
Data Protection in Haiti
Data protection laws in Haiti
Definitions in Haiti
Definition of Personal Data
There is no definition on the act.
Definition of Sensitive Personal Data
Article 4 of the Decree on personal data provides that “Any release of personal data that is likely to infringe the rights and freedom of an individual is forbidden”.
This disposition refers to sensitive personal data according to our interpretation. Thus, sensitive personal data is any data that is likely of infringe the rights and freedom of an individual.
National data protection authority in Haiti
Such entity does not exist yet in Haiti.
Registration in Haiti
N/A.
Data protection officers in Haiti
N/A.
Collection and processing in Haiti
Articles 587 to 593 of the 2020 Penal Code address offenses related to automated data systems and their associated penalties. Unauthorized access or fraudulent maintenance in these systems is penalized by imprisonment ranging from 1 to 2 years and fines between 25,000 to 50,000 gourdes, with heightened penalties of 2 to 3 years of imprisonment and fines of 50,000 to 100,000 gourdes if it results in system dysfunction or data alteration (2020 Penal Code, Article 587). Disrupting or falsifying system operations carries penalties of 1 to 3 years of imprisonment and fines from 50,000 to 100,000 gourdes (2020 Penal Code, Article 588). The fraudulent introduction, alteration, or deletion of data incurs 3 to 5 years of imprisonment and fines ranging from 75,000 to 100,000 gourdes (2020 Penal Code, Article 589). Possessing, distributing, or using tools to commit such offenses is subject to the same penalties as the primary offenses (2020 Penal Code, Article 590). Unauthorized interception of non-public transmissions and intentional, unauthorized data alterations are similarly punishable by 3 to 5 years of imprisonment and fines between 75,000 and 150,000 gourdes (2020 Penal Code, Articles 592 and 593).
The Penal Code, adopted in 2020, was initially set to come into force 24 months after its adoption, introducing comprehensive provisions to address crimes in the digital domain. However, these provisions are not yet in effect, as the implementation of the reformed Penal Code has been postponed indefinitely. A commission was supposed to review the text following concerns raised by various sectors. To date, no commission has been appointed, leaving the unreformed Penal Code in effect. The current Penal Code lacks provisions addressing crimes in the digital domain or data protection matters. Consequently, the provisions of the 2020 Penal Code remain under review and are anticipated to come into force in the near future.
Enforcement in Haiti
Article 436 of the 2020 Penal Code addresses breaches of correspondence secrecy, including physical and electronic forms. It penalizes the opening, suppression, delay, or diversion of correspondence, whether it has reached its destination or not, as well as the fraudulent acquisition of its contents. The article also extends to the interception, diversion, use, or disclosure of correspondence transmitted through telecommunications and the installation of devices for such interception. Violators face imprisonment ranging from six months to one year and fines of 25,000 to 50,000 gourdes.
Article 437 of the 2020 Penal Code of Haiti governs the processing of personal data and enforcement by penalizing unauthorized data processing activities. Specifically, it criminalizes conducting or instructing the processing of personal data in violation of formalities prescribed by law, whether due to negligence or intent. The penalties include imprisonment of 1 to 3 years and a fine ranging from 50,000 to 100,000 gourdes, or either of these penalties.
The Penal Code, adopted in 2020, was initially set to come into force 24 months after its adoption, introducing comprehensive provisions to address crimes in the digital domain. However, these provisions are not yet in effect, as the implementation of the reformed Penal Code has been postponed indefinitely. A commission was supposed to review the text following concerns raised by various sectors. To date, no commission has been appointed, leaving the unreformed Penal Code in effect. The current Penal Code lacks provisions addressing crimes in the digital domain or data protection matters. Consequently, the provisions of the 2020 Penal Code remain under review and are anticipated to come into force in the near future.
Electronic marketing in Haiti
The Decree on data privacy requires the user’s consent whereas Article 438 (2) of the 2020 Penal Code only specifies that the person needs to opt-out. Given that the Decree on personal data is a specific legislation on data privacy, we recommend having the user consent prior to collecting his data.
The Penal Code, adopted in 2020, was initially set to come into force 24 months after its adoption, introducing comprehensive provisions to address crimes in the digital domain. However, these provisions are not yet in effect, as the implementation of the reformed Penal Code has been postponed indefinitely. A commission was supposed to review the text following concerns raised by various sectors. To date, no commission has been appointed, leaving the unreformed Penal Code in effect. The current Penal Code lacks provisions addressing crimes in the digital domain or data protection matters. Consequently, the provisions of the 2020 Penal Code remain under review and are anticipated to come into force in the near future.
Arrêté fixant les règles relatives à la protection des données à caractère personnel, published in the official gazette, Le Moniteur, #87 of May 15, 2018.
Code Penal, Published in the official gazette, Le Moniteur, Special #10, June 24, 2020.