Barbados hosts a significant number of visitors from countries that are serious about protecting their citizens’ personal information or data. In Barbados, their data can be held by Government agencies and every business that records any information about its customers.
To facilitate international trade, Barbados needs to have a Data Protection law that makes selling or sharing someone’s personal data, without their consent, illegal. Our Data Protection Bill was developed in our Senate and was referred to a joint select committee of the House of Assembly and the Senate.
The Committee requested public comment on the Bill and Solutions Barbados submitted its comments on June 20 2019. We received no acknowledgement. After seeing others being allowed to present their concerns about the bill to the Committee, I called several times requesting the opportunity to be heard. I also sent e-mail correspondence but got no response.
This experience was different from the respectful way we were treated when we presented on the Integrity in Public Life Bill. We were allowed to discuss the loopholes we found in that Bill, that allowed persons who received bribes to legally avoid punishment, and keep all bribes paid to them. The Data Protection Bill contains loopholes that are a lot worse – for us.
The Data Protection Bill makes a weak attempt at protecting the privacy of personal data. Worse is that it can easily be used to terrorise businesses and individuals for political reasons, with the end-game of politicising the private sector. That makes it a very dangerous bill.
I was shocked to learn that the Senate passed the Data Protection Bill on July 24, 2019. I read the amended Bill and found that our senators left all the vulnerabilities for politically directed harm intact. Why would they do that? Further, by not allowing us to express our grave concerns to them in private, they have forced us to make them public.
If the amended Bill becomes law, then you may wonder how your competitors obtained your most sensitive business and personal information. If that information is used to bankrupt you, then you can thank our senators for failing to protect us when they had the chance. Thanks senators.
Since our senators seem not to have acted in our best interests, my only recourse, as one who has reviewed the Bill in the public’s interest, is to appeal to the members of our House of Assembly. Our main concerns follow.
The Bill requires every business in Barbados, who records any information about their employees or clients, to pay a fee (or tax) and register with a politically appointed Data Protection Commissioner. If you choose not to register, then you may pay a fine of $10,000 or be imprisoned for two months, or both. If you do not maintain your registration, then the Commissioner can fine you $50,000.
The Commissioner can go through your files at any time, and must report any results to the Minister. Once you have attracted many clients, or are a school with many students, then you are rewarded for your success. You must employ or contract a Data Privacy Officer, whose allegiance is to the politically appointed Commissioner. This Officer must have expert knowledge of data protection law and practices.
The Data Privacy Officer is like a Government spy in your business, who must provide all information about your business, including your clients, to the politically appointed Commissioner, whenever they ask for it. In return, your business must provide the Data Privacy Officer with all the resources needed to both spy on your business, and be educated in the latest spy craft. They must also be given unfettered access to your employees.
If you get fed up with the spying, then you must learn to lump it, because the Data Privacy Officer cannot be dismissed or disciplined for spying. If you do not employ or maintain a suitable Data Privacy Officer, then the Commissioner can fine you $50,000.
If the Commissioner feels that you are not complying with the Data Protection Act, then they can effectively close your business. If you resist, then you get to pay a fine of $15,000 or spend six months at Her Majesty’s Prison. Also, the police can forcibly enter your business and seize your files and computers. If you do not assist the police in their search for incriminating evidence on you, then congratulations, you get to pay a $100, 000 fine or spend two years in prison, or both. Lucky you.
You can always appeal the politically appointed Commissioner’s decisions to a Tribunal of five persons. However, all five members of the Tribunal are selected and appointed by the Minister – so get with the program.
The 102-page Data Protection Bill provides an unnecessarily complicated bureaucracy that can easily be corrupted for politically partisan reasons. If we want to protect the privacy of personal data, then why not simply say so? Why not simply define personal data, and state that sharing or selling a person’s personal data, without their consent, is an offence which entitles a victim to damages? Why is that so hard?
The victim can then quantify their loss of business and/or reputation, and a judge can determine what is valid, and award damages accordingly. What type of Barbados are we designing for our children to live and work in? How can they possibly prosper in such a quasi-police state? How dare our senators pass something so ridiculously dangerous to the public of Barbados?
Grenville Phillips II is a Chartered Structural Engineer and President of Solutions Barbados. He can be reached at [email protected]