Business and security boost from data protection regulation - EU
Fredrik Ekfeldt, Head of Political, Press and Information Section, the EU Delegation to Jamaica.
Caribbean businesses and security will benefit from the reforms in data protection implemented in the European Union (EU) this May, Fredrik Ekfeldt, Head of Political, Press and Information Section, the EU Delegation to Jamaica, assured sector leaders at a conference in Kingston recently.
"The General Data Protection Regulation (GDPR) seeks to create a virtuous circle between better protection of privacy as a fundamental right, enhanced consumer confidence in how the privacy and security of their data is guaranteed, particularly online, and economic growth," he said at the Regional Data Security Conference hosted by the American Chamber of Commerce Jamaica (AMCHAM) and eBiz ProTrain on September 12.
The European Union GDPR came into force on May 25, 2018 in all member states to harmonize data privacy laws across Europe. It protects fundamental individual rights and freedoms of EU citizens and in particular their right to the protection of personal data.
Under the new regulations, Ekfeldt pointed out that Caribbean and other foreign companies doing business in Europe are benefiting from many of these changes. For example, he said companies can offer their goods and services in a "harmonized and simplified regulatory environment in the EU instead of having to deal with 28 different data protection laws and 28 different regulators".
"Obligations to notify data processing operations or obtain the prior-authorization (as was required under the previous regulatory regime) from data protection authorities has been scrapped. Several key concepts have been clarified and adapted to the needs of the digital economy," he added. "All this means increased legal certainty and a significant reduction in compliance costs and red tape."
Ekfeldt said the EU was ready to have more detailed talks with Jamaican partners even as he sought to clear up a common misunderstanding that the EU data protection rules apply "extraterritorially" to the collection and processing of data of Europeans, anywhere, anytime.
"Let me reassure you," he said, "this is an urban legend! To be concrete, hotels in Jamaica are not subject to the GDPR for the simple reason that they are hosting some European tourists."
He explained further that some strict conditions have to be met for the regulations to be applicable. These include whether operations are processed on European soil, within the EU territory, or when the business operator specifically targets consumers in the EU – for example, by offering goods and services that can be bought in Euro.
"By contrast, the mere fact that a European would for example, visit a Jamaican website and decide to book a hotel room here or buy a tour is not sufficient to make the processing of data involved in that transaction falling within the GDPR."
Meanwhile, the EU representative stressed, too, that having common data protection rules can also "greatly facilitate the exchange of data between public authorities, including in the context of law enforcement cooperation".
That was a point embraced by Dr Horace Chang, Jamaica's National Security Minister, who also addressed the conference. He acknowledged that illicit access to, and the illegal manipulation of data is "a major issue for governments and business interests to grapple with around the world" which demands "prudent and efficient" management of data.
"The challenge therefore, is to create the legal framework that provides protection to the law-abiding citizen while creating parameters within which conspirators’ information can be utilized to fight and counter the activities of criminals," Chang said.
Jamaica is pursuing a new data protection regime and Minister Chang, in an update, said a draft Data Protection legislation is currently being examined by a committee of the Jamaican Parliament. The law will establish a central national database and provide privacy and security safeguards over personal data in order to re-enforce people's constitutional right to privacy.
The Regional Data Security conference was held under the theme "Your Data Your Rights: What Individuals and Companies Should Know". The event sought to open a regional discussion on issues relating to data security while also providing insights on how companies and individuals should protect themselves and their investments.
Presenters were drawn from a range of areas including, data security, cybercrimes, law, financial services, international trade and public policy.