Data & Privacy · Antigua and Barbuda
Data protection & privacy laws in Antigua and Barbuda (2026)
Antigua and Barbuda shaded by its data & privacy status
Antigua and Barbuda enacted a comprehensive data protection statute in 2013 that governs personal data processing by both public and private bodies. The Act establishes data subject rights, imposes security and accountability obligations on data controllers, and restricts cross-border data transfers. The Information Commissioner serves as the independent supervisory authority responsible for enforcement and complaint investigation.
Key points
The Data Protection Act, 2013 (No. 10 of 2013) is the principal statute, designed to protect personal data processed by public and private bodies and to balance the necessity of data processing against individual privacy rights.
The Information Commissioner is the designated regulatory authority with powers to investigate complaints, audit data controllers, and take enforcement action against entities in breach of the Act.
Individuals hold rights of access, rectification, erasure, information (notice of processing), and the right to object or opt out of processing — broadly analogous to pre-GDPR Commonwealth frameworks.
Data controllers must obtain consent before processing, provide notice of purpose and third-party recipients, ensure data accuracy and relevance, and implement practical technical and organisational security measures against unauthorised access, alteration, or destruction.
The Act restricts transfers of personal data to foreign jurisdictions and third parties, requiring adequate safeguards before data may be transferred outside Antigua and Barbuda.
Violations attract summary conviction penalties of up to XCD $50,000 or three years imprisonment, and on indictment up to XCD $100,000 or five years imprisonment.
Antigua and Barbuda - other topics
Last verified 5/25/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →