• New data protection legislation registered

    Following Privy Council approval, the Royal Court today registered new data protection legislation that will strengthen individuals’ rights and enable Island businesses to continue accessing international markets.

    The Data Protection (Jersey) Law 2018 and Data Protection (Authority) Jersey Law 2018 will come into effect on 25 May 2018.

    The new Laws will enable data to continue moving freely between Jersey and the European Union, benefitting trade and helping law enforcement agencies cooperate with their counterparts in other jurisdictions.

    Earlier this year, the Laws were unanimously agreed by the States Assembly.

    The Assistant Chief Minister, Senator Paul Routier M.B.E., said “this is an important milestone for Jersey. The new data protection regime will bolster the rights of Islanders, ensure equivalence with the EU and further our standing as a trusted place to do business”

    Read more >
  • It’s Data Protection day!

    New consumer data protection law less than four months away

    STRONGER protection for consumers when it comes to their personal data is now less than four months away from coming into force in Jersey.

    With European Data Protection Day falling on Sunday 28th January, the Office of the Information Commissioner is urging people to become more familiar about their rights about how their data is handled when the new legislation comes into effect.

    ‘Jersey’s new Data Protection laws come into force on 25th May 2018, the same day as the new European General Data Protection Regulation (GDPR). They extend the rights of individuals, giving them more control over what happens to their personal information,’ said Deputy Information Commissioner Paul Vane.

    Under the new rules, business will have to provide individuals with more information when it comes to personal data handling – including stronger rules around how businesses ensure individuals have consented to the use of such information.

    ‘With European Data Protection Day, it’s the perfect time to highlight these new laws that will benefit consumers. As well as long-standing rights of access to, and correction of personal information in specific cases, the new laws allow for the erasure of personal information in some circumstances, and the right to data portability,’ added Mr Vane.

    GDPR, which also aims to harmonise compliance regulations for business, will be the biggest change to data protection across Europe in more than 20 years. More guidance for individuals and business will be added to the Commissioner’s website over the coming months. For more information, go to


    Read more >
  • Career opportunities with the OIC

    Following the approval of the new Data Protection Laws in the States Assembly last week, the Office of the Information Commissioner has today started work on growing its team by advertising two new positions.

    For more details please take a look at our new Careers page.

    Read more >
  • States Assembly pass new Data Protection laws

    The States Assembly yesterday unanimously approved the Draft Data Protection (Jersey) Law 201- and the Draft Data Protection Authority (Jersey) Law 201-

    Chief Minister, Senator Ian Gorst said yesterday that he was “pleased that the States Assembly has approved new data protection laws that will help to strengthen individuals’ rights and ensure that Island businesses remain competitive“.

    The new laws will now be referred to Privy Council for Royal Assent before being registered in the Royal Court. Both laws are due to be implemented on 25th May 2018. Links to both laws can be found below.

    Draft Data Protection (Jersey) Law 201-

    Draft Data Protection Authority (Jersey) Law 201-

    Read more >
  • Proposed new Data Protection Laws lodged

    The proposed new Data Protection Laws have been today lodged with the States Assembly and are scheduled to be debated in the States on Tuesday 16th January 2018.

    The Draft Data Protection (Jersey) Law 201- and the Draft Data Protection Authority (Jersey) Law 201- can be found by following the links below:

    Read more >
  • Work continues to prepare the Channel Islands for new data protection legislation

    WORK is continuing to prepare the Channel Islands for new data protection legislation which is due to come into force in 2018, says the islands’ independent data protection regulator.

    Emma Martins said she and her pan-Island team were working hard to support both governments and businesses in the islands, recognising the potential economic benefits for those who engage with the opportunities created by the EU’s General Data Protection Regulation (GDPR).

    Her comments come after it was announced by the States of Jersey and the States of Guernsey that the data protection commissioner will be leaving her post in March 2018. The governments also confirmed that the pan-Island role will end, with each island introducing their own dedicated data protection commissioner post at that time.

    ‘After the recent decision for the Islands to move away from a pan-island data protection regulator, we will continue to work hard to ensure the Islands are as prepared as possible for the new data protection legislation in May 2018,’ said Mrs Martins, who is the Data Protection Commissioner in Guernsey and the Information Commissioner in Jersey.

    ‘The decision is regrettable after the two islands have come such a long way together and in light of the significant work done in recent years to create a pan-island presence. To a certain degree, it reflects the fast evolving nature of the data economy.’

    Important work to prepare the islands for GDPR will, however, continue to be carried out by Mrs Martins and her team.

    ‘These events should not and must not distract from the important work that lies ahead and on which industry and citizens are entitled to our complete focus and attention. There are very real economic opportunities for any jurisdiction that embraces those opportunities in an intelligent and enlightened way,’ added Mrs Martins.

    Read more >
  • Information Commissioner to leave her post

    Below is replicated a press release made by the States of Jersey taken from




    The pan-Island Information Commissioner has announced that she will be leaving her post in March 2018 after 14 years working for Jersey.

    Emma Martins took on responsibilities for data protection in Jersey in 2004, and has provided professional leadership since then as the importance of data in our private and professional lives has grown significantly.

    Since 2011 she has supported both Jersey and Guernsey, including preparing to implement new EU Data Protection Regulations.

    Assistant Chief Minister, Senator Paul Routier, said “Data protection is essential for Islanders and businesses – now more than ever. Mrs Martins has played an important role in Jersey and I thank her and wish her all the very best for the future.”

    Following an extensive consultation process, the new legislation in Jersey has recently been approved by the Council of Ministers for presentation to the States Assembly in December, in line with the agreed timetable.

    Dedicated Jersey Commission

    The States of Guernsey have decided that they would like to avoid a pan-Channel Island Information Commissioner managing two different sets of legislation and are intending to establish their own Information Commission. Jersey’s government will bring forward plans for a dedicated Jersey Information Commission to maintain a GDPR-equivalent regime and a properly resourced regulatory body.

    Senator Routier continued “Jersey places the highest importance on data protection matters, and our new legislation will serve the needs of Islanders and businesses for the future. We will continue to work constructively with Guernsey on a wide range of matters, but as the importance of data will continue to grow, so it is right that we appoint a dedicated Jersey regulator to oversee our compliance with the new legislation.”

    A recruitment process is now beginning to find a replacement for Mrs Martins. The new legislation in Jersey is expected to be in place in May, 2018.

    Read more >
  • Irish Data Protection Regulator questions transfer of Facebook data to US

    The Irish High Court has asked the Court of Justice of the European Union (CJEU) for a preliminary ruling on whether or not the transfer of Facebook user data to Facebook Inc in the US is lawful. Facebook operates its international business via a separate company in Ireland called Facebook Ireland Ltd, which handles the data of 85% of all Facebook users outside the US and Canada.

    The court agreed that the absence of effective remedies in the US may violate European fundamental rights under the European Charter of Fundamental Rights, when data is sent to the US under Standard Contractual Clauses (SCCs). European data protection law requires that data can only be transferred outside the EU if the personal data is “adequately protected”. This is in conflict with US law (FISA 702) which requires US companies (including Facebook Inc.) that are “electronic communication service providers” to hand over data, as and when required, to the US national security authorities.

    The court found that the Irish Data Protection Commissioner has “well-founded concerns” that the SCC Decision by the European Commission (2010/87/EU) may be invalid. The court further found that the DPC may be able to suspend data flows under the SCCs in line with Article 4 of the SCC decision and Article 28 of Directive 95/46/EC.

    The case is ongoing and further clarification in a second decision from the CJEU  is awaited. The latest ruling can be found by clicking on the link below.

    2017.10.04 – Irish DPA v Facebook Ireland.


    Read more >
  • International Conference of Data Protection and Privacy Commissioners

    The 39th International Conference of Data Protection and Privacy Commissioners is currently underway in Hong Kong at which the Channel Island data protection authorities are represented.

    The Conference which seeks to provide leadership at international level in data protection and privacy, links more than a hundred privacy and data protection authorities and serves as a reminder of the global nature of digital environment.

    More information about the conference can be found here.

    Read more >
  • New UK Data Protection Bill introduced into the House of Lords

    The UK Government has yesterday introduced the new UK Data Protection Bill to the House of Lords which, if passed, will overhaul the current UK data protection regime.

    In most respects the bill, which will come into force next May, will transfer the European Union’s General Data Protection Regulation into UK law. The legislation will also be maintained after Brexit.

    Whilst the proposals impose much heavier fines on those who do not protect personal data, the government said it had negotiated “vital” exemptions to create a more “proportionate” regime for Britain.

    The government had already unveiled other key provisions of the Data Protection Bill in August, including:

    • Making it simpler for people to withdraw consent for their personal data to be used
    • Letting people ask for data to be deleted
    • And making re-identifying people from anonymised or pseudonymised data a criminal offence

    In addition, UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover.

    The current maximum fine firms can suffer for breaking data protection laws is £500,000.

    To read the proposed UK Data Protection Bill in full, please click here.

    Read more >