How can we sustainably strengthen privacy and digital resilience across the Kingdom? This question was at the heart of the symposium Borderless Digital Data and Privacy, organised by the Data Protection Supervisory Committee for Bonaire, Sint Eustatius, and Saba (CBP BES) on 28 January, International Data Privacy Day. The event highlighted that data protection in the Caribbean part of the Kingdom is an urgent governance and rule-of-law issue. Delay has direct consequences for oversight, data sharing, and trust within the Kingdom.
From identity documents and civil affairs to voting and social services, an increasing number of public services in the Caribbean Netherlands are becoming digital and data-reliant. While this improves accessibility and efficiency, it also raises risks related to privacy and data security. Glenn Thodé, Chair of CBP BES and former Lieutenant Governor of Bonaire, emphasises the particular sensitivity in a small island context: “Because everyone knows each other, individuals in the Caribbean Netherlands are more easily identifiable. This is why careful handling of personal data is crucial for public trust.” Thodé stresses that privacy protection and cybersecurity are inseparable and a matter of governance.
Privacy as a governance priority
Personal data is increasingly valuable and frequently shared across chains and with external parties on the islands, increasing its vulnerability. Roëlla Pourier, Director-Secretary of CBP BES, emphasises: “Data is the new gold. Poor protection not only leads to breaches but also damages trust and legitimacy.” She considers privacy a fundamental necessity of governance. “Privacy and cyber resilience aren’t obstacles to digitalisation; they form the basis for citizen and business trust in a digital government.”
Attitude and behaviour
“Privacy is a fundamental right,” Pourrier asserts, “but it is poorly protected in the Caribbean Kingdom due to fragmented legislation.” She stresses the urgent need to adopt Convention 108+, the GDPR, and Directive 2016/680 to ensure secure cross-border data sharing. Thodé points out the practical challenges: “Leaders often have good intentions, but these clash with the demand for personal information. Governance discipline is essential; only request personal data or identify individuals in public meetings if absolutely necessary. It’s not just about following rules; it’s about creating a culture where privacy is a key part of professionalism and trustworthy service.”
Privacy by Design
Pourier notes that privacy laws are often perceived as hurdles. A missed opportunity, she says: “The law isn’t a barrier, but rather a guide for responsible digitalisation.” CBP BES observes that organisations tend to store everything reflexively without weighing necessity. “Privacy by design” means integrating privacy from the beginning. In workshops, CBP BES explains this concept, with ID documents, for example: “A photo can reveal sensitive traits. Still, just because you can doesn’t mean you should. That awareness is the core of true data security.”
12 Years of CBP BES: From Awareness to Action
Early on, CBP BES concentrated on raising awareness, as privacy was seldom discussed. “Enforcement without basic knowledge isn’t fair,” says Pourier. Now, citizens and organisations know where to seek guidance. “Good oversight shifts from control to empowerment, showing what is possible within the law.” This represents a significant milestone.
Shared responsibility for privacy is growing: public and private organisations now work together voluntarily. Pourier: “After discussions with the press, local media now automatically anonymise personal data in incident reports.” CBP BES also employs enforcement measures, such as fines, to improve compliance. With rising digitalisation, support remains vital. Their targeted, interactive workshops are often fully booked.
Privacy: a governance task, not merely an ICT project
Pourier stresses that privacy and data security aren’t standalone ICT projects, but a governance responsibility affecting the entire organisation. “Leaders set priorities, make choices, and shape organisational culture. Technology evolves rapidly, and risks shift. Those who integrate privacy and cyber resilience into decision-making invest in professional, reliable service and trust.”
The small-scale and geopolitically vulnerable situation of the Caribbean Netherlands requires a balance between self-reliance and cooperation across the Kingdom, Thodé notes. “Local solutions are not always necessary. If self-reliance is an option, it should be encouraged; where capacity falls short, solidarity is vital.” He calls for structural support within the Kingdom. Pourier adds, “Privacy and data security don’t stop at borders. Collaboration across the Kingdom is essential for sustainable digitalisation.”
