Last modified 16 January 2025

Data Protection in Haiti

Enforcement in Haiti

Download PDF

Download current country

Change countries

Change country

Law

Data protection laws in Haiti

Arrêté fixant les règles relatives à la protection des données à caractère personnel, published in the official gazette, Le Moniteur, #87 of May 15, 2018.

Code Penal, Published in the official gazette, Le Moniteur, Special #10, June 24, 2020.

Related resources

Definitions

Definitions in Haiti

Definition of Personal Data

There is no definition on the act.

Definition of Sensitive Personal Data

Article 4 of the Decree on personal data provides that “Any release of personal data that is likely to infringe the rights and freedom of an individual is forbidden”.

This disposition refers to sensitive personal data according to our interpretation. Thus, sensitive personal data is any data that is likely of infringe the rights and freedom of an individual.

Authority

National data protection authority in Haiti

Such entity does not exist yet in Haiti.

Registration

Registration in Haiti

N/A.

Data protection officers

Data protection officers in Haiti

N/A.

Collection and processing

Collection and processing in Haiti

Articles 587 to 593 of the 2020 Penal Code address offenses related to automated data systems and their associated penalties. Unauthorized access or fraudulent maintenance in these systems is penalized by imprisonment ranging from 1 to 2 years and fines between 25,000 to 50,000 gourdes, with heightened penalties of 2 to 3 years of imprisonment and fines of 50,000 to 100,000 gourdes if it results in system dysfunction or data alteration (2020 Penal Code, Article 587). Disrupting or falsifying system operations carries penalties of 1 to 3 years of imprisonment and fines from 50,000 to 100,000 gourdes (2020 Penal Code, Article 588). The fraudulent introduction, alteration, or deletion of data incurs 3 to 5 years of imprisonment and fines ranging from 75,000 to 100,000 gourdes (2020 Penal Code, Article 589). Possessing, distributing, or using tools to commit such offenses is subject to the same penalties as the primary offenses (2020 Penal Code, Article 590). Unauthorized interception of non-public transmissions and intentional, unauthorized data alterations are similarly punishable by 3 to 5 years of imprisonment and fines between 75,000 and 150,000 gourdes (2020 Penal Code, Articles 592 and 593).

The Penal Code, adopted in 2020, was initially set to come into force 24 months after its adoption, introducing comprehensive provisions to address crimes in the digital domain. However, these provisions are not yet in effect, as the implementation of the reformed Penal Code has been postponed indefinitely. A commission was supposed to review the text following concerns raised by various sectors. To date, no commission has been appointed, leaving the unreformed Penal Code in effect. The current Penal Code lacks provisions addressing crimes in the digital domain or data protection matters. Consequently, the provisions of the 2020 Penal Code remain under review and are anticipated to come into force in the near future.

Related resources

Transfer

Transfer in Haiti

If personal data is communicated to a third party, it has to be accessible with the possibility to be modified by the person on which they have been stored.

Related resources

Security

Security in Haiti

The Decree provides that the personal data needs to be stored in a way to protect confidentiality and prevent disclosure. When stored, only specific people should have access to them because of their position.

Related resources

Breach notification

Breach notification in Haiti

The law does not regulate how breach of data should be handled. However, any communication of personal data (including breaches) can be subject to criminal and administrative lawsuits.

Mandatory breach notification

No regulation on the matter.

Related resources

Enforcement

Enforcement in Haiti

Article 436 of the 2020 Penal Code addresses breaches of correspondence secrecy, including physical and electronic forms. It penalizes the opening, suppression, delay, or diversion of correspondence, whether it has reached its destination or not, as well as the fraudulent acquisition of its contents. The article also extends to the interception, diversion, use, or disclosure of correspondence transmitted through telecommunications and the installation of devices for such interception. Violators face imprisonment ranging from six months to one year and fines of 25,000 to 50,000 gourdes.

Article 437 of the 2020 Penal Code of Haiti governs the processing of personal data and enforcement by penalizing unauthorized data processing activities. Specifically, it criminalizes conducting or instructing the processing of personal data in violation of formalities prescribed by law, whether due to negligence or intent. The penalties include imprisonment of 1 to 3 years and a fine ranging from 50,000 to 100,000 gourdes, or either of these penalties.

Electronic marketing

Electronic marketing in Haiti

The Decree on data privacy requires the user’s consent whereas Article 438 (2) of the 2020 Penal Code only specifies that the person needs to opt-out. Given that the Decree on personal data is a specific legislation on data privacy, we recommend having the user consent prior to collecting his data.

Online privacy