Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision
The Protection of Personal Information Act 4 of 2013 (POPIA) was introduced to protect the right to privacy of the South African data subject. The Act prescribes obligations that a responsible party must fulfil to achieve this purpose. However, personal information is very often collected and proce...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | Afrikaans |
| Published: |
North-West University
2024-11-01
|
| Series: | Potchefstroom Electronic Law Journal |
| Subjects: | |
| Online Access: | https://perjournal.co.za/article/view/15234 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846169013784150016 |
|---|---|
| author | Juana Coetzee |
| author_facet | Juana Coetzee |
| author_sort | Juana Coetzee |
| collection | DOAJ |
| description |
The Protection of Personal Information Act 4 of 2013 (POPIA) was introduced to protect the right to privacy of the South African data subject. The Act prescribes obligations that a responsible party must fulfil to achieve this purpose. However, personal information is very often collected and processed by responsible parties who are outside the Republic. Alternatively personal information is collected by a responsible party in the Republic and then transferred out of the country. Part I of this article discussed the territorial scope provision (section 3) and concluded that it can give rise to interpretative uncertainties with the result that personal information processed by responsible parties outside the Republic would not be covered by the Act. However, responsible parties often move their processing activities out of the country to escape liability. This part of the article analyses the data transfer provision (section 72), a provision that is directed at the regulation of the transfer of data outside the Republic. Section 72 lays down certain conditions before a responsible party can export data out of the Republic to a third party. The discussion will show that the provision has certain shortcomings which could limit its effectiveness in providing the necessary protection if compared to its counterpart in the EU General Data Protection Regulation (GDPR). Consequently, legislative revision or clarification by the Information Regulator in the form of a Guidance Note would be welcomed. The article concludes with a brief analysis of the interplay between sections 3 and 72 to illustrate the need for both these provisions in our law.
|
| format | Article |
| id | doaj-art-d4de41064d2d4ff2b72c65bbf3bef72d |
| institution | Kabale University |
| issn | 1727-3781 |
| language | Afrikaans |
| publishDate | 2024-11-01 |
| publisher | North-West University |
| record_format | Article |
| series | Potchefstroom Electronic Law Journal |
| spelling | doaj-art-d4de41064d2d4ff2b72c65bbf3bef72d2024-11-13T08:25:55ZafrNorth-West UniversityPotchefstroom Electronic Law Journal1727-37812024-11-012710.17159/1727-3781/2024/v27i0a15234Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer ProvisionJuana Coetzee0https://orcid.org/0000-0003-1388-4792Stellenbosch University The Protection of Personal Information Act 4 of 2013 (POPIA) was introduced to protect the right to privacy of the South African data subject. The Act prescribes obligations that a responsible party must fulfil to achieve this purpose. However, personal information is very often collected and processed by responsible parties who are outside the Republic. Alternatively personal information is collected by a responsible party in the Republic and then transferred out of the country. Part I of this article discussed the territorial scope provision (section 3) and concluded that it can give rise to interpretative uncertainties with the result that personal information processed by responsible parties outside the Republic would not be covered by the Act. However, responsible parties often move their processing activities out of the country to escape liability. This part of the article analyses the data transfer provision (section 72), a provision that is directed at the regulation of the transfer of data outside the Republic. Section 72 lays down certain conditions before a responsible party can export data out of the Republic to a third party. The discussion will show that the provision has certain shortcomings which could limit its effectiveness in providing the necessary protection if compared to its counterpart in the EU General Data Protection Regulation (GDPR). Consequently, legislative revision or clarification by the Information Regulator in the form of a Guidance Note would be welcomed. The article concludes with a brief analysis of the interplay between sections 3 and 72 to illustrate the need for both these provisions in our law. https://perjournal.co.za/article/view/15234POPIA/POPIpersonal informationcross-border data transferssection 72 POPIA |
| spellingShingle | Juana Coetzee Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision Potchefstroom Electronic Law Journal POPIA/POPI personal information cross-border data transfers section 72 POPIA |
| title | Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision |
| title_full | Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision |
| title_fullStr | Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision |
| title_full_unstemmed | Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision |
| title_short | Cross-Border Data Flows and the Protection of Personal Information Act 4 of 2013 – Part II: The Data Transfer Provision |
| title_sort | cross border data flows and the protection of personal information act 4 of 2013 part ii the data transfer provision |
| topic | POPIA/POPI personal information cross-border data transfers section 72 POPIA |
| url | https://perjournal.co.za/article/view/15234 |
| work_keys_str_mv | AT juanacoetzee crossborderdataflowsandtheprotectionofpersonalinformationact4of2013partiithedatatransferprovision |