JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Wednesday, March 19, 2025

Data protection in the age of technology

by

227 days ago
20240804

By Fan­ta Punch and Akeem Lopez

Digi­ti­sa­tion has de­vel­oped to the point where the trans­fer of da­ta glob­al­ly—as well as the large vol­ume of per­son­al in­for­ma­tion or da­ta gen­er­at­ed about in­di­vid­u­als—is not on­ly enor­mous but al­so, in large part, in­te­gral to how we live and ac­cess sys­tems around us.

As in­no­va­tion and tech­nol­o­gy con­tin­ue to shape these mar­kets, the abil­i­ty to pro­tect da­ta and per­son­al in­for­ma­tion has be­come in­creas­ing­ly chal­leng­ing.

Tech­no­log­i­cal ecosys­tems, such as the In­ter­net of Bod­ies or IoB, have de­vel­oped an ever-grow­ing in­dus­try of de­vices that mon­i­tor hu­man bod­ies whose func­tion­al­i­ty re­ly, at least in part, on the in­ter­net and re­lat­ed tech­nolo­gies, Ar­ti­fi­cial In­tel­li­gence and trans­mit per­son­al da­ta col­lect­ed from the in­ter­net.

IoB prod­ucts and de­vices con­nect the body through tech­nol­o­gy that merges with the hu­man body and are com­mon­place to­day. They in­clude, for ex­am­ple, smart­watch­es (Ap­ple Watch and Fit­bit), smart rings (Oura Ring), smart glass­es (Ap­ple Vi­sion Pro) and pace­mak­ers. Even the im­plantable brain com­put­er in­ter­face de­vel­oped by Elon Musk’s Neu­ralink seeks to trans­late thought in­to ac­tion.

A key is­sue as­so­ci­at­ed with the in­te­gra­tion of tech­nol­o­gy in our dai­ly lives is how it in­ter­acts with is­sues of da­ta pri­va­cy and da­ta pro­tec­tion. For ex­am­ple, while users of IoB de­vices en­joy many ben­e­fits such as seam­less health and fit­ness mon­i­tor­ing, these de­vices en­able man­u­fac­tur­ers to gath­er, process and store per­son­al in­for­ma­tion, for ex­am­ple fit­ness pa­ra­me­ters, lifestyle choic­es and eat­ing habits. This is valu­able da­ta that can then be ex­ploit­ed and used in tar­get­ed ad­ver­tis­ing mod­els and mar­ket­ing cam­paigns for new da­ta-dri­ven prod­ucts.

In light of the pace of tech­no­log­i­cal growth and in­tense com­pe­ti­tion among com­pa­nies op­er­at­ing in the dig­i­tal space, there is a com­pelling ar­gu­ment to be made for checks and bal­ances in the use of per­son­al da­ta.

Whether the use of per­son­al da­ta is rights based or mar­ket dri­ven, par­tic­u­lar­ly in this ju­ris­dic­tion, the im­por­tance of the free flow of in­for­ma­tion across bor­ders to sus­tain eco­nom­ic ac­tiv­i­ty can­not be un­der­scored enough. De­spite any po­ten­tial ben­e­fits of per­son­al da­ta in fa­cil­i­tat­ing com­mer­cial trade, the in­clu­sion of ap­pro­pri­ate safe­guards to pro­tect an in­di­vid­ual’s per­son­al da­ta is im­por­tant.

Da­ta pro­tec­tion in T&T

Lo­cal­ly, the Da­ta Pro­tec­tion Act Chap 22:04 (the ‘DPA’), which has been par­tial­ly pro­claimed, seeks to en­sure that pro­tec­tion is af­ford­ed to an in­di­vid­ual’s right to pri­va­cy and the right to main­tain sen­si­tive per­son­al in­for­ma­tion as pri­vate and per­son­al.

While there are gen­er­al da­ta pri­va­cy prin­ci­ples in force which pro­vide guid­ance for han­dling, stor­ing and pro­cess­ing of a per­son’s per­son­al in­for­ma­tion, the op­er­a­tive parts of the DPA that gov­ern how that in­for­ma­tion is col­lect­ed, pro­tect­ed, dis­closed and the ap­plic­a­ble sanc­tions for con­tra­ven­tion there­of, are yet to be pro­claimed. It is hoped that the DPA may be ful­ly pro­claimed in 2024.

An in­di­vid­ual’s per­son­al in­for­ma­tion is un­der­stand­ably ex­ten­sive and in its sim­plest form in­cludes in­for­ma­tion in any record­able for­mat, such as in­for­ma­tion re­lat­ing to the race, na­tion­al­i­ty or eth­nic ori­gin, re­li­gion, age or mar­i­tal sta­tus of the in­di­vid­ual, ed­u­ca­tion or the med­ical, crim­i­nal or em­ploy­ment his­to­ry of the in­di­vid­ual. Per­son­al in­for­ma­tion may al­so in­clude in­for­ma­tion re­lat­ing to the fi­nan­cial trans­ac­tions, any iden­ti­fy­ing num­ber, sym­bol or oth­er par­tic­u­lar that can iden­ti­fy an in­di­vid­ual, an in­di­vid­ual’s name, ad­dress, tele­phone con­tact num­ber and more de­tailed in­for­ma­tion such as fin­ger­prints, DNA, blood type or oth­er bio­met­ric char­ac­ter­is­tics. It can al­so in­clude con­fi­den­tial cor­re­spon­dence sent by an in­di­vid­ual and the views and opin­ions of a third par­ty about the in­di­vid­ual.

The gen­er­al da­ta pri­va­cy prin­ci­ples pro­vide gen­er­al guide­lines to en­sure that the han­dling, stor­age or pro­cess­ing of a per­son’s per­son­al in­for­ma­tion is done in a man­ner that af­fords some mea­sure of pro­tec­tion both by pub­lic and pri­vate en­ti­ties.

These guide­lines or prin­ci­ples in­clude:

* An or­gan­i­sa­tion shall be re­spon­si­ble for the per­son­al in­for­ma­tion un­der its con­trol;

* Be­fore or at the time in­for­ma­tion is col­lect­ed, the rea­son for col­lec­tion should be made clear;

* An in­di­vid­ual’s in­for­ma­tion should on­ly be col­lect­ed, used or dis­closed with his full knowl­edge and con­sent, and should be as ac­cu­rate and com­plete as is need­ed for pur­pose of col­lec­tion;

* Col­lec­tion of an in­di­vid­ual’s per­son­al in­for­ma­tion must be a le­gal un­der­tak­ing and lim­it­ed to what is nec­es­sary and in keep­ing with the rea­son or pur­pose for col­lec­tion;

* Un­less there is an ex­emp­tion in law, an in­di­vid­ual is en­ti­tled to re­quest and ob­tain full dis­clo­sure of any doc­u­men­ta­tion con­tain­ing per­son­al in­for­ma­tion about him, and to chal­lenge the ac­cu­ra­cy and com­plete­ness of that in­for­ma­tion and the ex­tent to which the hold­er of that in­for­ma­tion has com­plied with these da­ta pri­va­cy prin­ci­ples;

* An in­di­vid­ual’s per­son­al in­for­ma­tion has to be pro­tect­ed de­pend­ing on the sen­si­tiv­i­ty of the in­for­ma­tion; and

* Ex­cept where an ex­emp­tion ex­ists, sen­si­tive per­son­al in­for­ma­tion is pro­tect­ed from be­ing processed

The way for­ward

Da­ta is now of­ten re­ferred to as “the new oil” and “the cur­ren­cy of the fu­ture”. While se­ri­ous con­sid­er­a­tion should be giv­en to us be­com­ing com­pli­ant with in­ter­na­tion­al da­ta frame­works such as the EU’s Gen­er­al Da­ta Pro­tec­tion Reg­u­la­tions, once the DPA is ful­ly pro­claimed, it would be a pos­i­tive step to­wards strength­en­ing da­ta pro­tec­tion and da­ta pri­va­cy laws in the ju­ris­dic­tion.

Fan­ta Punch is a part­ner and Akeem Lopez is an as­so­ciate at M. Hamel-Smith & Co. They can be reached at mhs@trinidad­law.com

Dis­claimer: This col­umn con­tains gen­er­al in­for­ma­tion on le­gal top­ics and does not con­sti­tute le­gal ad­vice.


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored