Data protection bill passed in National Assembly

The National Assembly on Thursday passed the Data Protection (Amendment) Bill of 2023, which aims to protect a person’s right to privacy with respect to the processing of personal data. It provides for the regulation of collection, keeping, processing, use and dissemination of personal data.

Attorney General and Minister of Legal Affairs, Anil Nandlall, SC, presenting the bill for its second reading on behalf of Prime Minister, Brigadier (Ret’d) Mark Phillips, said that the bill is a critical component in modernising the country’s legislative framework and facilitating the implementation of e-governance.

Attorney General and Minister of Legal Affairs, Anil Nandlall, SC

“We are at the commencement of a transition to e-governance, and we now have to prepare every aspect of our governmental machinery as well as the private sector infrastructure to allow for this digital electronic transformation to take place as we join the rest of the world in this age of information and technology,” he said. 

The AG noted that the bill underwent widespread consultation, and is fashioned in accordance with the Universal Declaration of Human Rights, as well as the International Covenant on Civil and Political Rights.

“Guyana, by this bill, will now be joining a large number of countries across the globe in putting in place a legislative framework that will allow for the legitimate accumulation, use, transferal, storage and update of data to be used in electronic and digital transactions,” he posited.

The increased advancements in technological communication and integration of ICT in everyday life, coupled with the rise in cybercrimes necessitate legislation to protect personal information.

The bill defines personal data as any information relating to an identified or identifiable natural person. Personal data includes data pertaining to a person’s private life, including professional activities, and information concerning a person’s public life.

According to the bill’s explanatory memorandum, its main aims are to define the general principles of data protection and the rights of data subjects, protect personal data, and provide for enforcement mechanisms for failure to process personal data in accordance with the law.

It outlines that personal data must be processed lawfully, fairly and in a transparent manner, and only collected for specified, explicit and legitimate purposes. Moreover, this data must be accurate and kept up to date, and processed in a manner that ensures appropriate security.

Additionally, the bill sets out the principles governing the conditions of consent, imposing that consent must be freely given, informed, specific and unambiguous, and can be withdrawn at any time.

It also makes provisions for cases where consent is not required, and establishes the Data Protection Office, with a commissioner who is appointed by the president, and responsible for the administration and implementation of the Act.