Jamaica adopts a post-GDPR data privacy law
Graham Greenleaf asks whether Jamaica’s law is strong enough to mark the start of a different direction for data privacy in the Caribbean.
Jamaica’s Data Protection Act 2020(1), enacted on 19 May but not yet in force, provides for a transitional period of two years. The Jamaican Information Commissioner, once appointed, should be influential in the region, at least within the anglophone Caribbean.
There are now 15 Caribbean data privacy laws: the Bahamas (2003), St Vincent & Grenadines (2003), BES Islands (the Netherlands municipalities of Bonaire, Sint Eustatius and Saba) (2010), Curaçao (2010), St Maartens (2010), Aruba (2011), St Lucia (2011), Trinidad & Tobago (2011), Dominican Republic (2013), Antigua & Barbuda (2013), Bermuda (2016), the Cayman Islands (2017), Saint Kitts & Nevis (2018), Barbados (2019), and Jamaica (2020).(2) Five jurisdictions’ laws (Aruba, Curaçao, St Maartens, Trinidad & Tobago, and St Vincent & Grenadines) are not yet in force, despite being enacted in 2013 or earlier.