Bermuda Accredited as Member of Global Privacy Assembly
In addition to hurricanes Paulette and Teddy, there has been a whirlwind of international events in the privacy space. Highlights include PrivCom's accreditation in the Global Privacy Assembly, invitations to speak and attend Asian, Commonwealth, and worldwide regulatory forums and other events.
Our headline news is that as of 22 September 2020, the Office of the Privacy Commissioner for Bermuda has been accredited as a member of the Global Privacy Assembly (GPA) with full voting rights.
As a member of GPA, Bermuda joins more than 130 data protection and privacy authorities from around the world, with an equal voice to participate in working groups and vote on joint resolutions.
The Office of the Privacy Commissioner (PrivCom) engages with its international counterparts to enhance Bermuda's reputation as a regulatory leader and to ensure that its guidance and actions are consistent with standards and best practices around the world.
Individuals benefit from this engagement because their privacy rights are interpreted according to the high standards of global consensus.
Organisations benefit because our guidance reflects consensus best practices and our regulatory actions become interoperable standards that suit multiple jurisdictions, promoting consistency and reducing compliance costs.
In recent weeks, PrivCom was invited to present or has organised presentations for several international working groups and non-governmental organisations.
On 9 September 2020 [Singapore-time / evening 8 Sept., Bermuda-time], the Asia Pacific Privacy Authorities (APPA) hosted a virtual meeting focusing on, as PDPC Commissioner Chuen Hong Lew put it, the "need to anticipate and address the role of data protection in a post-COVID world. Economic survival and recovery are foremost on the minds of business owners and policymakers alike. To remain relevant, the way data protection authorities administer data protection regulations should support this imperative.”
As part of this meeting, members shared local experiences from recent months. Since PrivCom participates as an APPA Observer, Commissioner White was invited to share how our office participated in privacy topics related to Bermuda's COVID-19 response. (Note: This session was a dialogue, and since there were no scripted remarks, a script is not reproduced here.)
On 9 September, the Common Thread Network held its quarterly meeting and featured a presentation organised by Commissioner White on digital identity frameworks, as well as discussion of specific local issues, such as the Economic Commission for Latin America and the Caribbean (ECLAC)'s recently-announced study on regional data protection legislation.
On 15 September, the US-based Center for Democracy & Technology (CDT) hosted its annual "Tech Prom," an event for "VIP speakers from government, civil society, academia, and industry" to engage in conversations on key issues in tech policy. Held virtually this year, Commissioner White was invited to attend a question-and-answer breakout session with sitting Federal Trade Commission commissioners on their agency's 2021 agenda.
On 16 September 2020, the Organisation for Economic Co-operation and Development (OECD) Working Party on Data Governance and Privacy and the Global Privacy Assembly (GPA) jointly hosted a virtual workshop titled, "The road to recovery: Lessons learned and challenges ahead," which Commissioner White attended to represent PrivCom alongside colleagues from dozens of regulatory counterparts.
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.
Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.
The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).
The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom also works to raise awareness and educate the public about privacy risks, and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.
Alexander White (Privacy Commissioner) was appointed by His Excellency the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.
Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).
"Personal information" or data is a defined term in PIPA that means any information about an an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)
"Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."
About PrivCom's international engagement: The Office of the Privacy Commissioner engages with its international counterparts to enhance Bermuda's reputation as a regulatory leader and to ensure that its guidance and actions are consistent with standards and best practices around the world. Individuals benefit from this engagement because their privacy rights are interpreted according to the high standards of global consensus. Organisations benefit because our guidance reflects consensus best practices and our regulatory actions become interoperable standards that suit multiple jurisdictions, promoting consistency and reducing compliance costs. Details on the various organisations and bodies may be found on our International Engagement page.