Data protection & privacy laws in Saint Vincent and the Grenadines (2026)

The Privacy Act (No. 17 of 2003) was passed by Parliament to regulate the collection, use, correction, and disclosure of personal information by public authorities. It has never been commenced via ministerial order and therefore carries no legal effect.

The Privacy Act 2003 contemplates an Office of the Privacy Commissioner with powers to monitor compliance, investigate complaints, and advise public authorities. Because the Act has not been commenced, this office has never been operationalised and no data protection regulator currently exists.

Even if brought into force, the Privacy Act 2003 covers only personal information held by public authorities; private-sector data processing falls outside its scope, a significant gap relative to GDPR-style comprehensive regimes.

The Cybercrime Act 2016 is in force and criminalises unauthorised access to computer systems and unlawful interception of data, offering some indirect protection for personal data against malicious actors, but it is not a data protection or privacy statute.

Several Caribbean neighbours (Jamaica, Barbados, Trinidad and Tobago, Antigua and Barbuda) have enacted and commenced modern data protection legislation. SVG is among a smaller group of Caribbean states still without an operative data protection law, as tracked by regional analyses through early 2025.

The Constitution of Saint Vincent and the Grenadines provides a general right to privacy of the home and correspondence, but this constitutional protection is narrow and does not substitute for a statutory data protection framework applicable to digital personal data processing.