Skip to main content
NOPE
In Effect Law Data Protection Context Relevance

Jamaica DPA

Data Protection Act 2020

Jamaica's comprehensive data protection law establishing rights regarding automated decision-taking and requiring parental consent for children's data.

Jurisdiction

Jamaica

JM

Enacted

Sep 4, 2020

Effective

Dec 1, 2021

Enforcement

Office of the Information Commissioner

Who Must Comply

This law applies to:

  • Data controllers and processors in Jamaica
  • Entities processing data of Jamaican residents
  • Automated decision-making systems

Capability triggers:

servesMinors (increases)
automatedDecisionMaking (required)
Required Increases applicability

Who bears obligations:

Data ControllerData Processor

Safety Provisions

  • Rights regarding automated decision-taking
  • Parental consent required for children's data
  • Data controller registration required
  • Breach notification to Information Commissioner
  • Data Protection Impact Assessment for high-risk processing

Enforcement

Enforced by

Office of the Information Commissioner

Penalties

JMD 5M; criminal liability

Max fine: $5,000,000
Criminal liability

Fines up to JMD 5 million or imprisonment

Quick Facts

Binding
Yes
Mental Health Focus
Yes
Child Safety Focus
Yes
Algorithmic Scope
Yes

Why It Matters

Jamaica's automated decision-taking rights apply to AI chatbots making risk assessments or providing recommendations to Jamaican users.

Cite This

APA

Jamaica. (2020). Data Protection Act 2020. Retrieved from https://nope.net/regs/jm-dpa-2020

BibTeX

@misc{jm_dpa_2020,
  title = {Data Protection Act 2020},
  author = {Jamaica},
  year = {2020},
  url = {https://nope.net/regs/jm-dpa-2020}
}

Related Regulations

In Effect CARICOM Data Protection

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect CL Data Protection

Chile Cybersecurity Law

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

In Effect PR Data Protection

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect AR AI Safety

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA AI Safety

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

In Effect PE AI Safety

Peru AI Regulations

Peru's first comprehensive AI regulatory framework, inspired by EU AI Act. Establishes three-tier risk-based approach: prohibited uses, high-risk systems (including healthcare), and low-risk/acceptable AI. First general AI regulation in Latin America. Requires human oversight, transparency, and risk assessments for high-risk AI including healthcare applications.

Back to all regulations Check if this applies to you