In the wake of the European Union's implementation of the General Data Protection Regulation , Jamaicans are debating the implications of two new laws governing the collection and protection of personal data. Policymakers say  these laws could more closely align the Jamaican system with newly implemented rules in Europe.
The first is the Data Protection Act, passed in November 2017, which seeks to strengthen  citizens’ ability to control the use of their data and to proactively decide how it can and cannot be used by third parties. The second is the National Identification and Registration Act, that would govern the country's National ID system  (NIDS). The proposed Data Protection Act  is also intended to strengthen NIDS .
The intersection  between the two pieces of legislation is not entirely clear, and public concerns about the laws — and their potential pitfalls — are still rising to the surface.
At a recent public forum, “Data Protection and You”, journalists at the Press Association of Jamaica (PAJ) expressed concern about the Data Protection Act for their sector.
Press Association president Dionne Jackson Miller observed, the Data Protection Act is 112 pages and difficult to digest — and in Jamaica, amending laws is a lengthy process — it is therefore critical to get the law right the first time:
WATCH: President of the @PressAssnJa , @djmillerJA  says it's very important that there is serious consideration before the #DataProtectionAct  is passed because in #Jamaica  it takes years to change bad laws. @UCCjamaica  pic.twitter.com/GJ3eel6gcL 
— Jamaica Gleaner (@JamaicaGleaner) May 16, 2018 
While not opposed to the concept of a data privacy law, the PAJ has taken issue with several clauses in the Act. Although journalism, artistic and literary works are largely exempt under the proposed legislation, it stipulates that subjects can easily refuse to grant permission for use or publishing of information, which could have an adverse effect on journalists’ abilities to report on people — particularly those in power — without running afoul of the law.
Despite exemptions for journalists under the #DataProtectionAct , @djmillerJA  says the @PressAssnJa  is concerned by UK experience were similar legislation is being used by powerful people to prevent themselves from being investigated. pic.twitter.com/xmcxWfUIEt 
— SlashRoots (@Slash_roots) May 16, 2018 
In support of this concern, the international non-governmental organisation Reporters Without Borders has written to Andrew Wheatley , Jamaica's Minister of Science, Energy and Technology, who chairs the parliamentary committee reviewing the legislation:
While we do not dispute the existence of this Bill, which is meant to protect the private data of consumers, the Bill does not adequately distinguish gathering ‘data’ for journalistic activities from gathering data for regular commercial purposes. RSF believes the Bill may have a chilling effect on press freedom that could outweigh its benefits.
We acknowledge and appreciate that the drafted legislation considers press freedom, as indicated by section 37, which exempts journalists from a number of provisions data controllers—those who obtain, process, or use data—are obliged to follow. However, we believe the Bill should clearly exclude journalistic activity from its scope. A clear blanket exemption for journalists should be provided instead of a handful of provisions from which journalists are exempt.
Several governance concerns are being aired via traditional and social media — early alarm bells sounded  with regard to the role of the all-powerful information commissioner who would monitor compliance with the Act, advise the minister and serve as the arbitrator in disputes. The commissioner would also appoint an “independent” data protection officer. Media stakeholders were generally uncomfortable with the scope of the commissioner's reach, as well as the role of the technology minister when it comes to freedom of the press.
The Private Sector of Jamaica (PSOJ) also has issues with the proposed law. The organisation's executive director, Jennifer McDonald, called it “another burden on the private sector,” pointing to a negative impact  on the thousands of small and medium-sized enterprises (SMEs) such as neighbourhood cook shops — an issue that Slash Roots Foundation also focused on in its submission to parliament. How will the legislation affect the “small man”?
One Jamaican internet specialist tweeted that this is not just a worry for small businesses. Regional telecommunications provider Digicel is among several larger international companies which are concerned that — since Jamaica is the first Caribbean country to introduce this type of legislation — it may create problems for its Caribbean Community (CARICOM) neighbours:
— Shoshannah Richards (@starringshoshie) January 15, 2018 
The Jamaica Computer Society agreed with Digicel, which has proposed a phased introduction  of the Data Protection Act, suggesting a three-year implementation period.
Meanwhile, Minister Wheatley has announced  the establishment of an academy to strengthen Jamaica's cybersecurity, in collaboration with the Israeli government — and it is details like these that made the moderator's final comments at the public forum almost a foregone conclusion:
— SlashRoots (@Slash_roots) May 16, 2018 
These are highly complex and sensitive issues that will no doubt affect every Jamaican citizen. Are things moving too fast? It appears that more time is needed for discussion, dialogue and the dissemination of information — in digestible form — to the “man on the street”, even while the current political administration likely faces more challenges and delays before the Act is assented to.