DOCSLIB.ORG

Creating an Enabling Environmento for E-Government and the Protection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Creating an Enabling Environmento for E-Government and the Protection ISSN 1728-5445 SERIES STUDIES AND PERSPECTIVES 94 ECLAC SUBREGIONAL HEADQUARTERS FOR THE CARIBBEAN Creating an enabling environment for e-government and the protection of privacy rights in the Caribbean A review of data protection legislation for alignment with the General Data Protection Regulation Amelia Bleeker Thank you for your interest in this ECLAC publication ECLAC Publications Please register if you would like to receive information on our editorial products and activities. When you register, you may specify your particular areas of interest and you will gain access to our products in other formats. www.cepal.org/en/publications ublicaciones www.cepal.org/apps ECLAC - Studies and Perspectives series-The Caribbean No. xxx Trade integration and production sharing... 1 94 Creating an enabling environment for e-government and the protection of privacy rights in the Caribbean A review of data protection legislation for alignment with the General Data Protection Regulation Amelia Bleeker This document was prepared by Amelia Bleeker, Associate Programme Management Officer of the Caribbean Knowledge Management Centre (CKMC) of the Economic Commission for Latin America and the Caribbean (ECLAC) subregional headquarters for the Caribbean. The views expressed in this document, which has been reproduced without formal editing, are those of the author and do not necessarily reflect the views of the Organization. United Nations publication ISSN: 1728-5445 (electronic version) ISSN: 1727-9917 (print version) LC/TS.2020/126 LC/CAR/TS.2020/4 Distribution: L Copyright (c) United Nations, 2020 All rights reserved Printed at United Nations, Santiago S.20-00657 This publication should be cited as: A. Bleeker, “Creating an enabling environment for e-government and the protection of privacy rights in the Caribbean: a review of data protection legislation for alignment with the General Data Protection Regulation”, Studies and Perspectives series-ECLAC Subregional Headquarters for the Caribbean, No. 94 (LC/TS.2020/126- LC/CAR/TS.2020/4), Santiago, Economic Commission for Latin America and the Caribbean (ECLAC),2020. Applications for authorization to reproduce this work in whole or in part should be sent to the Economic Commission for Latin America and the Caribbean (ECLAC), Publications and Web Services Division, [email protected]. Member States and their governmental institutions may reproduce this work without prior authorization but are requested to mention the source and to inform ECLAC of such reproduction. ECLAC - Studies and Perspectives series-The Caribbean No. 94 Creating an enabling environment... 3 Contents Abstract ................................................................................................................................................ 5 Introduction ......................................................................................................................................... 7 I. Background ............................................................................................................................... 9 A. Data protection, sharing and the development of e-government in the Caribbean ............ 9 B. The right to privacy in the digital age ................................................................................ 11 C. International and regional instruments and frameworks protecting the right to privacy .... 13 D. Key features of and interplay between data protection, sharing and related laws ............. 15 E. The European Union’s General Data Protection Regulation (GDPR) .................................. 18 1. Material and territorial scope ..................................................................................... 18 2. Key protections and features of the GDPR ................................................................. 19 3. Facilitating data flows and trade between EU and Caribbean countries ..................... 22 4. Last word on data protection? ................................................................................... 24 F. Research methodology ..................................................................................................... 25 II. Analysis of data protection legislation of select Caribbean countries.................................... 27 A. Overall findings ................................................................................................................. 27 B. Antigua and Barbuda ......................................................................................................... 28 1. Areas of non-alignment with the GDPR .....................................................................29 2. Main findings ............................................................................................................. 30 3. Summary of recommendations ................................................................................. 34 C. The Bahamas .................................................................................................................... 35 1. Areas of non-alignment with the GDPR ..................................................................... 35 2. Main findings ............................................................................................................. 37 3. Summary of recommendations ................................................................................. 42 D. Barbados ........................................................................................................................... 43 1. Areas of non-alignment with the GDPR ..................................................................... 43 ECLAC - Studies and Perspectives series-The Caribbean No. 94 Creating an enabling environment... 4 2. Main findings ............................................................................................................. 44 3. Summary of recommendations .................................................................................46 E. Belize ................................................................................................................................ 47 1. Areas of non-alignment with the GDPR ..................................................................... 47 2. Main findings .............................................................................................................49 3. Summary of recommendations ................................................................................. 53 F. Cayman Islands ................................................................................................................. 54 1. Areas of non-alignment with the GDPR ..................................................................... 54 2. Main findings ............................................................................................................. 56 3. Summary of recommendations .................................................................................60 G. Jamaica ............................................................................................................................. 61 1. Areas of non-alignment with the GDPR ..................................................................... 61 2. Main findings .............................................................................................................62 3. Summary of recommendations ................................................................................. 67 III. Recommendations.................................................................................................................. 69 A. Align national data protection legislation with the GDPR in order to guarantee privacy rights, support e-government and facilitate cross-border data flows and sharing ............. 69 B. Facilitate public and private sector information sharing through creating clear guidance and incentives for sharing ............................................... 72 C. Ensure data protection legislation adequately balances the right to privacy with press freedoms and freedom of expression................................................................ 73 D. Enable effective domestic and cross-border enforcement of Caribbean data protection laws through cooperation and adequate resourcing of supervisory authorities....... 75 E. Introduce independent oversight and safeguards to limit exercise of broad exemptions and exceptions to data protections .................................................. 77 Bibliography ....................................................................................................................................... 79 Annex ................................................................................................................................................. 83 Annex 1 .............................................................................................................................................. 84 Studies and Perspectives-The Caribbean Series: issues published. ......................................................89 Tables Table 1 Data protection, sharing and related legislation of Caribbean countries and territories .... 15 Table 2 Key features and protections in the General Data Protection Regulation (GDPR) ...... 19 Table 3 Alignment of selected data protection laws with the GDPR ....................................... 28 Table 4 Alignment of Antigua and Barbuda’s legislation with the GDPR ................................29 Table 5 Alignment of the Bahamas’
Load more

Recommended publications
  • ICO – Privacy Impact Assessment Handbook
    Using this handbook Part 1 – Background information Part 2 – The PIA process Appendix 1 – The PIA screening questions Appendix 2 – Data protection compliance checklist template Appendix 3 – PECR compliance checklist template Appendix 4 – Privacy strategies Using this handbook Back to ICO homepage Advice on using this handbook Because organisations vary greatly in size, the extent to which their activities intrude on privacy, and their experience in dealing with privacy issues makes it difficult to write a ‘one size fits all’ guide. The purpose of this handbook is to be comprehensive. It is important to note now that not all of the information provided in this handbook will be relevant to every project that will be assessed. The handbook is split into two distinct parts. Part I (Chapters I and II) are designed to give background information on the privacy impact assessment (PIA) process and privacy. Part II is a practical “how to” guide on the PIA process. The handbook’s structure is intended to enable a reader who is knowledgeable about privacy to quickly start working on the PIA. Background information on privacy and PIAs is provided for other readers who would like some general information prior to starting the PIA process. It is also important to note that some of the recommendations in this handbook may overlap with work which is being done to satisfy other requirements, such as information security and assurance, other forms of impact assessment or requirements to carry out broader consultations during the development of a project. A PIA does not have to be conducted as a completely separate exercise and it can be useful to consider privacy issues in a broader policy context.
    [Show full text]
  • Leadership Letter for Global MIL
    Consortium for Media Literacy Volume No. 115 Quarter 1, 2020 Leadership Letter for Global MIL The World According to Data: Taking a Look behind 02 the Marketing Machines Today, marketers know intimate details about consumers. If marketing companies are using heuristics – or patterns of behavior – to sell products and services, we need to provide everyone with heuristics, or habits of mind, to filter the media messages and be better equipped to decide for ourselves. Research Highlights 03 CML is pleased to introduce two outstanding national leaders in the data protection movement: Brittany Kaiser, co-founder of the OwnYourData Foundation and primary subject of the documentary The Great Hack, and Alistair Mactaggart, chair of Californians for Consumer Privacy, which is a force behind the California Consumer Privacy Act (CCPA). CML News 14 CML bids Charlie Firestone, head of the Communications and Society Program at the Aspen Institute, congratulations upon his retirement. Media Literacy Resources 15 Brittany Kaiser’s work is featured in Targeted, a book she authored, and in the Great Hack, a documentary available through Netflix. Med!aLit Moments 16 Sleeping Giant Middle School in Livinston, Montana, was treated to a scavenger hunt that focused on media literacy. CONNECT!ONS / Med!aLit Moments • Quarter 1, 2020 • 1 The World According to Data: Taking a Look behind the Marketing Machines The voice accorded to everyday citizens, and the data that having such voice through social media and through websites yields have upended the advertising, public relations and marketing fields. Today, marketers know intimate details about consumers – details garnered through location tracking, DNA testing, health records, and Tik Tok, among others.
    [Show full text]
  • Spotlight On… Protection of Sensitive Data Including Personal Information
    Spotlight On… Protection of Sensitive Data including Personal Information Purpose On Sept. 7, 2017 media reports indicated that a large American credit score bureau had been breached, exposing the personal information of millions of consumers in the U.S. and in the U.K. and potentially affecting 8,000 individuals in Canada. On November 28, 2017 the Canadian arm of this U.S. company posted information on its website indicating that an additional 11,670 Canadians had been affected by the breach, bringing the total number of Canadians affected to about 19,000. In response to CCIRC partner questions concerning this event, this product provides information on what organizations can do to reduce the risk of sensitive data, such as personal information, being exfiltrated from their organization. Information in this note includes: . The Canadian statutory definitions of personal information . Upcoming regulatory changes to data breach reporting in Canada . Examples of reported breaches of Canadian personal information . Tactics, techniques, and procedures employed to target Canadian personal information . Tips for safeguarding sensitive information . Advice from the Royal Canadian Mounted Police (RCMP) for individuals who believe their personal information may have been compromised What is “Personal Information”? According to the Office of the Privacy Commissioner of Canada (OPC), these are the statutory provisions relevant to the meaning of “Personal Information” in Canada: Section 2(1) of the Personal Information Protection and Electronic Documents
    [Show full text]
  • The Great Hack - Netflix Documentary Review
    The Great Hack - Netflix documentary review The Great Hack is a documentary discussing the ideas of how data and user actions on devices can create individual profiles of you and how companies can use these profiles and personality traits based on a user actions to target you on advertisements that are specifically for that type of character and drive persuasion. This is much more effective than randomly sending adverts to random users. The documentary focuses on a company that does this called Cambridge Analytica which is the worlds leading data driven communications company and David Carrol an associate professor who wokred on exposing this companies unethical and illegal ways of gaining access to users data and using it to drive votes for specific campaigns. Cambridge Analytica played a big part in the 2016 Presidential campaign. They spent 6 months sending surveys to users which were designed to create and find personailty profiles which were then sent back and would be targeted videos and other propaganda through media. This could be a video that would pop up on a persons recomended page on youtube which could be spreading shame to Hilary Clinton in this case and therefore drive the user to vote for Trump. Further on during the documentary, you are introduced to Carole Cadwalladr who was the investigative jounarlist for the Guardian. She investigated Cambridge Analytica and how it tied to the Brexit campaign. Other students should watch this as it gives you an incite on how big and important data can be and be used and manipulated and it one of the big reasons why actions like Brexit and Trump becoming president are in place today.
    [Show full text]
  • The Great Hack Teacher's Notes B1
    The Great Hack Teacher’s Notes B1 Shine Bright 1re File 13 Digital democracy Objectifs AXE DU PROGRAMME : Citoyenneté et mondes virtuels / Espace privé et espace public OBJECTIFS LINGUISTIQUES : Grammaire : hypothétiques, auxilaires de modalité, expression du but, causatives Lexique : internet, les réseaux sociaux. OBJECTIFS PRAGMATIQUES : expression en continu OBJECTIFS CULTURELS : le scandale Facebook/Analytica OBJECTIF METHODOLOGIQUE : émettre des hypothèses, donner son avis personnel, comprendre un texte ironique Présentation du document INFORMATIONS SUR LE DOCUMENT Le File 13 “Digital democracy” interroge la Great Hack réalisé par Karim Amer and Jehane façon dont internet s’invite dans l’exercice Noujaim et disponible sur Netflix depuis le / de la démocratie aux États-Unis. La page mois de juillet 2019. Ce film est une enquête “Online threats to democracy” aborde au cœur du “data crime” et des ramifications notamment le fait que les réseaux sociaux du scandale Facebook-Cambridge Analytica. peuvent représenter un danger pour leurs C’est bien de l’érosion de la démocratie utilisateurs, en présentant le scandale dont il est question ici à travers l’analyse de autour de l’utilisation de data de comptes l’exploitation de données personnelles à des Facebook par Cambridge Analytica pour fins politiques. tenter d’influencer des électeurs en 2016 lors Le document sélectionné ici est l’adaptation des élections présidentielles américaines et d’une interview des deux réalisateurs qui le referendum sur le Brexit. C’est ce même évoquent les raisons du choix de ce scandale thème qui est repris dans le documentaire The pour explorer le rôle politique d’internet. www.speakeasy-news.com - August 2019 B1 The Great Hack Teacher’s Notes 1 PISTES D’EXPLOITATION 1.
    [Show full text]
  • Annual Privacy Report
    U.S. DEPARTMENT OF JUSTICE ANNUAL PRIVACY REPORT THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER AND THE OFFICE OF PRIVACY AND CIVIL LIBERTIES OCTOBER 1, 2016 – SEPTEMBER 30, 2020 1 (MULTI) ANNUAL PRIVACY REPORT MESSAGE FROM THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER I am pleased to present the Department of Justice’s (Department or DOJ) Annual Privacy Report, describing the operations and activities of the Chief Privacy and Civil Liberties Officer (CPCLO) and the Office of Privacy and Civil Liberties (OPCL), in accordance with Section 1174 of the Violence Against Women and Department of Justice Reauthorization Act of 2005. This report covers the period from October 1, 2016, through September 30, 2020. The Department’s privacy program is supported by a team of dedicated privacy professionals who strive to build a culture and understanding of privacy within the complex and diverse mission work of the Department. The work of the Department’s privacy team is evident in the care, consideration, and dialogue about privacy that is incorporated in the daily operations of the Department. During this reporting period, there has been an evolving landscape of technological development and advancement in areas such as artificial intelligence, biometrics, complex data flows, and an increase in the number of cyber security events resulting in significant impacts to the privacy of individuals. Thus, the CPCLO and OPCL have developed new policies and guidance to assist the Department with navigating these areas, some of which include the following:
    [Show full text]
  • Hacking the Electorate
    Hacking the Electorate On the Use of Personal Data in Political Campaigning www.kas.de Legal notice Publisher: Konrad-Adenauer-Stiftung e. V. 2020, Berlin Cover photo: © iStock/Orbon Alija Chapter marker: p. 10 © Adobe Stock/Gorodenkoff; p. 28 © Adobe Stock/Alexander; p. 38 © Shutterstock/mrmohock Design and typesetting: yellow too, Pasiek Horntrich GbR The print edition of this publication was printed by copy print Kopie & Druck GmbH, Berlin. Printed in Germany. Produced with financial support from the Federal Republic of Germany. The text of this publication is licensed under the terms of “Creative Commons Attribution-ShareAlike 4.0 International”, CC BY-SA 4.0 (available at: https://creativecommons.org/licenses/by-sa/4.0/legalcode.de). ISBN 978-3-95721-772-1 Hacking the Electorate On the Use of Personal Data in Political Campaigning At a Glance › Although data-driven political campaigning is not a new phenomenon, the tools used, the amount of data accessible, and the potential capacity to influence voters represent a new and challenging scenario for the rule of law. › With the arrival of participatory and social web, Internet users can now generate data in a complex network and without any obligation to the pursuit of objectivity or journalistic standards as pillars for content creation. › People in different countries are increasingly getting informed and learning about political candidates and other political issues through social networks. › In recent years political parties and campaigners around the world have invested heavily in online advertising, demonstrating all the potential to reach more people in an efficient, targeted, and accessible way.
    [Show full text]
  • What Is a Data Protection Officer? INTRODUCTION
    What is a Data Protection Officer? INTRODUCTION In the first in a series of linked articles about Data Protection Officers (DPOs) under the General Data Protection Regulation (GDPR), we take a detailed look at who exactly the Data Protection Officer is from the history of how the DPO evolved into a legally appointed position, essential information on fulfilling the role of a DPO, and a comparison with other data focussed senior executives within the organisation. The GDPR represents the most significant overhaul in 25 years of privacy and data protection law. With its extraterritorial scope, the GDPR covers every organisation no matter whether they are a company, charity, or government body providing they have dealings with EU-based consumers. Affected organisations are required to conduct a detailed review of their internal data protection policies and procedures to bring them in line with the GDPR. This includes supply-chain contracts, along with implementing robust mechanisms for data breach detection and reporting. An essential element of these preparations includes identifying if they are required to appoint a DPO. The primary role of the data protection officer (DPO) is to ensure their organisation processes personal data “of staff, customers, providers or any other individuals (referred to as data subjects) in compliance with the applicable data protection rules. European Data Protection Supervisor Freevacy | What is a Data Protection Officer? Page 1 CONTENTS Key facts about Page 3 Data Protection Officers History of the Page 4 Data Protection Officer How the GDPR sets out Page 5 the role of the DPO The European Data Page 7 Protection Board The role played by the Page 8 ICO regarding a DPO Comparing the role of the Page 9 DPO with other data roles The growing importance Page 11 of the DPO role Page 12 Available Courses KEY FACTS ABOUT DATA PROTECTION OFFICERS A role defined within the legislation, the DPO is the appointed person responsible for monitoring compliance with the GDPR.
    [Show full text]
  • Anonymity, Obscurity, and Technology: Reconsidering Privacy in the Age of Biometrics
    ANONYMITY, OBSCURITY, AND TECHNOLOGY: RECONSIDERING PRIVACY IN THE AGE OF BIOMETRICS JONATHAN TURLEY ABSTRACT For decades, cinematic and literary works have explored worlds without privacy: fishbowl societies with continual, omnipresent surveillance. For those worried about a post-privacy world, facial recognition technology and other biometric technology could well be the expanding portal to that dystopia. These technologies are rapidly transforming a society predicated on privacy into a diaphanous society where identity and transparency are defining elements. Biometric technology is perfectly suited to evade current privacy protections and doctrines because it presents new challenges to the existing legal framework protecting privacy. The greatest threat of this technological shift is to democratic activities—the very reason that countries such as China have invested so heavily into biometric surveillance systems. This Article explores how our traditional privacy notions fit into a new age of biometrics. It seeks to frame the debate on what values society’s notions of privacy protect, and how to protect them. After exploring prior approaches and definitions to privacy, it proposes a shift from an emphasis on anonymity to a focus on obscurity. The truth is that we now live in a “nonymous” world where our movements and associations will be made increasingly transparent. This Article concludes by recommending a comprehensive approach to biometric technology that would obscure increasingly available images and data while recasting privacy protections to fit a new and unfolding biometric reality. This obscurity will allow participation in society to continue unimpeded by the chilling effects created by the new technology. Without it, our democratic society will never be the same.
    [Show full text]
  • Data Protection 2017
    ICLG The International Comparative Legal Guide to: Data Protection 2017 4th Edition A practical cross-border insight into data protection law Published by Global Legal Group, with contributions from: Affärsadvokaterna i Sverige AB Hunton & Williams Bae, Kim & Lee LLC Koushos Korfiotis Papacharalambous LLC Bagus Enrico & Partners Lee and Li, Attorneys-at-Law Creel, García-Cuéllar, Aiza y Enríquez, S.C. LPS L@w Cuatrecasas Matheson Dittmar & Indrenius Mori Hamada & Matsumoto Drew & Napier LLC Osler, Hoskin & Harcourt LLP Ecija Abogados Pachiu & Associates ErsoyBilgehan Pestalozzi Attorneys at Law Ltd. Eversheds Sutherland Portolano Cavallo GANADO Advocates Gilbert + Tobin Rato, Ling, Lei & Cortés Lawyers GRATA International Rossi Asociados Hacohen & Co. Subramaniam & Associates (SNA) Herbst Kinsky Rechtsanwälte GmbH Wikborg Rein Advokatfirma AS The International Comparative Legal Guide to: Data Protection 2017 General Chapter: 1 All Change for Data Protection: The European Data Protection Regulation – Bridget Treacy & Anita Bapat, Hunton & Williams 1 Country Question and Answer Chapters: Contributing Editors 2 Australia Gilbert + Tobin: Melissa Fai & Alex Borowsky 7 Anita Bapat and Aaron P. Simpson, Hunton & Williams 3 Austria Herbst Kinsky Rechtsanwälte GmbH: Dr. Sonja Hebenstreit & Dr. Isabel Funk-Leisch 23 Sales Director Florjan Osmani 4 Belgium Hunton & Williams: Wim Nauwelaerts & David Dumont 34 Account Director 5 Canada Osler, Hoskin & Harcourt LLP: Adam Kardash & Brandon Kerstens 43 Oliver Smith 6 Chile Rossi Asociados: Claudia Rossi
    [Show full text]
  • Solving the Social Dilemma (Existential Threats and How to Deal with Them)
    Solving the Social Dilemma (Existential threats and how to deal with them) Cassandra Introduction Cassandra was a priestess to Apollo and sister to Hector of Troy. Apollo took a shine to her and gave her the gift of prophecy. When he realised his affections were not reciprocated he became very angry. He was not able to take back a gift from the Gods so instead he cursed her to make prophecies that were true but would never be believed. "The biggest mistake you can make is to be prematurely right" Peter Drucker In September this year a Netflix documentary called 'The Social Dilemma' (TSD) was given its worldwide release. It contains disturbing warnings about the human and societal impact of AI driven social media. Is the prophecy true or false? If true is it a tipping point or is it prematurely right? This article/paper is going to look at this in the context of two other 'existential threats', Climate Change and Pathogens. What are the patterns, how will the debate evolve, will it create change, what might the solutions be - what can we do about it? Here's what I'm going to cover:- • The meaning of 'Existential' • The Big 3 Existential Threats and the division of opinion • A dialectic process to reframe the debate • Why AI driven social media might be the priority • Some possible solutions My own personal position is irrelevant. It matters not whether my views concur with those expressed in 'The Social Dilemma' any more than it matters what I think about Climate Change or Covid 19.
    [Show full text]
  • Hacking the Electorate
    Hacking the Electorate On the Use of Personal Data in Political Campaigning www.kas.de Legal notice Publisher: Konrad-Adenauer-Stiftung e. V. 2020, Berlin Cover photo: © iStock/Orbon Alija Chapter marker: p. 10 © Adobe Stock/Gorodenkoff; p. 28 © Adobe Stock/Alexander; p. 38 © Shutterstock/mrmohock Design and typesetting: yellow too, Pasiek Horntrich GbR The print edition of this publication was printed by copy print Kopie & Druck GmbH, Berlin. Printed in Germany. Produced with financial support from the Federal Republic of Germany. The text of this publication is licensed under the terms of “Creative Commons Attribution-ShareAlike 4.0 International”, CC BY-SA 4.0 (available at: https://creativecommons.org/licenses/by-sa/4.0/legalcode.de). ISBN 978-3-95721-772-1 Hacking the Electorate On the Use of Personal Data in Political Campaigning At a Glance › Although data-driven political campaigning is not a new phenomenon, the tools used, the amount of data accessible, and the potential capacity to influence voters represent a new and challenging scenario for the rule of law. › With the arrival of participatory and social web, Internet users can now generate data in a complex network and without any obligation to the pursuit of objectivity or journalistic standards as pillars for content creation. › People in different countries are increasingly getting informed and learning about political candidates and other political issues through social networks. › In recent years political parties and campaigners around the world have invested heavily in online advertising, demonstrating all the potential to reach more people in an efficient, targeted, and accessible way.
    [Show full text]