Overhaul of data protection laws?
JERSEY’S data protection laws could be overhauled if draft legislation proposed by the Council of Ministers is agreed by the States Assembly.
Ministers say that the proposed laws would help to strengthen individuals’ rights, as well as ensure that Island businesses remain competitive.
On 28 May next year the European Union’s General Data Protection Regulation will come into effect in EU Member States.
The changes are designed to give people greater control over their data and require data controllers and processors to protect and use it appropriately.
As the GDPR will restrict the transfer of personal data to jurisdictions outside the EU unless they have adequate data laws, the Council of Ministers says new data legislation will be ‘essential’ to ‘facilitate trade and ensure that law enforcement authorities in Jersey can continue to co-operate with their colleagues in other jurisdictions’.
The report accompanying the proposition states: ‘We live and work in a digitally connected society, where the internet has become a feature of everyday life and where businesses and consumers rely on the ability to share and access personal information online, with confidence and clarity.
‘The protection of this personal data is essential for the protection of our human rights, particularly those accorded by Article 8 of the European Convention on Human Rights (i.e. the rights to private and family life, home and correspondence).
‘Personal data is the lifeblood of the financial services industry in particular, and as the digital economy develops and the use of online technology becomes ubiquitous, it is important that Jersey continues to provide a safe environment for processing data, with clear and robust data protection legislation that is monitored and enforced by an effective regulator.’
Under the proposals, a Data Protection Authority would be created to replace the Office of the Information Commissioner. The proposed law would give the authority ‘robust investigatory and enforcement powers, including the power to impose administrative fines, which may be used to secure compliance with the draft Data Protection Law’.
The proposition states that the annual running costs of the authority compared to the current Office of the Information Commissioner regulator will rise by an estimated £1.1 million, to £1.65 million per annum.
There will also be a need for an additional £350,000 to support one-off implementation work, the report says.
However, it adds that from 2020, the increase of industry registration fees will provide the revenue required to enable the authority to implement and enforce the legislation.
The Data Protection (Jersey) Law 201– and Data Protection Authority (Jersey) Law 201– is due to be debated by the States in January.
If approved by the States and the Privy Council, the new laws are expected to come into effect on 25 May 2018.