Isle of Man
| OVERVIEW | Isle of Man is not part of the European Union or part of the United Kingdom, although the British Queen is its head of state. Privacy and data protection legislation is modeled after EU Data Protection Directive. |
| ENACTED | 2002 |
| GENERAL PRIVACY LAWS | Data Protection Act of 2002 |
| PERSONAL DATA PROTECTION LAWS AND REGULATIONS | Data Protection Act of 2002 |
| TYPE OF DATA PROTECTED | Personal Information. |
| WORKPLACE PRIVACY LAWS | Section 9 of the Data Protection Act provides an individual data subject the right to object to unsolicited commercial communications. The objection must be in writing. Upon receipt, the data controller must cease sending such messages to the individual. The Commissioner has provided a written guidance on Unsolicited Communications. |
| TRANSBORDER TRANSFERS |
The Eighth Principle of the Data Protection Act mandates that data shall not be transferred out of the Isle of Man to a country outside of the European Union that doesn’t provide adequate protection. Schedule IV lists situations where the Eighth Principle does not apply. The Data Commissioner has provided a written guidance on Data Transfers. |
| FINES AND SANCTIONS | Civil and criminal sanctions. Fines ranging to £ 5,000. |
| OTHER PRIVACY LAWS AND REGULATIONS |
On June 24, 2009, the Isle of Man announced that in 2011, it would comply with the EU’s bank secrecy laws. Part 3 of the Data Protection Act sets forth the requirements for a data controller to notify the data commissioner. Section 15 sets forth the particulars of the notice. A data controller is generally prohibited from processing personal data until the notice has been given to the data commissioner. |
