Jersey’s Information Commissioner reports to States Assembly on positive changes to data protection rights

Data Protection Law is a vital instrument, which seeks to safeguard our personal information. States Members need to ensure they are actively involved in ensuring  they keep up-to-date with their obligations.


This was highlighted by Jersey’s Information Commissioner, Dr Jay Fedorak, when he addressed the States Assembly recently. He also drew States Members’ attention to the rapidly advancing technology that has created new challenges for regulators, businesses and public authorities.


“The evolution of the internet and new forms of social media have resulted in vast amounts of personal data becoming public and remaining accessible indefinitely. It has also increased the risks to individuals of significant harm from the loss or theft of their data,” he said.

However, Dr Fedorak reported that Jersey is adapting positively to this change: “Jersey has followed Europe in implementing a more comprehensive data protection law in early 2018 that addresses the risks that technological developments have posed.


We are continuing to preserve the human rights of our residents, while demonstrating to the world that Jersey is a good place to invest money, conduct business, and manage data.


For individuals, they have a new right to data portability. Controllers and processors have new obligations to document their processing activities and incorporate data protection by design and default. There are also new obligations to consult our office about processing involving high risk to data subjects.”


The Information Commissioner presented a consultation paper to the States Assembly proposing a new registration model for the Jersey Office of the Information Commissioner (JOIC) and new registration fees to support the work of the Jersey Data Protection Authority.


Dr Fedorak explained: “It is an essential element of the GDPR that the supervisory authority act with complete independence, remain free from external influence of any kind and take instruction from nobody. This is because the main purpose of the GDPR is to restore public trust in how public authorities and businesses manage personal data.

The public needs to have confidence that we will enforce the law adequately, fairly and without bias. For the regulator to be credible to the public, it must be seen to be free of any incentive to take sides in any case. The regulator requires a reputation for integrity, which it earns by ensuring that the public believes that it bases all of its decisions solely on its professional knowledge and expertise in the requirements of the law.”

As part of a transition to greater independence, JOIC is moving to a new funding model that is less reliant on government. This consultation paper outlines the details of the proposal that JOIC will be making to government after this consultation.

The JOIC invites comments on this consultation paper.