Regional cohesion can assist regulatory certainty

Having organised events in 17 countries over the last 20 years, we at Privacy Laws & Business are well positioned and honoured to be working on Privacy Law Developments in the Caribbean Community.

This introductory event of the five-day Global Privacy Assembly (GPA) which will be held in Bermuda on Sunday 15 October will be livestreamed, together with all the other open sessions, and subsequently available free of charge on the Bermuda Privacy Commission’s YouTube channel.

PL&B’s Caribbean session will be the only one during the conference to focus on a specific region. The other sessions will cover the Data Protection Authorities’ wider issues, such as what privacy law is aiming to achieve, how to deal with harmful events and consequences, financial services, Artificial Intelligence and many other topics.

PL&B’s Editor, Laura Linkomies, and I were delighted to be invited to moderate this panel of Caribbean speakers. It happened after a conversation in Istanbul at last year’s GPA, with Alex White, the Bermuda Privacy Commissioner (easily visible as the only person wearing Bermuda shorts!) where we proposed the idea of this regional panel. From his perspective, Bermuda, geographically some distance from the other Caribbean countries, has a Mid-Atlantic position, drawing inspiration both from the European respect for individual rights to privacy and the United States influenced free-market, business-friendly approach.

Of course, Bermuda, as a small island jurisdiction has many common interests with the other Caribbean jurisdictions. The bringing together of our panel session speakers from Bermuda, the Bahamas, Barbados and Jamaica will help share knowledge of these countries’ data protection laws and implementation with the wider world and also help create a degree of regional cohesion, cooperation and synergy for mutual benefit and clarity for businesses needing to know commonalities and differences.

The speakers have backgrounds in law, money laundering regulation, compliance, the finance industry and other sectors, and so bring wide-ranging practical experience to their roles. The Caribbean region has a majority (24 out of 32 jurisdictions) with general purpose privacy laws, the most recent in Grenada in May this year.

Most of the Caribbean Data Protection Commissioners will be meeting each other for the first time. It’s a win-win for them and the business communities they regulate. They may follow the example of other regional DPA groups, for example, in the Nordic region and Latin America which have led to a more harmonised approach and regulatory certainty for companies.

A predictable regulatory environment

A predictable regulatory environment is the ideal business consensus. That is why most companies that we speak to would prefer the United Kingdom to keep within the European Union GDPR. They see planning for a separate data protection law regime for the UK as a burden rather than a benefit. Political factors will always dominate bilateral and regional relationships, such as those driving the EU-US Data Privacy Framework and the UK-US Data Bridge.

New opportunities in the Middle East

In the Middle East, new economic realities and opportunities have undoubtedly energised the development of data protection laws in the Dubai International Finance Centre, Abu Dhabi, Egypt and now Saudi Arabia reflecting a very different political culture from that in Europe. Compare the speed of Saudi Arabia’s adoption of its law with India’s which has been discussing legislation for nearly 20 years! Meanwhile, longer established data protection laws in the region continue to develop and adapt to European Union influenced trends, as in Morocco and Israel.

The future for regional cooperation

While no-one expects harmony in the Middle East to rival that in Europe, the Nordic and Latin American regions, there is surely scope for exchanges of regulators’ privacy law knowledge, experience, and best practices on a Middle East regional basis.

Change can sometimes happen more quickly than you may suppose. While this might seem rather optimistic, I was present in Berlin at the Data Protection Commissioners’ Conference (the former name for the GPA) in Germany’s old Reichstag building in 1989, when Austria’s Data Protection Commissioner, the late Dr Walter Dohr, spoke enthusiastically about the potential for Western style data protection laws in Eastern Europe led by Hungary. At the time, most of the audience probably regarded this as an unrealistic target. But within a few weeks the Berlin Wall came down, and this vision turned over the next few years into reality.

It would be pleasing to think that our Caribbean session in Bermuda this month could be an inspiration for other regions, either as a stand-alone event or as part of a broader regional trade initiative.

Best regards,

Stewart Dresner
Publisher, Privacy Laws & Business

October 2023

News & Blogs

October 2023 Report Contents