There is a refreshing amount of transparency with the current administration. Unfortunately, it seems to be used as part of a public relations campaign rather than to improve public policies. The passage of the Data Protection Bill last week is a recent example.
The national organizations representing doctors, lawyers, bankers, and digital businesses, submitted their concerns to the Joint Select Committee of the House and Senate (the Committee). Their concerns generally affected their members. The Committee responded by dismissing almost all of their concerns. Their response has been shameless silence.
Solutions Barbados’ concerns focused on issues that could harm the public. A review of the Committee’s minutes revealed the interesting ways the Committee used to dismiss our concerns. Our recommendations, and the Committee’s responses, follow.
Interpretation: We identified several grammatical errors. The Committee responded: “typos happen and they will be fixed in the final Bill.” After reading the passed Bill, grammatical errors were still easily found. For example, on page 15, “unit other authority” should read “unit or other authority”, and “by the any enactment” should read “by the enactment”.
Section 10.3: Any individual can ask the data controller to amend or erase their data. For a data controller with reasonable doubts about the person’s identity, Section 21.14 states “the data controller MAY request the provision of additional information necessary to confirm the identity of the data subject.” (Section 21.14)
To address imposters, we recommended that the optional “may”, should be replaced with the non-optional “shall” or “must”. The Committee’s response: “My understanding is that this provision was put here to give the controller flexibility in terms of confirming identity”. They passed the bill with this harmful vulnerability in place.
Section 22: This section made it an offense to transfer personal information to countries that did not respect human rights with an “adequate” level of “appropriate safeguards”. Section 23 tried to define “adequate”, and Section 24 tried to define “appropriate safeguards”.
We recommended that a Schedule containing an approved list of countries, or a negative list of countries, should be part of the legislation. The Committee stated: “It is suggesting that we try to define adequate, and appropriate safeguards as it relates to section 22”. We were suggesting no such thing. The Committee dismissed the idea of a list, because they did not want to keep amending the Bill every time the list was amended. They evidently did not understand that a Schedule can be amended by the Minister at any time, without having to go to parliament to amend the main legislation.
Section 55.4: This Section gives the penalty for operating as a data processor, without being registered, as “a fine of $10 000 or to a term of imprisonment of two months or to both.” The Profession, Trade and Business Registration Act states a penalty of $500, and no imprisonment, for this type of offence.
We were concerned about the discrepancy in penalties for the same offence. The Committee ignored our concern and responded: “It just makes that null and void because they are not creating professions, therefore, that one is not relevant.” So much for sober second thought.
Sections 68 & 69: We were concerned about the requirement to hire a Data Privacy Officer, whose allegiance appears to be to the Government appointed political commissioner. The Committee ignored the close relationship between the Data Privacy Officer and the political commissioner and simply dismissed this concern. Amazing.
Section 73.1: We were concerned about a glaring loophole that allowed confidential information to be leaked. This section states: “The Commissioner and a public officer … shall keep secret all confidential information … EXCEPT insofar as the Commissioner authorises that person to release the information.”
The Committee’s legal resource stated: “this particular provision is very common when you are dealing with functionaries”. So, they left the glaring loophole, for potential political mischief, in place.
Section 74: This section allowed the commissioner and their staff not to be held liable for their mistakes or negligence. We recommended that the standard for negligence should be the same for all professionals.
The Committee went back to their go-to loophole-retaining statement: “this is a common provision again that is put in place in terms of functionaries”. Well, that explains why all Barbados legislation to address political corruption seems to have loopholes.
Section 85.2(d): This section allows the police to: “inspect and seize any documents or other material found on the premises”. We recommended that the business owner should be allowed to make copies of documents seized, especially if the material seized is unrelated to the charge, and was needed to continue their business.
The Committee seemed to think that businesses run by magic. Further, they decided that making copies of seized documents “is not something that we would wish to do at this stage or at any stage.” Are charged persons not entitled to a copy of the evidence against them? Since when did that change? And where is this hostility to businesses coming from?
Grenville Phillips II is a Chartered Structural Engineer and President of Solutions Barbados. He can be reached at [email protected]