Antigua and Barbuda’s Data Protection Act, 2013

The Data Protection Act, 2013 of Antigua and Barbuda (No. 10 of 2013) is designed to promote the protection of personal data processed by public and private bodies and for incidental and connected purposes.

Overview of key sections and articles

Part I: Preliminary

• Section 1: Short Title – Names the Act as the Data Protection Act, 2013.
• Section 2: Interpretation – Defines key terms such as ‘data subject,’ ‘data user,’ ‘personal data,’ and ‘sensitive personal data.’
• Section 3: Objectives – Establishes the Act’s purpose: to safeguard personal data processed by public and private bodies and promote accountability and transparency.
• Section 4: Savings – Clarifies that existing laws on data processing can operate alongside this Act.

Part II: Privacy and data protection principles

• Section 5: General Principle – Requires consent for data processing and restricts processing unless it’s lawful and necessary for a specific purpose.
• Section 6: Notice and Choice Principle – Obligates data users to inform data subjects of data collection purposes, their rights, and any third parties with access to the data.
• Section 7: Disclosure Principle – Prohibits disclosure of personal data without consent except for specified, lawful purposes.
• Section 8: Security Principle – Requires practical steps to protect data against unauthorised access, alteration, or destruction.
• Section 9: Retention Principle – Limits data retention to the time necessary for its intended purpose.
• Section 10: Data Integrity Principle – Ensures data accuracy, completeness, and relevance.
• Section 11: Access Principle – Grants data subjects the right to access and correct their personal data.

Part III: Rights of data subjects

• Section 12: Right of Access – Allows individuals to request access to their data held by public or private entities.
• Sections 13-15: Procedures for Access – Detail the notice period, response time, form of access, and grounds for denial.
• Section 16: Right of Rectification – Allows individuals to request corrections to inaccurate or irrelevant data.
• Section 17: Extent of Disclosure – Lists conditions for disclosing data for purposes other than those initially intended.
• Section 18: Processing of Sensitive Data – Imposes additional safeguards and conditions on processing sensitive data.

Part IV: Exemptions

• Sections 19-20: Exemptions – Exempt certain data from the Act, such as data processed for personal use, public interest, or law enforcement. It also grants the Minister authority to add further exemptions upon recommendation.

Part V: Information Commissioner and miscellaneous provisions

• Section 21: Information Commissioner – Assigns duties for enforcing data protection under the Freedom of Information Act.
• Sections 22-23: Offenses and Penalties – Outlines penalties for intentional data mishandling, with fines and imprisonment options.
• Section 24: Appeals – Provides for appeals to the Court regarding decisions made by the Information Commissioner.
• Sections 25-27: Confidentiality and Reporting – Ensures confidentiality of data obtained during investigations and mandates annual reporting to Parliament.
• Section 28: Regulations – Allows the Minister to implement regulations and codes of practice for data handling.