/Data protection, privacy and the State

Data protection, privacy and the State

he delay in passing the Data Protection Act is stymieing the development of our national cybersecurity policy and leaving question marks around the privacy rights and sovereignty of Jamaican citizens. In the absence of the Data Protection Act, the Opposition is pushing the Government to disclose publicly what sort of cybersecurity arrangements and information sharing agreements have been put in place with third parties.

It is ironic that one of the entities that led the challenge to the Data Protection Act — the press and media association (that significantly contributed to the delay) — is also demanding that the Government disclose publicly what data is being shared with who. The Gleaner went further in its editorial and stated: “While we accept the need for Jamaica, like other countries, to protect itself against bad actors, it is critical that it be balanced against citizens’ rights to privacy, from undue intrusion by the State, and that any encroachment on constitutional freedoms be no more than what is ‘reasonably justified’ for the functioning of liberal democracy.

“In that regard, there ought to be laws that acknowledge these principles, legislated after robust debate…”

News Flash! That is exactly what the Data Protection Bill is supposed to achieve. If it is that the Data Protection Act was in place there would have been a legal process to follow;there would have been the necessity for an adequacy decision, an assessment of the impact of the sharing of this data with third parties would have on our privacy rights; further, there would be an accountability mechanism in place that could have been enforced to obtain answers without the risk of undermining our national security by demanding public accountability and transparency.

In response to the growing demand for public disclosure, the minister of national security announced in Parliament that the Government brought the “secret memorandum” arrangement to an end. He indicated that this action was predicated upon a finding by the Supreme Court that the the secret MOUs were “unsatisfactory and inadequate”. He further disclosed that new cybersecurity arrangements have been put in place with the United States of America. In a public show of support for the Jamaican Government and the bilateral cybersecurity arrangements, the US Ambassador to Jamaica tweeted: “The United States continues to value its long-standing security cooperation with Jamaica…”

During the Manatt Enquiry we learnt that the then Minister of National Security Peter Phillips, without the knowledge of the then prime minister and/or Cabinet or Parliament allowed for third party states to capture and analyse all telecommunication data generated by Jamaicans to the exclusion of Jamaican authorities, our court system and the Interception of Communication Act.

A finding that the MOUs were unsatisfactory and inadequate is not surprising and in line with the Schrems decision of the European Court of Justice that declared the Safe Harbour invalid. The Safe Harbour was a United States construct that was to facilitate the transnational flow of personal information about European data subjects to the United States. The European Court of Justice found that the United States privacy laws did not adequately protect the rights of European data subjects, and as such European data subject personal information could not be safely transferred to the United States.

In principle it is important that the citizenry of Jamaica have sufficient information to hold the Government to account and ensure that the State is not riding roughshod over our constitutional rights and abusing its powers. The Government, however, cannot be held to account under the shroud of secrecy of secret MOUs and cannot be held to account under the secrecy of these new international cybersecurity agreements. The reality is, however, that disclosing the details of these agreements undermines their very objectives and puts our national security at risk. One concern of mine is that the Opposition is acutely aware of the risk that they expose the nation to by demanding this public disclosure yet they continue to grandstand.

If it is we had the Data Protection Act in place there would be no need for demanding public disclosure of national cybersecurity arrangements, which right-thinking Jamaicans know cannot happen. If the Bill were to be enacted we could feel confident that the privacy rights of our citizens would have been considered and safeguarded. The Data Protection Bill now provides that personal data shall not be transferred to a State outside of Jamaica unless the State ensures an adequate level of protection for the rights of its citizens. There are also strict standards that determine how the information is to be processed. While the minister of national security under the Data Protection Bill has wide powers to exempt personal data processing agreements from the safeguards built into the Data Protection Bill on the basis of safeguarding national security, at least there would have been a duly considered decision which would be subject to judicial review. Instead of demanding public accountability, which is not practical, the Opposition and the press could apply for judicial review and hold the minister to account for his actions while purportedly seeking to protect the rights of the Jamaican citizens.

If the Opposition were to be true to Her Majesty as her loyal Opposition and the people of Jamaica, instead of pushing to have extremely sensitive information about the heart of our national cybersecurity apparatus disclosed in public, they would be more interested in pushing for the passing of the Data Protection Bill that would ensure that robust governance and accountability structures are in place. The media also needs to recognise that the same Data Protection Bill that they so vigorously challenged is the same law The Gleaner‘s editors are now calling for.

The Government, the Opposition, and the media seems not to be able to appreciate the correlation between cybersecurity and privacy rights. Any cybersecurity policy must have at its core the protection of the constitutional right to privacy, not only from a legal point of view but from a commercial and national perspective. Protecting the right to privacy in the cyber age is akin to the Government’s primary duty of keeping its citizen safe and is critical to preserving our young democracy. It is now incumbent upon the Government of the day to ensure the swift passage of the Data Protection Act, as it is that enabler that would allow us to drive Jamaica’s economic growth and security.

 

Chukwuemeka Cameron is an attorney, trained data protection officer, and founder of Design Privacy. Send comments to the Observer or ccameron@designprivacy.io.

http://www.jamaicaobserver.com/opinion/data-protection-privacy-and-the-state_178933

By |2019-11-05T12:26:46+00:00November 5th, 2019|news|0 Comments

Leave A Comment

one × 4 =

Photo Gallery