When CARICOM announced that citizens of Barbados, Belize, Dominica, and St. Vincent and the Grenadines would soon enjoy the right to live and work freely across each other’s borders, it marked a watershed moment. For decades, the region’s leaders have spoken of a borderless Caribbean — of a Single Market and Economy that allows people, goods, and ideas to move seamlessly. That vision is now taking form.
But beneath the optimism lies a structural dilemma: how do we ensure safe and effective free movement in a region where data protection is fragmented, privacy oversight is weak, and the very definition of “CARICOM citizen” varies by state? If the logical next step is a CARICOM-wide identification credential to prove residency and work rights, the region faces a paradox. We cannot make free movement real without shared identity verification — yet we cannot responsibly build such a system when privacy maturity remains uneven across our Member States.
The Mobility Imperative
The case for a CARICOM-wide identification framework is compelling. The right to move, live, and work across borders cannot depend solely on national IDs or passports, because those documents reflect national citizenship, not necessarily regional entitlement.
Under the Revised Treaty of Chaguaramas, the freedom to move and work is a CARICOM right attached to CARICOM nationals — citizens of Member States participating in the Single Market. But because citizenship is defined by domestic law, the same treaty-based right plays out differently depending on how each country defines its citizens.
Consider this example: a person who applies to live and work in Barbados might be denied under that country’s immigration rules. The same individual could then purchase citizenship in Dominica through its Citizenship by Investment Programme (CBI) — one of several such schemes across the Eastern Caribbean — and suddenly reappear as a CARICOM national entitled to move freely.
Legally, that person would now have the right to reside and work in Barbados, not because of any cultural or regional connection, but because they bought a passport in another Member State. This scenario, while uncomfortable, is entirely possible under the current system. It raises serious questions about the integrity and intent of regional citizenship.
The free movement regime was designed to integrate the Caribbean’s people — to make it easier for teachers, technicians, accountants, and artists to move where opportunity calls. It was never meant to be a side effect of global investment migration. Yet without a standardized, regionally managed credential, there’s no practical way to distinguish between these categories at the operational level.
This is why a CARICOM Mobility ID — a credential rooted in treaty rights rather than national discretion — makes sense. It would verify the basis of entitlement (for example, Skilled National status or enhanced cooperation membership) and provide interoperable recognition of that status across participating states. It would not replace national citizenship but rather certify the holder’s lawful right to live and work anywhere within the free movement area.
Most importantly, this would move the region beyond passports as the only proof of belonging, toward a fairer and more reliable way to confirm who truly has the right to live and work across CARICOM.
The Privacy Deficit
Yet the technical logic of integration runs headlong into the region’s institutional weakness. Most CARICOM states have either weak, outdated, or incomplete data protection regimes — and even where strong laws exist, enforcement remains aspirational.
Barbados has one of the region’s most advanced frameworks. The Data Protection Act (2019) established a modern, rights-based regime modeled on the EU’s General Data Protection Regulation (GDPR). It created the post of Data Protection Commissioner, who has begun the slow process of building awareness, registration systems, and compliance culture. Still, enforcement is limited, and the Commission’s capacity remains in development.
Belize, too, passed a comprehensive Data Protection Act in 2021, similarly inspired by GDPR principles. It establishes individual rights and corporate obligations, but its implementation is being phased in, and practical enforcement has yet to be tested.
By contrast, St. Vincent and the Grenadines passed a Privacy Act in 2003 that has never been brought into force — it exists only on paper. Dominica, meanwhile, lacks a modern data protection law altogether. There is no independent oversight authority, no legal requirement for breach notification, and no structured avenue for citizens to seek redress.
This disparity means that personal data could flow freely between states with vastly different levels of protection. Once information crosses from Barbados or Belize into a jurisdiction without active regulation, the rights of the individual effectively disappear.
In such a landscape, any attempt to build a regional digital ID system risks magnifying the weakest link. It’s not simply a matter of technology — it’s a matter of governance capacity, legal enforceability, and trust.
The Governance Paradox
The region therefore stands at a crossroads. To make free movement practical, CARICOM needs a shared identity system. But to make that system safe, it needs harmonized privacy laws, functioning regulators, and enforceable cross-border safeguards — things that most Member States do not yet possess.
The choice feels binary: move ahead without adequate protection, or delay integration until legal frameworks catch up. Both paths carry risk. Move too fast, and a regional identity system could expose citizens to surveillance, profiling, or misuse of personal data. Move too slowly, and the political momentum behind free movement could evaporate into bureaucracy and hesitation.
The European Union resolved this dilemma by creating a single data governance framework — the General Data Protection Regulation (GDPR) and the Electronic Identification, Authentication and Trust Services Regulation, known as eIDAS — which together ensure that every Member State meets the same privacy and digital identity standards. CARICOM, by contrast, operates under a decentralized treaty system that prioritizes national sovereignty. That sovereignty, however, is now the very thing threatening to fragment the regional project it was designed to protect.
The Legal Patchwork Problem
The legal fragmentation across CARICOM is more than an inconvenience; it’s a liability. In Barbados, the Data Protection Commissioner can investigate and sanction breaches. In Belize, the Commissioner exists but has yet to establish enforcement precedent. In St. Vincent and Dominica, no regulator is operational at all.
If a regional identity database were to suffer a data breach involving citizens from all four states, the response would differ dramatically: Barbados might investigate, Belize might caution, and the others might do nothing. The same dataset would be simultaneously protected, neglected, and ignored, depending on where it resides.
This uneven legal terrain makes mutual trust almost impossible. Integration can only be as strong as its weakest Member State — and on privacy, those weaknesses are glaring.
The Path Forward
The way out of this paradox is to treat data governance as the foundation of integration, not as optional. CARICOM should develop a CARICOM Data Protection Treaty — a shared legal and institutional framework that ensures equivalent safeguards across borders.
Such a compact could establish a network of national Data Protection Authorities bound by common principles, create a small oversight office within the CARICOM Secretariat, and require Member States to meet minimum privacy standards before participating in any regional identity scheme. This would embed “privacy by design” into the architecture of free movement, ensuring that rights travel with the individual, not just their data.
A phased approach makes sense. The initial Mobility ID pilot could launch among the four early-adopting states — Barbados, Belize, Dominica, and St. Vincent — with technical assistance directed toward raising Dominica’s and St. Vincent’s privacy capacities to minimum compliance thresholds. Over time, other Member States could join as they reach readiness.
Integration With Trust
CARICOM’s dream of integration has always been about people — about the right to belong anywhere in the Caribbean. But integration in the digital age is not just about open borders; it’s about trusted systems. It’s about knowing that when your personal information crosses into another jurisdiction, your rights don’t vanish at the border.
If the region rushes into digital identity without strong privacy foundations, it risks eroding the very trust it needs to make integration sustainable. Citizens could begin to view free movement not as liberation, but as surveillance.
But if CARICOM takes the harder route — harmonizing data laws, enforcing privacy standards, and embedding transparency into its governance — then the Mobility ID could become a symbol of both unity and accountability. It would demonstrate that the Caribbean can integrate responsibly, respecting its citizens as much as its ambitions.
Free movement is a noble goal, but freedom without protection is a fragile kind of progress.