To help raise awareness of the efforts of the Caribbean Community (CARICOM) to promote economic integration and cooperation among its members, the Office of the Privacy Commissioner (PrivCom) recognises CARICOM Day on July 4th. This year marks the 48th anniversary of the 4 July 1973 signing of the Treaty of Chaguaramas.
Bermuda is an Associate Member of CARICOM, and since October 2020, our office has participated in CARICOM Working Groups, including the Information, Communications, and Technology for Development (ICT4D) effort.
Other regions, such as Europe and the Asia-Pacific, have seen significant economic and human rights benefits from consistent privacy and data protection laws and regulation. Our office supports such efforts in the Greater Caribbean. For example, CARICOM's recent project on harmonisation of ICT policies, legislation and regulatory procedures in the Caribbean (HIPCAR) produced templates and model laws on privacy and data protection and other topics.
There is enormous potential to be found in developing common data protection standards throughout CARICOM: a digital common market consists primarily of data flows, so common data protection standards would present opportunities for efficiencies for Caribbean businesses and for general economic growth as barriers to trade are reduced. Further, citizens would gain a consistent level of protection for their privacy and information rights, and independent public oversight bodies (like this office) will be better able to co-operate to protect those rights efficiently and effectively.
As one can tell by visiting our International Engagement page, it has become more common for privacy rights regulators to collaborate across jurisdictions. Regional venues such as the European Data Protection Board (EDPB) or APEC Cross-border Privacy Enforcement Arrangement (CPEA) allow for co-ordinating action and standardising regulations.
As CARICOM jurisdictions pass more privacy laws and our regulatory counterparts increase in number, we too would benefit from a permanent forum for data protection and privacy authorities to meet, determine procedures of co-operation, and set up mechanisms for ensuring consistency in enforcement and managing joint investigations.
CARICOM's HIPCAR project identified Key Principles for privacy and data protection, supported by OECD and European precedent. Such principles could be an invaluable foundational element as authorities establish mutual understanding and identify the benefits to be gained by common CARICOM rules and co-ordination. In the long term, members could develop regional standards to implement at the country level based upon this fundamental agreement about the nature of privacy issues.
These are still early days - but, should there be a consensus among CARICOM members to pursue such regional standards or mechanisms for independent public oversight bodies to engage and co-ordinate, our office would whole-heartedly embrace such efforts.
Alexander McD White
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.
Rights and responsibilities relating to data privacy are set out in the Personal Information Protection Act 2016 (PIPA). Bermuda's PIPA received Royal Assent on 27 July 2016. Sections relating to the appointment of the Privacy Commissioner were enacted on 2 December 2016, including the creation of the Office as well as those duties and powers relevant to its operation in the period leading up to the implementation of the whole Act. The Commissioner works to facilitate the advancement of consequential amendments to other Acts in order to harmonise them with PIPA.
The Office of the Privacy Commissioner for Bermuda (PrivCom) is an independent supervisory authority established in accordance with the Personal Information Protection Act 2016 (PIPA).
The mandate of the Privacy Commissioner is to regulate the use of personal information by organisations in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for organisations to use personal information for legitimate purposes, among other duties.
The Privacy Commissioner's powers and responsibilities include monitoring the processing of personal information by both private- and public-sector organisations, investigating compliance with PIPA, issue guidance and recommendations, liaise with other enforcement agencies, and advise on policies and legislation that affect privacy. PrivCom also works to raise awareness and educate the public about privacy risks, and to protect people’s rights and freedoms when their personal data is used. The general powers of the Privacy Commissioner are outlined in Article 29 of PIPA.
Alexander White (Privacy Commissioner) was appointed by Excellency the Governor, after consultation with the Premier and Opposition Leader, to take office on 20 January 2020.
Privacy is the right of an individual to be left alone and in control of information about oneself. In addition to the protections in PIPA, the right to privacy or private life is enshrined in the United Nations' Universal Declaration of Human Rights (Article 12) and the European Convention of Human Rights (Article 8).
"Personal information" or data is a defined term in PIPA that means any information about an identified or identifiable individual. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. "Sensitive personal information" is a defined term in PIPA that includes information relating to such aspects as place of origin, race, colour, sex, sexual life, health, disabilities, religious beliefs, and biometric and genetic information. (Note: This is not a complete list.)
"Use" of personal information is a defined term in PIPA that means "carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it."