All protections and remedies flowing from the Data Protection Act must be fully operational prior to NIDS rollout
The Data Protection Act contains important protections for people’s sensitive personal data and remedies for any issues that arise, but it is not yet in force. NIDS willl be the most significant data collection enterprise that Jamaica has embarked on, and any individual enrolling in NIDS should be able to rest assured that they have the full protection of the Data Protection Act, including oversight from a functioning Data Protection Authority. The Act needs to be fully operationalized and applicable to NIDS before NIDS is rolled out.
These are examples of what the NIDS Bill allows. These examples may not necessarily reflect the intention of the Bill, but are possible based on how the Bill was worded when it was tabled in 2020.
Susan is claiming asylum in Jamaica and still fears retribution for her political activism from her home country. The Jamaican Government is six months into the operation of NIDS.
The Authority becomes aware that the third-party private corporation processing the data to ensure no two entries are the same has a security flaw and information may be leaking to outside sources, including foreign entities.
Because the Data Protection Act is not fully operational, the Authority does not have to disclose the data breach to Susan. Susan’s private personal information may have been leaked to individuals trying to find her without her knowing that she is in any danger.
Christopher was one of the early adopters of NIDS. Christopher recently used his NIDS card to access a loan. During the process, the bank requested consent from Christopher for his identity information in NIDS to be disclosed to them. Based on a later communication from the bank that his wife received, he becomes suspicious that the bank may be using his data in a way that was not initially communicated.
Christopher logs into his NIDS interface to confirm what data has been disclosed to the bank. He is correct that the identity information in question was released to the bank. He then reaches out to the bank to request clarity on how the data is being used. The bank refuses his request.
Without the Data Protection Act in force, Christopher has no recourse to challenge his bank’s refusal.
Audrey signed up early for NIDS because it was her first chance at getting identification documentation. A year and a half into the rollout of NIDS, the Government wants to enter into an agreement with a foreign government to allow a private company with facial recognition technology to access NIDS data in support of cross-regional law enforcement efforts.
Audrey would not have signed up for NIDS if she had known that her data would be shared with foreign law enforcement agencies and private companies in this way.
Without the Data Protection Act being in force and with NIRA exempted from obligations under the Act, Audrey does not even know and is not able to challenge that her data is being used in this way.
The current NIRA Bill acknowledges how central the protections in the Data Protection Act are to NIDS’ guiding framework. Yet, these acknowledgements mean little if the Act is not fully in force and operationalized with detailed processes, procedures, and remedies, before NIDS is rolled out. The Data Protection Act includes a two-year adjustment period in which the NIRA would not yet have to comply with the provisions in the Act. It is not clear how NIRA will ensure appropriate data protection and transparency mechanisms in the intervening period. Since NIRA will be overseeing one of Jamaica’s largest data collection exercises to date, involving highly sensitive personal data, this accountability gap must formally be closed before NIDS can be rolled out.
Watch this space! We will provide an update once the Joint Select Committee has made a decision on this issue.
Last updated 2021-05-27
Is there something we overlooked with this issue?
Have questions? Let us know!
NIDS Focus is a coalition of civil society groups and individuals collaborating with the GOJ to develop a rights-based, people-centric national ID project. Learn more
We would love to hear from you.
© NIDS Focus Coalition 2021