'Indecent proposal' - More criticism of Data Protection Act over parliamentarians exemption from provisions
A provision in the proposed Data Protection Act to exempt parliamentarians from culpability if they disclose personal data during a sitting of either House did not find favour with participants of a recent round table discussion on the legislation at the University of Technology (UTech).
The provision was one of the many concerns expressed about the proposed legislation during the discussion dubbed "The National Data Protection Act: Impact on Higher Education Institutions".
It was noted by a member of the audience that as it now stands, the Data Protection Act, which is before a joint select committee of Parliament, provides an exemption for parliamentarians "for the purposes of avoiding an infringement of the privileges of either Houses of Parliament".
Parliamentary privilege gives legislators protection against civil or criminal liability for actions done, or statements made, in the course of their legislative duties in either House.
But it was almost uniformly agreed during the panel discussion that this should not extend to the Data Protection Act.
According to one member of the audience, parliamentarians have done damage to Jamaicans in the past, but these persons have had no recourse because of the privileges they hold.
Panellist Dr Patrick Anglin agreed as he argued that people had a right to privacy and it was the expectation that when their personal data was collected, it would remain private and confidential from parliamentarians and any other data collector.
Supporting the position, moderator Dr Sean Thorpe argued that under the Data Protection Act, everyone should be treated fairly and there should be no infringement.
"... At the end of the day, you don't want your data to be in a space where for political, commercial, religious misuse, health purposes, or criminal activities, the need for a regulated state to support how our data is handled within borders is without questions ... ," said Thorpe.
He argued that the Data Protection Act, by design, was a European Union (EU) directive.
It was noted that May 25 is the deadline for the implementation of the General Data Protection Regulation 2016 in the EU.
This is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
It could result in Jamaica, which does business with and holds data of EU citizens, being subject to hefty fines for breaches.
The issue of EU students in local tertiary institutions was cited as an example of an instance where the data of citizens of countries in the union could be stored in Jamaica.