CAYMAN ISLANDS Law and Practice Contributed by: Daniel Lee, Sophia Scott, Kimberly Robinson and James Turner, Maples Group
8. Data Protection 8.1 Applicable Regulations
The duration of protection of the copyright var - ies depending on varying factors (type of work/ right, whether the author is known, how the work was made, published, etc). In the usual course, protection for original LDMA works will ordinar - ily be 70 years beyond the life of the author. Other works tend to vary in protection between 25 and 70 years. It is not currently possible (or necessary) to register a copyright in the Cayman Islands. Copyright may be enforced by court action, generally in the Grand Court. Remedies for copyright infringement include damages, injunc - tions, delivery-up of the infringing work, right to seizure of infringing work or any other remedy that would be available in respect of any other property right. Criminal sanctions for copyright infringement are also available. 7.5 Others Software and databases are principally pro - tected as copyright works (see 7.4 Copyright ). In certain circumstances, the law of confidential information may provide further (possibly over - lapping) protection for computer code or algo - rithms. Trade secrets are protected by an action for breach of confidence. An action for breach of confidence classically requires three elements: • the information itself is properly confidential; • the information was imparted in circumstanc - es importing an obligation of confidence; and • there has been an unauthorised use/misuse of that information. When a breach of confidence action is made out, typical remedies include injunctions, damages or an account of profits, declarations.
The Cayman Islands Data Protection Act (As Revised) (DPA) is the main applicable legislation. The DPA is modelled on the UK’s Data Protec - tion Act 1998, with additional elements taken from the EU’s General Data Protection Regula - tion (GDPR). The DPA requirements are broadly speaking like the GDPR, but much less onerous. 8.2 Geographical Scope Like the GDPR, the DPA has extraterritorial effect and will apply to any “data controller” (ie, the person or entity that determines what personal data is processed, why and how) that is estab - lished in the Cayman Islands, as well as any ”data controller” on whose behalf personal data is processed in the Cayman Islands for any pur - pose other than mere transit. The DPA could potentially apply to an overseas business that markets goods/services to Cay - man Islands residents, and collects their per - sonal data in doing so. However, the extrater - ritorial effect of the DPA will not be triggered merely because goods/services are accessible or available to Cayman residents; there must be an indication that the overseas business is actively targeting Cayman Islands residents in marketing its goods/services. A data controller must comply with, among other things, the data protection principles of the per - sonal data that it processes (or, in the case of an overseas data controller caught by the extrater - ritorial effect of the DPA, personal data that is processed on its behalf by any “data processor” based in the Cayman Islands). The data protection principles are broadly speaking like the principles set out in Article 5
166 CHAMBERS.COM
Powered by FlippingBook