For immediate release

(9 September 2024, Hamilton) – The Office of the Privacy Commissioner for Bermuda (PrivCom) has been engaging with other jurisdictions to bolster Bermuda’s reputation as a trusted hub, including for cross-border transfers of data. In April 2024, PrivCom joined the Global Cross-Border Privacy Rules (CBPR) Forum as a Privacy Enforcement Authority (PEA) from outside the Asia-Pacific region in the Global Cooperation Arrangement for Privacy Enforcement (CAPE), a multilateral arrangement for PEAs to facilitate cross-border enforcement of data protection and privacy laws. The Commissioner recommended that the Government apply to seek participation, and then-Minister Vance Campbell announced in May that the Government would seek Associate status in the Forum and apply for full membership once PIPA is in effect. In August, the Forum’s Membership Committee announced that Bermuda meets the conditions for Associate membership and welcomed the country to the Forum.

Full membership in this Forum would mean that Bermuda would be recognised as a trusted jurisdiction standing side-by-side as an equal partner with the United States, Canada, Australia, Japan, Singapore, Korea, the Philippines, Mexico, and Chinese Taipei, along with other Associates such as the Dubai International Finance Centre (DIFC) and the United Kingdom. This growing Forum promotes interoperability between the privacy laws of the member jurisdictions by providing an international certification system that organisations may use – if they choose – to demonstrate compliance with common privacy principles that align with PIPA.

By participating in the Forum, Bermuda would be granted mutual recognition for our privacy rights and standards, ensuring certainty for Bermudian businesses and expanded international protections for the rights of its people. The Forum’s workings are based upon consensus, which gives Bermuda a global platform to express our perspective and represent our interests.

Issues of technology and digital rights have never been more important – or more global. By bringing PIPA into force on 1st January 2025 and by engaging with jurisdictions around the world, Bermuda is being positioning as a forward-thinking and privacy-preserving jurisdiction. Not only will Bermuda be recognised as meeting international standards for conducting business, but we will also be seen to play a key role in setting those standards while protecting personal information and respecting privacy rights.

In the field of finance and enforcement, Bermuda prides itself on strong regulation and has garnered international recognition for our standards and practices. As a global business hub, Bermuda’s businesses receive data from organisations based in all corners of the world. Our business community would similarly prosper from international recognition for being a trusted jurisdiction for privacy and data protection.

This practice of recognising trusted jurisdictions is a key feature of most privacy legislation. Such two-way recognition serves:

• to provide practical certainty that Bermuda’s businesses may engage with service providers in other trusted jurisdictions, and

• as a signal to the world that Bermuda is open for business as a trusted recipient of global data flows.

For more information, visit Global CBPR and Global PRP Systems and the Global CAPE