As the Data Protection Bill was read in Parliament on Thursday morning, members of the National Assembly heard that it had been endorsed by both a foreign expert and Guyana’s Law Reform Commission.
Bartlett Morgan, a lawyer from Barbados and a well-known expert in the area of data protection, was quoted as saying: “Guyana’s new Data Protection Bill is impressive. It is probably the most advanced and at the same time fit-for-purpose privacy law that I have seen emerging from the Caribbean region to date. While there is some room for fair criticism, there is a lot to be pleased about in the direction of the draft law. The drafters have clearly assessed prior efforts of other countries in the region and further afield and sought to strike a fair balance between competing interests of data subjects and data controllers”.
After conducting a comprehensive review and comparative analysis of the bill with other Caribbean data protection laws, the Law Reform Commission of Guyana endorsed it without objection.
The bill was read a second time during the 67th Sitting of the National Assembly, on behalf of Prime Minister Brigadier (Ret’d) Mark Phillips, by Minister of Legal Affairs, Anil Nandlall SC. Describing the bill as being long overdue, Nandlall stated that it is of the utmost importance as it seeks to establish a framework to support the accumulation, storage, use and dissemination of data.
“Most importantly […] it sets out a protective framework through which the data collected and used on our (the people of Guyana’s) behalf… a person’s data invariably consists of very personal, inalienable, biometric, and biographic information peculiar to that person and a person is entitled to the privacy of that information. In the same way that we have a right to freedom of expression, we have a right to liberty, we have a right to property, we have a right to privacy. Unfortunately, the current construct of our laws do not safeguard this very important right, and this bill, for the first time, seeks to set a statutory framework for the protection of data that we are using and we are accumulating every day in our lives,” he said.
Before the bill was passed, a draft was first published online in April of this year, and members of the public were given the opportunity to give their opinion on it. However, Nandlall noted that only two sets of comments were garnered from the posting. These comments, he said, were examined and, where necessary, incorporated into the bill.
To aid in the bill’s creation, technical support from data experts attached to the Mount Sinai medical institution was sought and this helped to establish whether the architecture would permit the developers to gather, accumulate, store and utilize medical data as part of the data repository.
The Data Protection Bill was modeled after the European model; the General Data Protection Regulations, which exist in all the European Member States. This model of data protection laws, the Attorney General noted, has now become the benchmark, and several Caribbean nations, such as Jamaica, Barbados, Belize, St Lucia and Grenada, have adopted legislation modeled after it.
“In drafting this bill, we took guidance from the United Kingdom, Jamaica, Barbados, Mauritius, and Kenya. So, we did not invent the wheel, but we simply followed legislation that have been enacted across the Commonwealth and the Caribbean,” he added.
In his presentation, Nandlall cited the need for legislation to safeguard personal information, attributing it to the rapid progress in technology, communication, and integration of ICT in daily life. He further highlighted that the increased instances of cybercrimes also demanded the implementation of protective measures.
Acknowledging his lack of expertise in the area, Leader of the Alliance for Change, Khemraj Ramjattan endorsed the bill. He expressed support for the data protection legislation, stating that consumers should have protection for their data. Although he had not personally read the bill, Ramjattan noted that he had discussed it with the Attorney General, who informed him that the bill followed a model similar to that of the European Union, which had a superior data protection legislative arrangement compared to the US.
The Data Protection Bill aims to provide guidelines for data protection and ensure that personal data is collected and processed lawfully, fairly, and transparently. Consent requirements are stipulated, and scenarios where it is not needed are outlined. The bill creates the Data Protection Office, responsible for implementing and enforcing the legislation.