – Six jurisdictions are without any substantive laws to govern the protection of personal data. 10 jurisdictions have passed data privacy laws.
|Antigua and Barbuda||Data Protection Act, 2013 No 10 of 2013||2013||–|
|Bahamas, The||Data Protection (Privacy of Personal Information) Act, CH.324A||2003||Updates to the Financial and Corporate Services regulations was passed in December, 2020. The updates, among other things, expressly require licensees to comply with obligations in the Data Protection (Privacy of Personal Information) Act.|
|Barbados||Barbados Data Protection Act, 2019-29||2019||Advertisement for Data Protection Commissioner role in 2020|
|Bermuda||Personal Information Protection Act, 2016 : 43||2016||The Privacy Commissioner role was filled and the appointment took effect from January 2020.|
|British Virgin Islands||No law||–||A draft data privacy law was published in Q1, 2020.|
|Cayman Islands||The Data Protection Law, 2017 (LAW 33 OF 2017)||2017||After settling a number of complaints informally, formal enforcement action was taken by the Cayman Ombudsman in August 2020.|
|Guyana||No law||–||An impending data privacy law for Guyana was announced in September 2020 and thereafter, an RFP for drafting the law was published in November 2020.|
|Jamaica||Data Protection Act, 2020 (No 7-2020)||2020||An advertisement for the Information Commissioner and related roles was published in December 2020|
|St Kitts and Nevis||Data Protection Act, 5 of 2018||2018||–|
|Saint Lucia||Data Protection Act, No 11 of 2011||2011||–|
|St Vincent and The Grenadines||Privacy Act of 2003||2003||–|
|Trinidad and Tobago**||Data Protection Act, 2011||2011||A TOR to substantially amend Trinidad’s data privacy law to make it more consistent with the GDPR was published in April 2020.|
|Turks and Caicos||No law||–||–|
* As used here, Commonwealth Caribbean refers to all countries in the Caribbean that are either direct members of the Commonwealth of Nations or jurisdictions that are not direct members of the Commonwealth, but are associated/overseas territories of Commonwealth member countries.
**Trinidad and Tobago’s Privacy law was only partially brought into force.