How can we sustainably strengthen privacy and digital resilience across the Kingdom? This question was at the heart of the symposium Borderless Digital Data and Privacy, organised by the Data Protection Supervisory Committee for Bonaire, Sint Eustatius, and Saba (CBP BES) on 28 January, International Data Privacy Day. The event highlighted that data protection in the Caribbean part of the Kingdom is an urgent governance and rule-of-law issue. Delay has direct consequences for oversight, data sharing, and trust within the Kingdom.
From identity documents and civil affairs to voting and social services, an increasing number of public services in the Caribbean Netherlands are becoming digital and data-dependent. While this enhances accessibility and efficiency, it also heightens risks related to privacy and data security. Glenn Thodé, Chair of CBP BES and former Lieutenant Governor of Bonaire, highlights the particular sensitivity in a small island context: “Because everyone knows each other, individuals in the Caribbean Netherlands are more easily identifiable. This is why careful handling of personal data is crucial for public trust”. Thodé emphasises that privacy protection and cybersecurity are inseparable and a matter of governance.
Privacy as a governance priority
Personal data is becoming increasingly valuable, often shared across chains and with external parties on the islands, heightening vulnerability. Roëlla Pourier, Director-Secretary of CBP BES, states: “Data is the new gold. Poor protection doesn’t just cause breaches, it erodes trust and legitimacy.” She sees privacy as a fundamental governance requirement. “Privacy and cyber resilience aren’t barriers to digitalisation; they’re the foundation for citizen and business trust in a digital government.”
Attitude and behaviour
“Privacy is a fundamental right,” Pourier asserts, “but it is poorly protected in the Caribbean Kingdom due to fragmented legislation. Urgent adoption of Convention 108+, the GDPR, and Directive 2016/680 is necessary to guarantee secure cross-border data exchange.” Thodé highlights the tension in practice: “Leaders often have good intentions, but these clash with the demand for personal information. Governance discipline is essential; only request personal data or identify individuals in public meetings if absolutely necessary. It’s not just about knowing the rules; it’s about cultivating a culture where privacy is a natural part of professional, trustworthy service.”
Privacy by Design
Pourier emphasises that privacy laws are often seen as obstacles. “That’s a missed opportunity: the law isn’t a blockade, but a guide for responsible digitalisation.” CBP BES observes that organisations tend to store everything reflexively without weighing necessity. “Privacy by design” means integrating privacy from the beginning. In workshops, CBP BES clarifies this concept, with ID documents, for example: “A photo can reveal sensitive traits. Still, just because you can doesn’t mean you should. That awareness is the core of true data security.”
12 Years of CBP BES: From Awareness to Action
Early on, CBP BES concentrated on raising awareness, as privacy was seldom discussed. “Enforcement without basic knowledge isn’t fair,” says Pourier. Now, citizens and organisations know where to seek guidance. “Good oversight shifts from control to empowerment, showing what is possible within the law.” This represents a significant milestone.
Shared responsibility for privacy is increasing: public and private organisations now work together voluntarily. Pourier: “After discussions with the press, local media now automatically anonymise personal data in incident reports.” CBP BES also employs enforcement measures, like fines, to enhance compliance. With rising digitalisation, support remains vital. Their targeted, interactive workshops are often fully booked.
Privacy: a governance task, not just an ICT project
Pourier stresses that privacy and data security aren’t standalone ICT projects, but a governance responsibility affecting the entire organisation. “Leaders set priorities, make choices, and shape organisational culture. Technology evolves rapidly, and risks shift. Those who integrate privacy and cyber resilience into decision-making invest in professional, reliable service and trust.”
The small-scale, geopolitically vulnerable position of the Caribbean Netherlands requires a balance between self-reliance and Kingdom-wide cooperation, Thodé notes. “Not everything needs local solutions. Where self-reliance is possible, it should be encouraged; where capacity falls short, solidarity is essential.” He calls for structural support within the Kingdom. Pourier adds, “Privacy and data security don’t stop at borders. Collaboration across the Kingdom is vital for sustainable digitalisation.”
