The challenges of the Data Protection Bill

Above: Ria Mohammed-Davidson of the Faculty of Law at UWI St Augustine speaks at the Media Association talk at the Ken Gordon School of Journalism and Communications. Photo by Mark Lyndersay.

BitDepth#1064 for October 25, 2016

During Saturday’s Media Association talk, I posted a particularly provocative statement by Ria Mohammed-Davidson about the thorny issues that surround the pending passage into law of the remaining elements of the Data Protection Bill.

The pithy excerpt immediately generated confusion in my social media circles.

“Context?” “This statement makes no sense to me.”

The quote was significantly shortened to run on multiple platforms, but the response is unsurprising, really. With ten times the words, it would still be a challenge to engage with all the aspects of the bill raised by Ms Mohammed-Davidson, one of three speakers from the new Faculty of Law at UWI St Augustine invited to speak on bills currently before Parliament of relevance to journalists.

The sentence was this.

“Why doesn’t the Act acknowledge that Caribbean people will either not know that we can complain or be afraid to complain.”

The conflict at the heart of her concern was this. That the bill falters in its most critical mission, balancing the public interest in knowing with the right to privacy and places the burden of responding knowledgeably where it is least likely to be understood.

The Data Protection Bill must butt heads, as it were, with constitutionally guaranteed human rights to be effective and the critical measure of such conflicts is simply this, “Have you used the least invasive method to limit the right?”

The bill, in short, does not pass the legal test of proportionality in Ms Mohammed-Davidson’s view.

“Caribbean societies are not rights based societies,’ she explained.

“We have no cultural basis for fighting for our rights. We have been taught to be respectful to power and to accept its authority.”

That comes down to the right of redress for citizens and smaller companies who find the Information Commissioner, a sort of extra-judicial data-use policeman, knocking at their door demanding to review their records.

Larger companies with legal teams are likely to know what to do, but the Information Commissioner doesn’t need a warrant or a court order to do his rather sweeping job.

“The commissioner has intrusive powers,’ Ms Mohammed-Davidson said, “arbitrary search and seizure challenges the right to life, liberty and security of the person and the enjoyment of property.”

“Why not have the commissioner request the court order or search warrant, even ex parte, from a court?”

That insertion of a third-party in the process would provide balance and accountability that currently is not required of the Information Commissioner in the bill.

The Information Commissioner is defined in that document as a body corporate, assisted by two deputies who can enter premises, question persons and conduct searches without a search warrant or court order.

In legislation which heightens the tension between privacy and the right to freedom of expression, needlessly broad wording and significant omissions make for troubling legal pitfalls.

In section 92 (1) the act of “wilful” disclosure of information is identified, but the word is strategically removed from the next line, 92(2), which identifies “a person who collects stores or disposes of personal information in a manner which contravenes this act,” implying that the act of doing so inadvertently is not an exemption.

Specifically, the legal lecturer is concerned that the Fourth Estate has been specifically and completely written out of the Data Protection Bill, despite such allowances being made in similar documents implemented in Europe, Australia and the UK.

Doubling down on the risk factor is the size of the fines for infringments of the bill, starting at $50,000 for individuals and scaling quickly up to $500,000 for large corporations

And it’s not as if there aren’t exemptions.

Exemptions for the public sector, limited exceptions for the private sector, the health and social services sector and for judicial proceedings are present in the act.

In the UK version of the act, journalists are protected under a special purpose exemption and must be prepared to defend such use by demonstrating decisively that the end goal of accessing the data is the creation of journalism, literary or artistic works in which there is genuine public interest.

Between the Data Protection Act and the Whistleblower Act, working journalists find themselves in a curious place, constrained by the specific terms of data collection as defined under the first and not covered at all by the second, which specifically protects workers revealing information about their employers.

This legislation comes at precisely the time when the traditional role of journalist is increasingly challenged by concerned citizens with equal access to the general public using Internet based distribution tools to share their messages.

But the most recent full draft of the bill was done in 2009, long before citizen journalism began to permeate T&T society the way it has now.

Journalists must now contend with the very real possibility that the Data Protection Bill was designed to be hostile to journalists who engage in data collection (which is at the core of the job) whether it be general searches or deeper data trawling to capture and interpret information and data for their reporting.