Status of Data Privacy Laws in the Caribbean [Feb 2021]

With the recent activities around operationalising data privacy laws in Barbados and Jamaica, I thought it would be a good time to provide an update on the status of privacy laws in the Commonwealth Caribbean*, generally. I have also included, where applicable, recent privacy-related developments in the relevant jurisdictions.

TL;DR – Six jurisdictions are without any substantive laws to govern the protection of personal data. 10 jurisdictions have passed data privacy laws.

CountryLawPassedRecent Activity
Antigua and BarbudaData Protection Act, 2013 No 10 of 20132013
Bahamas, TheData Protection (Privacy of Personal Information) Act, CH.324A2003Updates to the Financial and Corporate Services regulations was passed in December, 2020. The updates, among other things, expressly require licensees to comply with obligations in the Data Protection (Privacy of Personal Information) Act.
BarbadosBarbados Data Protection Act, 2019-292019Advertisement for Data Protection Commissioner role in 2020
BelizeNo law
BermudaPersonal Information Protection Act, 2016 : 432016The Privacy Commissioner role was filled and the appointment took effect from January 2020.
British Virgin IslandsNo lawA draft data privacy law was published in Q1, 2020.
Cayman IslandsThe Data Protection Law, 2017 (LAW 33 OF 2017)2017After settling a number of complaints informally, formal enforcement action was taken by the Cayman Ombudsman in August 2020.
DominicaNo law
GrenadaNo law
GuyanaNo lawAn impending data privacy law for Guyana was announced in September 2020 and thereafter, an RFP for drafting the law was published in November 2020.
JamaicaData Protection Act, 2020 (No 7-2020)2020An advertisement for the Information Commissioner and related roles was published in December 2020
St Kitts and NevisData Protection Act, 5 of 20182018
Saint LuciaData Protection Act, No 11 of 20112011
St Vincent and The GrenadinesPrivacy Act of 20032003
Trinidad and Tobago**Data Protection Act, 20112011A TOR to substantially amend Trinidad’s data privacy law to make it more consistent with the GDPR was published in April 2020.
Turks and CaicosNo law
List of Commonwealth Caribbean territories and the status of their privacy laws.

* As used here, Commonwealth Caribbean refers to all countries in the Caribbean that are either direct members of the Commonwealth of Nations or jurisdictions that are not direct members of the Commonwealth, but are associated/overseas territories of Commonwealth member countries.

**Trinidad and Tobago’s Privacy law was only partially brought into force.