Jamaica Adopts a Post-GDPR Data Privacy Law

(2020) 167 Privacy Laws & Business International Report 1, 5-8.

6 Pages Posted: 11 Dec 2020

See all articles by Graham Greenleaf

Graham Greenleaf

Macquarie University - Macquarie Law School (Sydney, Australia)

Date Written: August 16, 2020

Abstract

Jamaica's Data Protection Act 2020, is the fifteenth data privacy law in the Caribbean. Not yet in force, it provides for a transitional period of two years. The Jamaican Information Commissioner, once appointed, should be influential in the region. It is influenced strongly by the European Union’s General Data Protection Regulation (GDPR) of 2018, including in providing for extra-territorial jurisdiction, and in limiting data exports through the concept of ‘adequacy’.

All data controllers must comply with eight numbered ‘Standards’, one of which includes compliance with the various ‘Rights of the Data Subjects’. The Act also imposes four types of higher obligations, above the ‘Standards’, on some controllers in relation to some processing. These include registration, controls on specified processing, data protection officers (DPOs) and data protection impact assessments (DPIAs).

The Act’s enforcement is based on three types of notices by the Commissioner, which can then lead to offences, administrative penalties, or compensation. The terminology and procedures are somewhat unusual, but the enforcement mechanisms are substantial.

This is a remarkably strong post-GDPR data privacy law. Of the nearly 20 features of the EU’s GDPR that are relevant to countries outside the EU, and are stronger than the 1995 Data Protection Directive, only a handful are missing from explicit inclusion in Jamaica’s law: data protection by design and default; demonstrable accountability of controllers; direct liability for processors; requirements to cooperate with other DPAs; and rights of public interest groups to take representative actions. The exemptions from the Act may prove to be unreasonably broad. It remains to be seen whether fines of up to 4% of corporate turnover will be genuinely dissuasive when administered by courts, and whether significant compensation awards will be made.

Keywords: Privacy, Data Protection, Jamaica, Caribbean, GDPR

Suggested Citation

Greenleaf, Graham, Jamaica Adopts a Post-GDPR Data Privacy Law (August 16, 2020). (2020) 167 Privacy Laws & Business International Report 1, 5-8., Available at SSRN: https://ssrn.com/abstract=3712745 or http://dx.doi.org/10.2139/ssrn.3712745

Graham Greenleaf (Contact Author)

Macquarie University - Macquarie Law School (Sydney, Australia) ( email )

North Ryde
Sydney, New South Wales 2109
Australia

HOME PAGE: http://www2.austlii.edu.au/~graham/

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
480
Abstract Views
3,153
Rank
148,004
PlumX Metrics