Breach of confidentiality: Aswan v National Commercial Bank and a few lessons for Software Developers

National Commercial Bank, Jamaica – photo

Following the Jamaican High Court decision in Aswan v National Commercial Bank, even if a contractual provision provides for confidentiality in your dealings, it may not be enough to protect your intellectual property interests if your actions, subsequent to the entry into the contract, suggest that you are o.k. with your confidential information being disclosed to third parties.

Article Content


The claimants in Aswan were developers of a point-of-sale top-up software application. The claimants and the defendant bank entered into a joint-venture agreement to create and deploy a customised version of the developers’ point-of-sale software solution. The envisioned end-product would allow users of the point-of-sale devices to ‘top up’ cellular phones with call credit by swiping their credit or debit cards at the point-of-sale machines.

Point of Sale terminal
A point-of-sale terminal, similar to the kind Aswan’s software would be used with. photo

The contractual documentation included clauses in a proposal document indicating that the information provided in it was confidential. The clause also required the developers’ written consent before the bank could disclose any confidential information to any third parties. Notably, that aspect of the contractual documentation was never actually signed by the bank’s representatives.

The bank eventually sought the help of a third-party entity to assist it with completing other aspects of the project. The bank shared certain information with the third-party developer via emails (on which the developers were copied) including aspects of the confidential information from the proposal document.

The relationship between the developers and the bank started to break down over time. Eventually, the developers terminated the joint venture agreement, for reasons unconnected with the breach of the confidentially clause. Thereafter, a suit was brought against the bank claiming breach of confidence and seeking damages.

Findings of the Court

Despite the bank’s argument that it did not, in fact, sign the relevant parts of the documentation that imported confidentiality, the Court was willing to construe the overall circumstances as importing a duty of confidentiality. The Court arrived at this decision following the approach  to contractual interpretation espoused by the Privy Council in AG Belize v Belize Telecom.

Quick background: that case held that in appropriate circumstances, a court can read implied terms into contracts where it is obvious that the parties intended those implied terms to be part of the contract between them.

The Court, notwithstanding the lack of signature on behalf of the Bank, was willing to accept that there was a confidentiality agreement. It declined, however, to enforce it in the circumstances of the case.

The Court reasoned that the confidentiality agreement should not be enforced since the conduct of the developers indicated that they had acquiesced in the sharing of the confidential information with a third-party. The Court was moved by the fact that the bank had copied the developers on emails wherein the bank corresponded with the third-party developer. In those emails, the information which the developers deemed confidential was shared.

Despite this knowledge that a third-party was being provided with the information which the developers were asserting was confidential, the developers did nothing to enforce the right to confidentiality during the life of the contract. In the Court’s estimation, this appeared fatal.

Lessons for ICT entrepreneurs

  1. The most important lesson here for app developers and others in the ICT space – ensure that your conduct aligns with your contract. If after entering a contract, the parties acknowledge that the expectations and outcomes have shifted meaningfully from what was initially agreed, it makes sense to expressly agree an addendum to the contract, reflecting the new state of affairs. If not, the parties run the risk of having a court belatedly assuming, on their behalf, what they must have meant.
  2. Ensure that your contracts are expressly agreed to by all the parties; don’t just rush to get to work. Some record of what has been agreed to must exist. A signature is ideal but even a confirmatory email can suffice, depending on the circumstances.
    The developers in the Aswan case may be considered lucky that the Court was willing to find in their favour that there was a confidentiality agreement between them and the Bank, despite the Bank’s representative having never signed the documentation. A more conservative court may well have gone a different route. Going forward, developers and other service providers should be careful to do all the formalities, including getting the signature (or equivalent record of agreement) of the other parties to the contract.
  3. Although the two developers referred to themselves as ‘HMA Solutions Limited,’ they sued the bank in their own names. It is, therefore, likely that they were using ‘HMA Solutions Limited’ as a mere trading name at the relevant time.
    The lesson here: the capacity in which you contract has very practical, everyday consequences, including whether your liability is personal. For example, lets say you entered a contract in your personal capacity and following a breach, you sue the other party in court. If you lose the claim, the cost order of the Court will likely be enforceable against you personally. By contrast, if you entered into a contract via a company you own, separate legal personality dictates that you would not be personally liable for any adverse outcomes.
    Note, this isn’t saying a corporate vehicle like a limited liability company is suitable for every kind of venture. This IS, however saying that before you jump into the next potentially lucrative venture, spend a few hours talking over appropriate legal structures to employ with your advisers.

Published: The Why and How of Taking Privacy Seriously

I recently published an article with practical tips for businesses who wish to give serious consideration to privacy and protecting their customers’ data. My article appears in Vol 4 of the Exporter magazine which is published by the Barbados Coalition of Service Industries. This edition of the magazine’s theme is “ICT in a 21st Century Barbados.”

BCSI Exporter Magazine Vol 4 2017 Bartlett Morgan Privacy
BCSI Exporter Magazine Vol 4 2017 

Click here and navigate to page 21 for my article. While there,  do check out some of the other fascinating articles which cover a gamut of ICT related topics including implementing blockchain technology into financial product offerings in Barbados and ICT applications in coastal zone management.

Charles Leacock Q.C. – Internet Law in Barbados

This is a video recording of a presentation by Charles Leacock, Q.C. on the state of internet laws in Barbados.

The presentation was given at the inaugural Barbados Internet Governance Forum and does an excellent job of outlining the existing digital law legislative framework at play in Barbados. The presentation touches on the:

  • Telecommunications Act;
  • Computer Misuse Act;
  • Electronic Transactions Act;
  • Corporate (Miscellaneous Provisions) Act
  • Copyright Act; and
  • the proposed Privacy and Data Protection Act

Naturally, being the DPP, Mr. Leacock gave prominence to the operation of the Computer Misuse Act which criminalises certain activities effected via a computer system.

This is a very useful video if you are interested in coming up to speed quickly on the overall state of the law in Barbados. Other video recordings of presentations made at the inaugural Barbados IGF may be accessed here.

End note: Mr. Leacock was, at the time of the presentation, the Director of Public Prosecutions for Barbados. Sadly, shortly after this presentation, he passed away. May he rest in peace.

Notes on the Fair Trading Commission v Digicel Jamaica decision

The Judicial Committee of the Privy Council (the “Board”) recently rendered a high profile decision in Fair Trading Commission v Digicel (mirror) where it confirmed the far reaching power of the Fair Trading Commission to intervene in proposed mergers of telecommunications providers. The decision will likely give telecommunications providers further cause for pause in future bids to takeover or merge with competitor firms in the Commonwealth Caribbean.


The Fair Trading Commission (the “FTC”) is empowered by the Fair Competition Act (the “FCA”) to serve as the competition authority responsible for regulating uncompetitive market practices in Jamaica.

The Board’s decision arose against the background of a 2011 merger of two of Jamaica’s three mobile voice and text providers, at the time: Digicel  and Claro. Following a complaint by the third competitor in the telecoms space – LIME (now, Flow) the FTC launched an investigation and concluded that the proposed merger would lessen competition and, ultimately, consumer choice would suffer. Importantly, the FTC also found that the benefits arising from the merger would not offset the anti-competitive effects.

Following the publication of its findings, the FTC launched  proceedings in the Jamaican Courts seeking an injunction to prevent the merger from going forward, the imposition of financial penalties and a declaration that the merger was anti-competitive.

The FTC, in approaching the courts, was, in effect, moving to enforce section 17 of the FCA which prohibit actors in a market from entering into an agreement with the effect of lessening competition.

Digicel and Claro took the position that their merger fell outside of the ambit of the FCA as they were telecoms operators and so, only the Telecommunications Act applied to their dealings. They also took the view that section 17 of the FCA did not specifically deal with mergers and so the FTC could not proceed on that basis.

The court dispute could, therefore, be reduced to three specific issues:

  1. Does the FTC have jurisdiction to intervene in the market for telecommunications services?
  2. Does section 17 of the FCA  apply to mergers at all?
  3. Does section 17 of the FCA apply to transactions approved by the Minister under section 17 of the Telecommunications Act?

On point 1, the High Court found (pdf) that the two regimes of the FCA and the Telecommunications act, acted in parallel. The Court of Appeal (pdf), in a decision authored by Harris JA, agreed. On point 2, the Court of Appeal disagreed with the High Court’s finding that section 17 of the FCA was not limited to anti-competitive conduct effected between independent entities and extended to those resulting in the elimination of a competitor in a market. On the third point, the Court of Appeal also reversed the High Court judge’s decision that section 17 of the FCA also applied, even though the relevant government minister had given his permission pursuant to section 17 of the Telecommunications Act.

Privy Council Decision

Before the Board, Digicel argued that they were governed, primarily by the ambit of the Telecommunications Act and not the Fair Competition Act and so, in the absence of a reference under section 5 of the Telecommunications Act, no jurisdiction resided in the FTC to review the decision of Digicel to merge with CLARO. They further argued that section 17 of the FCA did not, in any event, apply to mergers. Digicel also argued that the consent of the relevant government minister with authority for telecommunications was sufficient to prevent the intervention of the FTC.

The Board disagreed with Digicel and found favour with the arguments of the FTC on all three points.

Jurisdiction of the FTC
Firstly, it considered that although the Telecommunications Act was specific and the FCA was a general act, in order to prove that the specific act applied, Digicel would have to demonstrate incompatibility between both frameworks. In the view of the Board, although both acts had their own competition mechanisms, the two acts were not in fact at odds with each other but were, in fact, complementary. The Board also considered the reference mechanism in section 5 of the Telecommunications Act and deemed this confirmation of the fact that both acts operated in parallel to each other. The Board, on this basis, concluded that the jurisdiction of the FTC, pursuant to the FCA, did extend to the telecommunications market.

Applicability of section 17 of the Fair Competition Act

In respect of the argument that the scope of section 17 of the FCA did not apply to the merger between Digicel and Claro, the Board found that it did apply. The Board considered that section 17 of the FCA serves to forbid any agreements which contain provisions that have as their purpose the substantial lessening of competition, or have or are likely to have the effect of substantially lessening competition in a market.

Digicel and Claro made a novel argument: upon merging, both companies would become part of one enterprise and, therefore, could not be guilty of concerted conduct with itself. The Board took the view that section 17 of the FCA did not only apply to concerted conduct *after* the agreement was entered into between the parties. Rather, at the point when the agreement to merge is contemplated, so long as the effect falls within section 17, it is open to review by the FCA.

Importantly, also, the Board, inline with case law from the European Union, reasoned that section 17 of the FCA, despite not mentioning mergers expressly, did, in fact, apply to mergers.


Effect of Minister’s approval of a licence under the Telecommunications Act

Finally, Digicel argued that to the extent that section 17 of the Telecommunications Act was the only provision in either act that expressly dealt with mergers, once Digicel had complied with that provision, there was no scope for the FTC, which was operating under the ambit of the FCA to intervene in the merger. Unsurprisingly, given its reasoning on prior issues in its decision, the Board found that the minister’s approval under the Telecommunications Act did not operate in isolation and compliance with the FCA’s regime was also a necessary prerequisite to approval of its merger activities.

Final Thoughts

Following the decision, Digicel has already taken the view that the merger was not anti-competitive and so, it has no case to answer.

By confirming that the FCA operates in parallel with the Telecommunications Act, the Board’s decision necessarily means that, going forward, operators in the telecommunications space in Jamaica must be mindful of the contents of both statutory schemes when potential mergers and acquisitions are being contemplated.

More broadly, the decision is valuable for confirming the broad-based authority of competition authorities, with similarly broad statutory backing to Jamaica’s FCA. If a merger agreement is being contemplated between significant actors in a market, that agreement can lawfully come within the purview of the competition authority, even if the relevant statutory framework does not expressly provide for this power.

In essence, regardless of market, all firms operating in the jurisdiction are bound by the same competition framework.

It may be argued that the Board has taken a broad, purposive reading of the FCA and, in doing so, ascribed to the FTC, powers over mergers which it did not expressly have before. Even if true, this would only serve to bring Jamaica inline with the modern, accepted approach in developed market-driven jurisdictions  to the interpretation of similar statute.  This is a hard position for most to argue against.

Disclosure of Trinidadian Minister’s telephone records reiterates need for privacy legislation

Newsday Trinidad reports that the Telecommunications Authority of Trinidad and Tobago (TATT), has issued a reminder to the telecos in the twin-island republic to protect the data of their customers.  TATT’s reminder comes in the wake of the public disclosure of the telephone records of a government minister.

The minister’s unfortunate circumstances aside, this story allows for a teaching moment about the potential value of having privacy and data protection legislation.

Trinidad’s Data Protection Act

Trinidad and Tobago, at the time of writing, is among a handful of jurisdictions in the Commonwealth Caribbean to have passed  comprehensive privacy and data protection legislation. Trinidad’s Data Protection Act was partially brought into force in 2011. Despite some criticism (for e.g. here and here) the act offers fairly comprehensive protection for the personal information of citizens of the twin-island republic.

Practical Benefits

The act provides all individuals in Trinidad with direct recourse against any entity or person  that either: i) wilfully discloses personal information in contravention of the act; or ii) collects, stores or disposes of personal information in a manner that contravenes the act.

The act establishes a data commissioner’s office. This commissioner holds responsibility for not only investigation and enforcement, but also, public awareness about privacy.

This means that:

  1. i) recourse is no longer against just public bodies;
  2. ii) there is no longer a need to bring a convoluted (and comparatively expensive) constitutional motion to protect against a breach of privacy;
  3. the scope of that privacy right protection is not limited (for e..g. what expressly constitutes private information);
  4. there are severe enough fines to make the protection of individuals’ private information a priority for entities that handle private data; and
  5. the notion of privacy is more likely to become part of the public agenda going forward.



Act not fully proclaimed

Here is the kicker, however: The Trinidad Data Protection Act has never fully been proclaimed. At last check, only the provisions concerning the establishment of a data commissioner’s office were brought into effect. Therefore, most of the critical sections of the Act are not enforceable.

What this means for the goodly minister is that, with the best of intentions, his options for recourse are limited. In effect, despite the existence of the Act on paper, Trinidadians currently have no real recourse when their personal data is handled in a manner that would constitute a breach.

Trinidad and Tobago is considered one of the regional leaders in advancing the information society. Practical signs point to:

  • the establishment of a multi-stakeholder advisory group for crafting policies of the .tt domain;
  • successful domestic e-commerce entities like Trini Trolley; and
  • being the first (and only at the time of writing) English-speaking Caribbean country to have sophisticated internet-based app, Uber.

This is clearly a nation that intends to advance its information society agenda. It therefore behooves the twin-island state to give effect to the fundamental aspects of the act as it continues its developmental march.

Much needed privacy act coming to Jamaica


A privacy and data protection act is to be tabled in Jamaica in the next three months. Andrew Wheatley, the government minister responsible for technology, made the disclosure via the Jamaica Information Service website recently.

This is the third such public announcement by the Minister in five months (See here and here). Presumably, therefore, there is substance to the minister’s statement.

The importance of privacy and data protection legislation cannot be underscored enough. Only this morning, the Jamaica Gleaner ran a story highlighting a significant data breach involving the confidential information of students at 16 high schools in Jamaica. Unfortunately, as there is no legislation in place, there is currently no allocation of privacy-related rights and obligations among the various actors involved in that incident.

Privacy and data protection legislation is also important in the context of a nation’s digital-era development. It is accepted that trust is a critical component in developing a domestic digital economy, since people tend to only engage in e-commerce where there is a high level of trust.

The presence of a statutory privacy safeguard, such as a privacy act, is critical to developing trust among users of the internet. Those users will more likely trust that their data will not be mishandled and, importantly, that they can have recourse in the event of a breach. Therefore, when local entrepreneurs provide services for pay to local consumers in Jamaica, those consumers are more likely to purchase the offerings. The more local goods and services purchased online, the more the domestic digital economy develops.

Only this week, UNCTAD referenced research indicating that “Internet users are increasingly concerned about their online privacy, and that 49 percent of users polled say lack of trust is their main reason for not shopping online ”.


Jamaica is not starting from scratch where privacy legislation is concerned. Its Constitution was recently amended to more expressly secure the individual’s right to privacy at section 13(3)(j) of the Charter of Rights. However, it was always known that this was insufficient since the Charter of Rights’ provisions are next to impossible to enforce against non-state actors. A specialist act that covers privacy and data protection was still necessary since it would, at a minimum, extend privacy protection to cover abuses by non-state actors, including other private citizens and commercial entities. Additionally, a substantive privacy act will likely outline in detail: the privacy rights being afforded to individuals; the reasonable limitations on those rights; and the responsibilities of those who collect and store the private information of others.


Minister Wheatley, perhaps, has these considerations in mind since he indicated that the proposed legislation will:

…govern the collection, regulation, processing, keeping, use and disclosure of certain information in physical or electronic form.

The legislation will seek to set out the rights of the individual, with respect to their personal data. This will include, for example, the right to confirm whether or not personal information or data is being processed by an organisation.”

The sooner Jamaica passes comprehensive privacy and data protection legislation, the sooner its citizens can be offered true privacy protection. Importantly too, a domestic digital economy will edge that much closer to reality.

Aslam v Uber and a few implications for Uber’s entry into Trinidad


A first-instance Court in the United Kingdom ruled in October 2016 that the relationship between ride-sharing app, Uber and its drivers was that of an employer and employee. Uber unsuccessfully contended that its drivers were merely independent contractors. The case –  Aslam v Uber BV [2017] IRLR 4 – naturally sent ripples throughout the gig-economy, given the wider implications for similar gig-apps.

One of the larger potential implications of that decision: the business model of Uber and other gig-apps will have to be adjusted to account for the fact that they now have a lot more employees. With drivers as employees and not independent contractors, it means, for example, that those drivers now enjoy entitlements like minimum wage and leave pay.

Uber, like many hugely successful internet giants, operates a multi-side platform. The basic idea is, distinct groups of users of the platform provide network benefits to each other (think of Google’s ads. Those who buy adwords aren’t the same as those who are searching on Google but both are ‘customers’ of Google). In Uber’s case, one distinct user group would be the drivers and the other, passengers. Broadly, the Aslam case, potentially means that Uber is being asked to merge its role with one of it’s target groups. In the result, Uber would be forced to abandon it’s role as a middle-man providing a two-sided market platform in favour of the less dynamic, traditional seller-to-purchaser sales model.

Another implication, albeit indirect, is that Courts in other jurisdictions may opt to follow the U.K.’s position. The result: Uber’s business model and bottom-line could be impacted far beyond the shores of England. In this prevailing context, Uber recently announced its debut in Trinidad and Tobago; a first for the Caribbean region. On the face of it, a legal development in the United Kingdom has no direct connection with what happens in the twin-island republic. However, on deeper reflection, one will recall that Trinidad and Tobago’s legal system has its roots in – and shares a common legal heritage with – the U.K. via the Common Law. This, therefore, means that decisions made in U.K. courts, while not binding on any Trinidadian court, are at least, highly persuasive. 

Another minor matter to note, Trinidad, like the U.K., has a general provision in its laws allowing for the payment of a minimum wage. See generally, the Minimum Wage Act  and the Minimum Wage Order 2015. Accordingly, on the face of the current statutory regime, any future designation of Uber as an employer, at least theoretically, opens the doors to drivers in Trinidad, like their colleagues in the Aslam case, being entitled to a minimum wage.

Before getting too far ahead of ourselves, it is important to note that Aslam v Uber is the subject of a pending appeal by Uber. Accordingly, there is no certainty that the decision of the ERT will, ultimately, stand. 

Future developments in Aslam may, ultimately, force a reworking of Uber’s business-model in a number of its markets including Trinidad and, depending on the outcome, may well see it pull out of some of those markets. Therefore, how it navigates this and dozens of related legal battles targeted at its model will likely determine the continued meteoric rise of the gig-economy juggernaut or… the beginning of its demise. 

Success! You're on my list.

Presentation: E-commerce and the Barbados Services Sector

A bit late with this one. Apologies.

In September 2017, I gave a presentation at a breakfast seminar put on by the Barbados Coalition of Service Industries. The seminar was focused on E-Commerce in Barbados and I was asked to consider legal implications.

My presentation touched on:

  1. Elements of an enabling e-commerce environment.
  2. Common barriers of e-trade + e- commerce.
  3. Opportunities for service sector firms through e-business in Barbados and other CARICOM states. 
  4. Best practices for service sector firms with successful e-commerce business models.
  5. Next steps in the advancement of e-commerce solutions.

See an excerpt which made the local news here.

Download a PDF copy of the presentation here.

Freedom Online Coalition publishes Recommendations on Cybersecurity Policy and Human Rights

Working Group 1 of the Freedom Online Coalition (“FOC”) has published a list of recommendations which it hopes will lead to cybersecurity policies which are inherently more rights respecting. These Recommendations were produced at the sixth iteration of the FOC’s annual conference in Costa Rica.

The FOC, according to its website, is “…a group of governments who have committed to work together to support Internet freedom and protect fundamental human rights – free expression, association, assembly, and privacy online – worldwide.” The FOC’s noticeably diverse membership currently stands at 30 nations and includes, among others: Agentina, Kenya, Mongolia, The United States and Canada.

The recommendations are:

  1. Cybersecurity policies and decision-making processes should protect and respect human rights.
  2. The development of cybersecurity-related laws, policies, and practices should from their inception be human rights respecting by design.
  3. Cybersecurity-related laws, policies and practices should enhance the security of persons online and offline, taking into consideration the disproportionate threats faced by individuals and groups at risk.
  4. The development and implementation of cybersecurity-related laws, policies and practices should be consistent with international law, including international human rights law and international humanitarian law.
  5. Cybersecurity-related laws, policies and practices should not be used as a pretext to violate human rights, especially free expression, association, assembly, and privacy.
  6. Responses to cyber incidents should not violate human rights.
  7. Cybersecurity-related laws, policies and practices should uphold and protect the stability and security of the Internet, and should not undermine the integrity of infrastructure, hardware, software and services.
  8. Cybersecurity-related laws, policies and practices should reflect the key role of encryption and anonymity in enabling the exercise of human rights, especially free expression, association, assembly, and privacy.
  9. Cybersecurity-related laws, policies and practices should not impede technological developments that contribute to the protection of human rights.
  10. Cybersecurity-related laws, policies, and practices at national, regional and international levels should be developed through open, inclusive, and transparent approaches that involve all stakeholders.
  11. Stakeholders should promote education, digital literacy, and technical and legal training as a means to improving cybersecurity and the realization of human rights.
  12. Human rights respecting cybersecurity best practices should be shared and promoted among all stakeholders.
  13. Cybersecurity capacity building has an important role in enhancing the security of persons both online and offline; such efforts should promote human rights respecting approaches to cybersecurity.

The recommendations are, at first blush, hard to disagree with. Of course, the proof of the pudding will be in the eating. Naturally, therefore, eyes will be trained on the FOC member states to see the degree to which they actually observe these recommendations in their future law and policy making efforts.

You may ask what the utility of any of this is If you are from a country that is not party to the FOC. The answer: in practical terms, regardless of the membership status of a country with the FOC, the recommendations represent a, somewhat, normative reference point for any nation’s policy makers. Cybersecurity-related policies which are grounded in these recommendations will, accordingly, carry an inherently greater degree of credibility when held up to the light.

The Saint Vincent Cybercrime Act which was recently passed has come in for widespread criticism based on its perceived lack of appreciation for the basic rights of Vincentians to express themselves freely in online spaces. It is not hard to imagine that the resulting legislation could have been different had its framers had the benefit of and, importantly, took on board some of the principles in, the FOC Recommendations.

Those of us in the Caribbean who are (or wish to be) involved in the law and policy development process surrounding cybersecurity issues, may therefore want to include the FOC Recommendations in our armoury going forward. This includes not just the policy crafters themselves but also other vested stakeholders, including the business community and civil society.

CANTO Code of Practice and Net Neutrality in the Caribbean


A voluntary code titled: Voluntary Code on Safeguarding the Open Internet” (”the Code”) was publicly unveiled at the recently held Caribbean Association of National Telecommunication Organizations (“CANTO”) meeting in San Juan, Puerto Rico. The Code’s stated objective indicates that:

“The Code is in response to concerns brought forward by operators about consumer rights in accessing content over the internet. The Code seeks to balance consumer rights and responsibilities with the availability of flexible network management tools for operators. The wider objective of the Code is to provide a framework for operators across the Caribbean Region to collectively address the issue of Net Neutrality. ”

Net neutrality can be defined as the principle that all internet traffic should be treated equally. Where internet traffic passing through a network is not treated equally by the operator of that network, this amounts to data discrimination. 

Barack Obama, the United States President (who has an entire section of the White House website dedicated to Net neutrality) had this to say on the virtues of an open internet:

An open Internet is essential to the American economy, and increasingly to our very way of life. By lowering the cost of launching a new idea, igniting new political movements, and bringing communities closer together, it has been one of the most significant democratizing influences the world has ever known.

“Net neutrality” has been built into the fabric of the Internet since its creation — but it is also a principle that we cannot take for granted. We cannot allow (ISPs) to restrict the best access or to pick winners and losers in the online marketplace for services and ideas…


Within the past 4 years, the notion has gained increased importance globally and has even seen some countries including Chile, Slovenia, the Netherlands, Brazil and Guyana passing legislation to protect end-users against breaches of the principle by Internet service providers (ISPs). 

 Against this backdrop, the fact that ISPs in the region have voluntarily sought to observe a code in support of net neutrality is laudable.

Already, a number of ISPs operating in the region have signed on to the Code which has at its core, the following policy statement:

“CANTO and its members support the concept of the open internet and the general principle that legal content, applications and services, should not be blocked. ”

The Code’s objective is to secure the open internet by observing net neutrality. This is a rather noble ideal, especially when expressed by a collective of ISPs – the very parties most likely to breach net neutrality principles. 

While supporting net neutrality is admirable, CANTO’s approach to achieving this end will likely see a divergence of views on the acceptability of the Code in its current form. Members of the business community and civil society actors in the region may have pause to be suspicious of the intent of the Code, when the details of the Code are brought into sharper focus .

Lawful and Legal

The Code repeatedly refers, throughout its three pages, to “lawful” or “legal” content, applications and services as a precursor to its signatories’ observation of net neutrality. However, the words are not defined in the document. This raises two sets of challenges for correctly understanding the placement of the phrases in the Code.

In the first instance, the potential implications of a repeated assertion that your obligation as an internet provider is to only allow ‘legal’ or ‘lawful’ content to be accessed in an unfettered manner are: 1. as an internet provider, you do not intend to allow unlawful content to be accessed via your connection and/or 2. You will allow unlawful content to be accessed, but, in a fettered manner.

The second challenge, which follows from the first is that an internet provider’s assertion that its net neutrality obligations are limited to allowing ‘legal’ or ‘lawful’ content to be accessed in an unfettered manner is that it begs the questions: Who gets to determine what is ‘legal’? What is that party’s definition of ‘legal’? In any event, how will a determination of lawfulness/legality be made?

This feature has been picked up by other observers as well. For e.g. ICT-Pulse notes:

“First, throughout the document it is continually emphasised that legal, lawful content, applications and services should not be blocked. However, should an operator be of the view that a particular service (for example) is illegal, does it go ahead and block it, or should that matter be first decided by a third party, such as the local telecoms regulator or the courts?”

In fairness to the regional ISPs, another side to this aspect of the debate does exist. It could be argued, with some merit, that the Code’s preoccupation with lawful content is merely reflective of existing globally accepted standards.

Consider the following two examples:

  • The FCC’s Open Internet Order at Appendix A, p203 reads: “A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not block lawful content, applications, services, or non-harmful devices, subject to reasonable network management.
  • The NetMundial Statement is widely regarded as the only statement of principles in respect of the internet which has, to date, received widespread acceptance from different stakeholders in the global internet community. Upon closer scrutiny, the NetMundial Statement also adopts language that accords a differentiated status to ‘lawful’ content. The relevant section of that statement reads: “[The] Internet should continue to be a globally coherent, interconnected, stable, unfragmented, scalable and accessible network-of-networks, based on a common set of unique identifiers and that allows data packets/information to flow freely end-to-end regardless of the lawful content.

Notably, in neither of the two examples is the phrase “lawful content” defined. Accordingly, it would not be without merit for the signatories to the CANTO Code to argue that qualifying their commitment to net neutrality by the insertion of references to ‘lawful/legal content’ in the Code is neither without precedent or unfounded in the current prevailing global context.

The Code doesn’t cover the full scope of net neutrality ills

The Code’s policy objective is directed at the internet service providers’ abstention from blocking content. On the face of it, this seems to be a deficient objective since the principle of net neutrality is not only breached when an internet provider blocks content. The neutrality of a network can also be eroded by any act of a network intermediary that distorts or impacts the integrity of the data passing between the provider of information on the internet and the end-user wishing to access it. So for instance, when data passing through the network is throttled or, where the network operator opts to implement some form of paid prioritisation of traffic, the principle of net neutrality will have been breached.

To the extent that the Code does not explicitly address other well-known means of interfering with net neutrality as a policy objective, it is open to reasonable interpretation that the exclusion of other means of interference with net neutrality was an oversight on the part of the framers of the Code. Alternatively, it may be interpreted that the Code was expressly crafted to allow ISPs in the Caribbean free rein to, for example, throttle their networks as they see fit.

If the exclusion of other forms of impinging on the neutrality of networks was an oversight, then clearly, the deficiency needs to be addressed. However, if the latter interpretation is accurate and the exclusion was deliberate, then from the perspective of tech entrepreneurs with web-based offerings, this may be a legitimate basis for concern.

If, for instance, a telecoms provider decides to throttle data associated with the service offerings of those entrepreneurs then this grey area may be problematic. Equally, if the ISPs decide to implement a paid prioritisation scheme, it then means that early stage “techtrepreneurs”, without significant funding. will probably not be in a position to effectively compete with more entrenched competitors who can afford to pay to have their data transmitted to regional end users. This could potentially have a strangling effect on the development of a thriving technology-focused entrepreneurial environment in the region.

For the purpose of clarity, the stated objective of the Code may require some revising.

Safeguarding the Internet on whose behalf?

The Code positions itself as an attempt by the signatories to safeguard the open internet. The open internet, by definition, is a neutral network. Therefore, in teleological terms, a code in support of the ideals of net neutrality which seeks to place terms and conditions on the manner in which a party embraces net neutrality is, inherently, antithetical to the notion of net neutrality itself. I would therefore not be surprised if astute civil society advocates zeroed in on this fact.

Civil society actors in the region will not be the only ones viewing this latest move with some consternation. The code of practice may also give pause to technology-focused business interests whose products may compete with value added offerings of signatories to the Code. Such fears would not be without foundation in recent experiences. The clear example: the blocking of over the top (”OTT”) VOIP traffic by several internet providers [link]. This has implications for the supra-national OTT services who probably would not care too much but more importantly, indigenous developers of web apps who stand to suffer a similar fate.

Arguably, the Code’s reference in the title to “safeguarding the internet” is therefore, really not an expression of a broad-based desire to secure the internet with the interests of all the relevant various stakeholders in mind.  


One potential outcome of the CANTO Code might be what amounts to a de-facto legitimisation of future efforts of the regional ISPs to stamp out OTT competitors to their own product offerings. It is one thing to take a course of action perceived to be draconian (such as taking a unilateral decision to block Viber, Skype and other OTT VOIP applications). Its quite another to justify that same course of action against an objective framework such as the Code. In this way, the Code could serve to remove the sense of ultimate responsibility of any one regional internet provider for any of their future actions in response to the perceived threat of OTT applications – in its stead, a cloak of collective responsibility that spreads across all the signatories to the Code.

Also, it would appear that net neutrality is becoming more of a meaningful consideration for Caribbean society – certainly at the governmental level. This is borne out by the slew of recent legislative and policy activity throughout the region which expressly addresses the open internet. Some examples include the proposed

Eastern Caribbean Telecommunications Authority (ECTEL) regulations; the recent passage of the Telecommunications Act in Guyana; and the Jamaican Government’s stated support for net neutrality.

If these movements are signalling the beginning of larger region-wide move towards legislating for the protection of net neutrality, this could translate into a scenario where, as in the case of ECTEL, civil society and other actors may have inputs into the drafting of regulations. Consequently, it could also mean that more enforcement mechanisms with teeth may result and, certainly, more genuinely rights-respecting provisions may be put in place. Such a restricting regulatory environment is not ideal for ISPs looking to benefit from the lack of restrictions on their ability to take appropriate actions to protect their investments.

In this prevailing context,  the Code may be viewed as a preemptive strike against the imposition of further regulatory constraints by regulators in the region.  If the ISPs, especially in a unified manner, can point to the existence of a pre-existing means of self-regulation via soft law that fills the erstwhile vacuum, it may lessen the impetus of regional regulators to step into the fray.


From the perspective of legislators in the region, it may be necessary to begin questioning whether the self-imposed code by ISPs is sufficient to protect the rights of netizens in the West Indies.

More broadly, there seems to be sufficient scope for a larger discussion of what, if anything, net neutrality actually means to us in the Caribbean and what our collective response, irrespective of our stakeholder grouping, ought to be.

This response must take into consideration that a completely neutral network is, perhaps, more grounded in an ideal than in reality. As exemplified by the FCC Order, even the most pro-net neutrality regulatory agencies, when attempting to regulate net neutrality, have

expressly recognised that exceptions must exist. 

In the Caribbean, it may be that too much of the debate surrounding net neutrality has progressed on false parameters – those adopted from first world countries who based the debate on their circumstances. In other words, are we, in the tradition of V.S. Naipaul, being mimic men in respect of how we are even framing this conversation? After, all, low per capita income and low rates of internet penetration are not issues that, say, most Western European or North American states have to factor when considering net neutrality. Accordingly, how we in the Caribbean conceive of regimes to deal with net neutrality may have to differ from those examples as well.

A good example of a nuanced approach to legislating for net neutrality, while taking into account the country’s particular circumstances, is the Marco Civil in Brazil [mirror]. In the Marco Civil, only two exceptions to net neutrality are allowed: technical requirements essential to the adequate provision of services and applications; and prioritization of emergency services. In a first world state with predominantly high speed fibre optic connections to the network and multiple, overlapping networks for data to flow on, there may well be no need to prioritise the network traffic of emergency services. However, in a developing world context where the quality of networks and available speeds are a live issue, this would clearly be a relevant basis for legislating an exception to the rule. 

It would seem that the key consideration is: when legislative or policy positions are being adopted in the Caribbean, what exceptions to the net neutrality principles should we be willing to collectively accept as valid input considerations, given the particular country’s circumstances? 

When framed in this way, the Code may be viewed as the ISPs placing their view on the table as a

constituency grouping. In keeping with the multi-stakeholder model which has been the bedrock of global internet policy and governance decision making, it may now be time for end-users, civil society, regional NGOS, the business constituency and individual Caribbean Governments to share their vision of what net neutrality in a Caribbean context should look like.